keycloak-uncached
Changes
integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/AbstractKeycloakJettyAuthenticator.java 2(+1 -1)
integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettySessionTokenStore.java 1(+1 -0)
integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java 1(+1 -0)
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java 537(+537 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json 21(+11 -10)
testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json 21(+11 -10)
testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json 21(+11 -10)
testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml 29(+29 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json 10(+10 -0)
testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml 29(+29 -0)
Details
diff --git a/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/AbstractKeycloakJettyAuthenticator.java b/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/AbstractKeycloakJettyAuthenticator.java
index 72f0d0f..3d813e6 100755
--- a/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/AbstractKeycloakJettyAuthenticator.java
+++ b/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/AbstractKeycloakJettyAuthenticator.java
@@ -209,9 +209,9 @@ public abstract class AbstractKeycloakJettyAuthenticator extends LoginAuthentica
if (!mandatory)
return new DeferredAuthentication(this);
AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
-
nodesRegistrationManagement.tryRegister(deployment);
+ tokenStore.checkCurrentToken();
AbstractJettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
diff --git a/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettySessionTokenStore.java b/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettySessionTokenStore.java
index f955633..1f40ee0 100755
--- a/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettySessionTokenStore.java
+++ b/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettySessionTokenStore.java
@@ -48,6 +48,7 @@ public class JettySessionTokenStore implements AdapterTokenStore {
// Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
request.getSession().removeAttribute(KeycloakSecurityContext.class.getName());
+ request.getSession().invalidate();
}
@Override
diff --git a/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java b/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
index e7884b8..13d6835 100755
--- a/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
+++ b/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
@@ -39,6 +39,7 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
super(facade, deployment, tokenStore, request.getConnector().getRedirectPort());
this.valve = valve;
this.request = request;
+ this.principalFactory = principalFactory;
}
@Override
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index 58d0851..6932a81 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -95,246 +95,40 @@ public class AdapterTest {
deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
// Test that replacing system properties works for adapters
+ System.setProperty("app.server.base.url", "http://localhost:8081");
System.setProperty("my.host.name", "localhost");
url = getClass().getResource("/adapter-test/session-keycloak.json");
deployApplication("session-portal", "/session-portal", SessionServlet.class, url.getPath(), "user");
}
};
- private static String createToken() {
- KeycloakSession session = keycloakRule.startSession();
- try {
- RealmManager manager = new RealmManager(session);
-
- RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
- ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
- TokenManager tm = new TokenManager();
- UserModel admin = session.users().getUserByUsername("admin", adminRealm);
- UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
- AccessToken token = tm.createClientAccessToken(TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
- return tm.encodeToken(adminRealm, token);
- } finally {
- keycloakRule.stopSession(session, true);
- }
- }
-
-
@Rule
- public WebRule webRule = new WebRule(this);
-
- @WebResource
- protected WebDriver driver;
-
- @WebResource
- protected OAuthClient oauth;
-
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8081", keycloakRule);
@Test
public void testLoginSSOAndLogout() throws Exception {
- // test login to customer-portal which does a bearer request to customer-db
- driver.navigate().to("http://localhost:8081/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
- // test SSO
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/product-portal");
- pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
-
- // View stats
- String adminToken = createToken();
-
- Client client = ClientBuilder.newClient();
- UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
- WebTarget adminTarget = client.target(AdminRoot.realmsUrl(authBase)).path("demo");
- Map<String, Integer> stats = adminTarget.path("application-session-stats").request()
- .header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken)
- .get(new GenericType<Map<String, Integer>>() {
- });
- Integer custSessionsCount = stats.get("customer-portal");
- Assert.assertNotNull(custSessionsCount);
- Assert.assertTrue(1 == custSessionsCount);
- Integer prodStatsCount = stats.get("product-portal");
- Assert.assertNotNull(prodStatsCount);
- Assert.assertTrue(1 == prodStatsCount);
-
- client.close();
-
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8081/customer-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-
+ testStrategy.testLoginSSOAndLogout();
}
@Test
public void testServletRequestLogout() throws Exception {
- // test login to customer-portal which does a bearer request to customer-db
- driver.navigate().to("http://localhost:8081/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
- // test SSO
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/product-portal");
- pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
-
- // back
- driver.navigate().to("http://localhost:8081/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
- pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
- // test logout
-
- driver.navigate().to("http://localhost:8081/customer-portal/logout");
- Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
-
-
- driver.navigate().to("http://localhost:8081/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-
+ testStrategy.testServletRequestLogout();
}
@Test
public void testLoginSSOIdle() throws Exception {
- // test login to customer-portal which does a bearer request to customer-db
- driver.navigate().to("http://localhost:8081/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
- KeycloakSession session = keycloakRule.startSession();
- RealmModel realm = session.realms().getRealmByName("demo");
- int originalIdle = realm.getSsoSessionIdleTimeout();
- realm.setSsoSessionIdleTimeout(1);
- session.getTransaction().commit();
- session.close();
+ testStrategy.testLoginSSOIdle();
- Thread.sleep(2000);
-
-
- // test SSO
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
- session = keycloakRule.startSession();
- realm = session.realms().getRealmByName("demo");
- realm.setSsoSessionIdleTimeout(originalIdle);
- session.getTransaction().commit();
- session.close();
}
@Test
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
- // test login to customer-portal which does a bearer request to customer-db
- driver.navigate().to("http://localhost:8081/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
- KeycloakSession session = keycloakRule.startSession();
- RealmModel realm = session.realms().getRealmByName("demo");
- int originalIdle = realm.getSsoSessionIdleTimeout();
- realm.setSsoSessionIdleTimeout(1);
- session.getTransaction().commit();
- session.close();
-
- Thread.sleep(2000);
-
- session = keycloakRule.startSession();
- realm = session.realms().getRealmByName("demo");
- session.sessions().removeExpiredUserSessions(realm);
- session.getTransaction().commit();
- session.close();
-
- // test SSO
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
- session = keycloakRule.startSession();
- realm = session.realms().getRealmByName("demo");
- // need to cleanup so other tests don't fail, so invalidate http sessions on remote clients.
- UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
- new ResourceAdminManager().logoutUser(null, realm, user, session);
- realm.setSsoSessionIdleTimeout(originalIdle);
- session.getTransaction().commit();
- session.close();
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
}
@Test
public void testLoginSSOMax() throws Exception {
- // test login to customer-portal which does a bearer request to customer-db
- driver.navigate().to("http://localhost:8081/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
- KeycloakSession session = keycloakRule.startSession();
- RealmModel realm = session.realms().getRealmByName("demo");
- int original = realm.getSsoSessionMaxLifespan();
- realm.setSsoSessionMaxLifespan(1);
- session.getTransaction().commit();
- session.close();
-
- Thread.sleep(2000);
-
-
- // test SSO
- driver.navigate().to("http://localhost:8081/product-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
- session = keycloakRule.startSession();
- realm = session.realms().getRealmByName("demo");
- realm.setSsoSessionMaxLifespan(original);
- session.getTransaction().commit();
- session.close();
+ testStrategy.testLoginSSOMax();
}
/**
@@ -343,16 +137,7 @@ public class AdapterTest {
*/
@Test
public void testNullBearerToken() throws Exception {
- Client client = ClientBuilder.newClient();
- WebTarget target = client.target("http://localhost:8081/customer-db");
- Response response = target.request().get();
- Assert.assertEquals(401, response.getStatus());
- response.close();
- response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
- Assert.assertEquals(401, response.getStatus());
- response.close();
- client.close();
-
+ testStrategy.testNullBearerToken();
}
/**
@@ -361,67 +146,17 @@ public class AdapterTest {
*/
@Test
public void testBadUser() throws Exception {
- Client client = ClientBuilder.newClient();
- UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
- URI uri = OpenIDConnectService.grantAccessTokenUrl(builder).build("demo");
- WebTarget target = client.target(uri);
- String header = BasicAuthHelper.createHeader("customer-portal", "password");
- Form form = new Form();
- form.param("username", "monkey@redhat.com")
- .param("password", "password");
- Response response = target.request()
- .header(HttpHeaders.AUTHORIZATION, header)
- .post(Entity.form(form));
- Assert.assertEquals(400, response.getStatus());
- response.close();
- client.close();
-
+ testStrategy.testBadUser();
}
@Test
public void testVersion() throws Exception {
- Client client = ClientBuilder.newClient();
- WebTarget target = client.target(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT).path("version");
- Version version = target.request().get(Version.class);
- Assert.assertNotNull(version);
- Assert.assertNotNull(version.getVersion());
- Assert.assertNotNull(version.getBuildTime());
- Assert.assertNotEquals(version.getVersion(), Version.UNKNOWN);
- Assert.assertNotEquals(version.getBuildTime(), Version.UNKNOWN);
-
- Version version2 = client.target("http://localhost:8081/secure-portal").path(AdapterConstants.K_VERSION).request().get(Version.class);
- Assert.assertNotNull(version2);
- Assert.assertNotNull(version2.getVersion());
- Assert.assertNotNull(version2.getBuildTime());
- Assert.assertEquals(version.getVersion(), version2.getVersion());
- Assert.assertEquals(version.getBuildTime(), version2.getBuildTime());
- client.close();
-
+ testStrategy.testVersion();
}
-
-
@Test
public void testAuthenticated() throws Exception {
- // test login to customer-portal which does a bearer request to customer-db
- driver.navigate().to("http://localhost:8081/secure-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/secure-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/secure-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8081/secure-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ testStrategy.testAuthenticated();
}
/**
@@ -431,37 +166,7 @@ public class AdapterTest {
*/
@Test
public void testSingleSessionInvalidated() throws Throwable {
- AdapterTest browser1 = this;
- AdapterTest browser2 = new AdapterTest();
-
- loginAndCheckSession(browser1.driver, browser1.loginPage);
-
- // Open browser2
- browser2.webRule.before();
- try {
- loginAndCheckSession(browser2.driver, browser2.loginPage);
-
- // Logout in browser1
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString();
- browser1.driver.navigate().to(logoutUri);
- Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
-
- // Assert that I am logged out in browser1
- browser1.driver.navigate().to("http://localhost:8081/session-portal");
- Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
-
- // Assert that I am still logged in browser2 and same session is still preserved
- browser2.driver.navigate().to("http://localhost:8081/session-portal");
- Assert.assertEquals(browser2.driver.getCurrentUrl(), "http://localhost:8081/session-portal");
- String pageSource = browser2.driver.getPageSource();
- Assert.assertTrue(pageSource.contains("Counter=3"));
-
- browser2.driver.navigate().to(logoutUri);
- Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
- } finally {
- browser2.webRule.after();
- }
+ testStrategy.testSingleSessionInvalidated();
}
/**
@@ -469,65 +174,7 @@ public class AdapterTest {
*/
@Test
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
- final AtomicInteger origTokenLifespan = new AtomicInteger();
-
- // Delete adminUrl and set short accessTokenLifespan
- keycloakRule.update(new KeycloakRule.KeycloakSetup() {
- @Override
- public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
- ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
- sessionPortal.setManagementUrl(null);
-
- origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
- demoRealm.setAccessTokenLifespan(1);
- }
- }, "demo");
-
- // Login
- loginAndCheckSession(driver, loginPage);
-
- // Logout
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
-
- // Wait until accessToken is expired
- Thread.sleep(2000);
-
- // Assert that http session was invalidated
- driver.navigate().to("http://localhost:8081/session-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal");
- String pageSource = driver.getPageSource();
- Assert.assertTrue(pageSource.contains("Counter=1"));
-
- keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-
- @Override
- public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
- ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
- sessionPortal.setManagementUrl("http://localhost:8081/session-portal");
-
- demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
- }
-
- }, "demo");
- }
-
- private static void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
- driver.navigate().to("http://localhost:8081/session-portal");
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal");
- String pageSource = driver.getPageSource();
- Assert.assertTrue(pageSource.contains("Counter=1"));
-
- // Counter increased now
- driver.navigate().to("http://localhost:8081/session-portal");
- pageSource = driver.getPageSource();
- Assert.assertTrue(pageSource.contains("Counter=2"));
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
new file mode 100755
index 0000000..e32ff1f
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
@@ -0,0 +1,537 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.adapter;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExternalResource;
+import org.keycloak.Config;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.Version;
+import org.keycloak.constants.AdapterConstants;
+import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.Constants;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.protocol.oidc.OpenIDConnectService;
+import org.keycloak.protocol.oidc.TokenManager;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.managers.ResourceAdminManager;
+import org.keycloak.services.resources.admin.AdminRoot;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.rule.AbstractKeycloakRule;
+import org.keycloak.testsuite.rule.KeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testsuite.rule.WebRule;
+import org.keycloak.util.BasicAuthHelper;
+import org.openqa.selenium.WebDriver;
+
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.Form;
+import javax.ws.rs.core.GenericType;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import java.net.URI;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicInteger;
+
+/**
+ * Tests Undertow Adapter
+ *
+ * @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
+ */
+public class AdapterTestStrategy extends ExternalResource {
+
+ protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
+ protected String APP_SERVER_BASE_URL = "http://localhost:8081";
+ protected AbstractKeycloakRule keycloakRule;
+ // some servlet containers redirect to root + "/" if you visit root context
+ protected String slash = "";
+
+ public WebRule webRule = new WebRule(this);
+
+ @WebResource
+ protected WebDriver driver;
+
+ @WebResource
+ protected OAuthClient oauth;
+
+ @WebResource
+ protected LoginPage loginPage;
+
+ protected String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
+
+ public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
+ this.AUTH_SERVER_URL = AUTH_SERVER_URL;
+ this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
+ this.keycloakRule = keycloakRule;
+ }
+
+ public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule, boolean addSlash) {
+ this.AUTH_SERVER_URL = AUTH_SERVER_URL;
+ this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
+ this.keycloakRule = keycloakRule;
+ // some servlet containers redirect to root + "/" if you visit root context
+ if (addSlash) slash = "/";
+ }
+
+ @Override
+ protected void before() throws Throwable {
+ super.before();
+ webRule.before();
+ }
+
+ @Override
+ protected void after() {
+ super.after();
+ webRule.after();
+ }
+
+ protected String createAdminToken() {
+ KeycloakSession session = keycloakRule.startSession();
+ try {
+ RealmManager manager = new RealmManager(session);
+
+ RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
+ ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
+ TokenManager tm = new TokenManager();
+ UserModel admin = session.users().getUserByUsername("admin", adminRealm);
+ UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
+ AccessToken token = tm.createClientAccessToken(TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
+ return tm.encodeToken(adminRealm, token);
+ } finally {
+ keycloakRule.stopSession(session, true);
+ }
+ }
+
+ @Test
+ public void testLoginSSOAndLogout() throws Exception {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
+ String pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+ // test SSO
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
+ pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
+
+ // View stats
+ String adminToken = createAdminToken();
+
+ Client client = ClientBuilder.newClient();
+ UriBuilder authBase = UriBuilder.fromUri(AUTH_SERVER_URL);
+ WebTarget adminTarget = client.target(AdminRoot.realmsUrl(authBase)).path("demo");
+ Map<String, Integer> stats = adminTarget.path("application-session-stats").request()
+ .header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken)
+ .get(new GenericType<Map<String, Integer>>() {
+ });
+ Integer custSessionsCount = stats.get("customer-portal");
+ Assert.assertNotNull(custSessionsCount);
+ Assert.assertTrue(1 == custSessionsCount);
+ Integer prodStatsCount = stats.get("product-portal");
+ Assert.assertNotNull(prodStatsCount);
+ Assert.assertTrue(1 == prodStatsCount);
+
+ client.close();
+
+
+ // test logout
+
+ String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
+ .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
+ driver.navigate().to(logoutUri);
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+
+ }
+
+ @Test
+ public void testServletRequestLogout() throws Exception {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
+ String pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+ // test SSO
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
+ pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
+
+ // back
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
+ pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+ // test logout
+
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal/logout");
+ Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
+
+
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ String currentUrl = driver.getCurrentUrl();
+ Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+
+ }
+
+ @Test
+ public void testLoginSSOIdle() throws Exception {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
+ String pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+ KeycloakSession session = keycloakRule.startSession();
+ RealmModel realm = session.realms().getRealmByName("demo");
+ int originalIdle = realm.getSsoSessionIdleTimeout();
+ realm.setSsoSessionIdleTimeout(1);
+ session.getTransaction().commit();
+ session.close();
+
+ Thread.sleep(2000);
+
+
+ // test SSO
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+ session = keycloakRule.startSession();
+ realm = session.realms().getRealmByName("demo");
+ realm.setSsoSessionIdleTimeout(originalIdle);
+ session.getTransaction().commit();
+ session.close();
+ }
+
+ @Test
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
+ String pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+ KeycloakSession session = keycloakRule.startSession();
+ RealmModel realm = session.realms().getRealmByName("demo");
+ int originalIdle = realm.getSsoSessionIdleTimeout();
+ realm.setSsoSessionIdleTimeout(1);
+ session.getTransaction().commit();
+ session.close();
+
+ Thread.sleep(2000);
+
+ session = keycloakRule.startSession();
+ realm = session.realms().getRealmByName("demo");
+ session.sessions().removeExpiredUserSessions(realm);
+ session.getTransaction().commit();
+ session.close();
+
+ // test SSO
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+ session = keycloakRule.startSession();
+ realm = session.realms().getRealmByName("demo");
+ // need to cleanup so other tests don't fail, so invalidate http sessions on remote clients.
+ UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
+ new ResourceAdminManager().logoutUser(null, realm, user, session);
+ realm.setSsoSessionIdleTimeout(originalIdle);
+ session.getTransaction().commit();
+ session.close();
+ }
+
+ @Test
+ public void testLoginSSOMax() throws Exception {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
+ String pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+ KeycloakSession session = keycloakRule.startSession();
+ RealmModel realm = session.realms().getRealmByName("demo");
+ int original = realm.getSsoSessionMaxLifespan();
+ realm.setSsoSessionMaxLifespan(1);
+ session.getTransaction().commit();
+ session.close();
+
+ Thread.sleep(2000);
+
+
+ // test SSO
+ driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+ session = keycloakRule.startSession();
+ realm = session.realms().getRealmByName("demo");
+ realm.setSsoSessionMaxLifespan(original);
+ session.getTransaction().commit();
+ session.close();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ Client client = ClientBuilder.newClient();
+ WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db/");
+ Response response = target.request().get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+ response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+ client.close();
+
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ Client client = ClientBuilder.newClient();
+ UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
+ URI uri = OpenIDConnectService.grantAccessTokenUrl(builder).build("demo");
+ WebTarget target = client.target(uri);
+ String header = BasicAuthHelper.createHeader("customer-portal", "password");
+ Form form = new Form();
+ form.param("username", "monkey@redhat.com")
+ .param("password", "password");
+ Response response = target.request()
+ .header(HttpHeaders.AUTHORIZATION, header)
+ .post(Entity.form(form));
+ Assert.assertEquals(400, response.getStatus());
+ response.close();
+ client.close();
+
+ }
+
+ @Test
+ public void testVersion() throws Exception {
+ Client client = ClientBuilder.newClient();
+ WebTarget target = client.target(AUTH_SERVER_URL).path("version");
+ Version version = target.request().get(Version.class);
+ Assert.assertNotNull(version);
+ Assert.assertNotNull(version.getVersion());
+ Assert.assertNotNull(version.getBuildTime());
+ Assert.assertNotEquals(version.getVersion(), Version.UNKNOWN);
+ Assert.assertNotEquals(version.getBuildTime(), Version.UNKNOWN);
+
+ Version version2 = client.target(APP_SERVER_BASE_URL + "/secure-portal").path(AdapterConstants.K_VERSION).request().get(Version.class);
+ Assert.assertNotNull(version2);
+ Assert.assertNotNull(version2.getVersion());
+ Assert.assertNotNull(version2.getBuildTime());
+ Assert.assertEquals(version.getVersion(), version2.getVersion());
+ Assert.assertEquals(version.getBuildTime(), version2.getBuildTime());
+ client.close();
+
+ }
+
+
+
+ @Test
+ public void testAuthenticated() throws Exception {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(APP_SERVER_BASE_URL + "/secure-portal");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/secure-portal" + slash);
+ String pageSource = driver.getPageSource();
+ System.out.println(pageSource);
+ Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+ // test logout
+
+ String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
+ .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/secure-portal").build("demo").toString();
+ driver.navigate().to(logoutUri);
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ driver.navigate().to(APP_SERVER_BASE_URL + "/secure-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ }
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
+ @Test
+ public void testSingleSessionInvalidated() throws Throwable {
+ AdapterTestStrategy browser1 = this;
+ AdapterTestStrategy browser2 = new AdapterTestStrategy(AUTH_SERVER_URL, APP_SERVER_BASE_URL, keycloakRule);
+
+ loginAndCheckSession(browser1.driver, browser1.loginPage);
+
+ // Open browser2
+ browser2.webRule.before();
+ try {
+ loginAndCheckSession(browser2.driver, browser2.loginPage);
+
+ // Logout in browser1
+ String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
+ .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
+ browser1.driver.navigate().to(logoutUri);
+ Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+ // Assert that I am logged out in browser1
+ browser1.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
+ Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+ // Assert that I am still logged in browser2 and same session is still preserved
+ browser2.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
+ Assert.assertEquals(browser2.driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
+ String pageSource = browser2.driver.getPageSource();
+ Assert.assertTrue(pageSource.contains("Counter=3"));
+
+ browser2.driver.navigate().to(logoutUri);
+ Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
+ } finally {
+ browser2.webRule.after();
+ }
+ }
+
+ /**
+ * KEYCLOAK-741
+ */
+ @Test
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ final AtomicInteger origTokenLifespan = new AtomicInteger();
+
+ // Delete adminUrl and set short accessTokenLifespan
+ keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
+ ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
+ sessionPortal.setManagementUrl(null);
+
+ origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
+ demoRealm.setAccessTokenLifespan(1);
+ }
+ }, "demo");
+
+ // Login
+ loginAndCheckSession(driver, loginPage);
+
+ // Logout
+ String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
+ .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
+ driver.navigate().to(logoutUri);
+
+ // Wait until accessToken is expired
+ Thread.sleep(2000);
+
+ // Assert that http session was invalidated
+ driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
+ String currentUrl = driver.getCurrentUrl();
+ Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
+ String pageSource = driver.getPageSource();
+ Assert.assertTrue(pageSource.contains("Counter=1"));
+
+ keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
+ ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
+ sessionPortal.setManagementUrl(APP_SERVER_BASE_URL + "/session-portal");
+
+ demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
+ }
+
+ }, "demo");
+ }
+
+ protected void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
+ driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
+ String currentUrl = driver.getCurrentUrl();
+ Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
+ String pageSource = driver.getPageSource();
+ Assert.assertTrue(pageSource.contains("Counter=1"));
+
+ // Counter increased now
+ driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
+ pageSource = driver.getPageSource();
+ Assert.assertTrue(pageSource.contains("Counter=2"));
+
+ }
+
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java
index 8a57d2f..e7feeb9 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java
@@ -39,7 +39,8 @@ public class CustomerServlet extends HttpServlet {
Client client = ClientBuilder.newClient();
try {
- WebTarget target = client.target("http://localhost:8081/customer-db");
+ String appBase = System.getProperty("app.server.base.url", "http://localhost:8081");
+ WebTarget target = client.target(appBase + "/customer-db/");
Response response = target.request().get();
Assert.assertEquals(401, response.getStatus());
response.close();
diff --git a/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty9Test.java b/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty9Test.java
index 8995fa9..40da8ed 100755
--- a/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty9Test.java
+++ b/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty9Test.java
@@ -46,6 +46,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -58,109 +59,48 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
+import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
+import java.net.URL;
import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Jetty9Test {
- static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
-
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/jetty-test/demorealm.json"), RealmRepresentation.class);
+ RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
- }
- };
-
- public static class SendUsernameServlet extends HttpServlet {
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- if (req.getPathInfo().endsWith("logout")) {
- req.logout();
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- stream.write("logout".getBytes());
- return;
-
- }
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- stream.write("\n".getBytes());
- KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
- stream.write(context.getIdToken().getName().getBytes());
- stream.write("\n".getBytes());
- stream.write(logoutUri.getBytes());
-
- }
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- doGet(req, resp);
}
- }
+ };
public static Server server = null;
- protected static WebAppContext appContext = null;
-
-
- protected static void deploySP() throws Exception {
- appContext = new WebAppContext();
- appContext.setResourceBase(Jetty9Test.class.getClassLoader().getResource("jetty-test/webapp").toExternalForm());
- appContext.setContextPath("/customer-portal");
- appContext.setParentLoaderPriority(true);
-
- appContext.addServlet(new ServletHolder(new SendUsernameServlet()), "/*");
-
-
- ConstraintSecurityHandler securityHandler = formHandler();
-
- AbstractKeycloakJettyAuthenticator authenticator = new KeycloakJettyAuthenticator();
- securityHandler.setAuthenticator(authenticator);
-
- appContext.setSecurityHandler(securityHandler);
- }
-
- private static ConstraintSecurityHandler formHandler() {
- Constraint constraint = new Constraint();
- constraint.setName(Constraint.__FORM_AUTH);
- ;
- constraint.setRoles(new String[] { "user", "admin" });
- constraint.setAuthenticate(true);
-
- ConstraintMapping constraintMapping = new ConstraintMapping();
- constraintMapping.setConstraint(constraint);
- constraintMapping.setPathSpec("/*");
-
- ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
- securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
-
- HashLoginService loginService = new HashLoginService();
- securityHandler.setLoginService(loginService);
- return securityHandler;
- }
-
@BeforeClass
public static void initJetty() throws Exception {
- server = new Server(8080);
+ server = new Server(8082);
+ List<Handler> list = new ArrayList<Handler>();
+ System.setProperty("app.server.base.url", "http://localhost:8082");
+ System.setProperty("my.host.name", "localhost");
+ URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
+ File base = new File(dir.getFile()).getParentFile();
+ list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
+ list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
+ list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
+ list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
+ list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
+
- deploySP();
HandlerCollection handlers = new HandlerCollection();
- handlers.setHandlers(new Handler[] { appContext });
+ handlers.setHandlers(list.toArray(new Handler[list.size()]));
server.setHandler(handlers);
server.start();
@@ -175,55 +115,73 @@ public class Jetty9Test {
}
@Rule
- public WebRule webRule = new WebRule(this);
- @WebResource
- protected WebDriver driver;
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
- public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testLoginSSOAndLogout() throws Exception {
- driver.navigate().to("http://localhost:8080/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8080/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
-
- // test servletRequest.logout()
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
- pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
- driver.navigate().to("http://localhost:8080/customer-portal/logout");
- pageSource = driver.getPageSource();
- Assert.assertTrue(pageSource.contains("logout"));
- driver.navigate().to("http://localhost:8080/customer-portal");
- currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ testStrategy.testLoginSSOAndLogout();
+ }
+
+ @Test
+ public void testServletRequestLogout() throws Exception {
+ testStrategy.testServletRequestLogout();
+ }
+
+ @Test
+ public void testLoginSSOIdle() throws Exception {
+ testStrategy.testLoginSSOIdle();
+
+ }
+
+ @Test
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
+ }
+
+ @Test
+ public void testLoginSSOMax() throws Exception {
+ testStrategy.testLoginSSOMax();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ testStrategy.testNullBearerToken();
+ }
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ testStrategy.testBadUser();
+ }
+ @Test
+ public void testVersion() throws Exception {
+ testStrategy.testVersion();
}
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
@Test
- @Ignore
- public void runit() throws Exception {
- Thread.sleep(10000000);
+ public void testSingleSessionInvalidated() throws Throwable {
+ testStrategy.testSingleSessionInvalidated();
}
-}
+
+ /**
+ * KEYCLOAK-741
+ */
+ @Test
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
+
+ }}
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
new file mode 100755
index 0000000..285b047
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
@@ -0,0 +1,9 @@
+{
+ "realm" : "demo",
+ "resource" : "customer-db",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "ssl-required" : "external",
+ "bearer-only" : true,
+ "enable-cors" : true
+
+}
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..3cfd478
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..f235440
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..dd38f24
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "secure-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8080/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..75de1e3
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..6a7f60b
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "session-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..2c81890
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java b/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java
index 8995fa9..528a2e0 100755
--- a/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java
+++ b/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java
@@ -46,6 +46,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -58,109 +59,48 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
+import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
+import java.net.URL;
import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Jetty9Test {
- static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
-
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/jetty-test/demorealm.json"), RealmRepresentation.class);
+ RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
- }
- };
-
- public static class SendUsernameServlet extends HttpServlet {
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- if (req.getPathInfo().endsWith("logout")) {
- req.logout();
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- stream.write("logout".getBytes());
- return;
-
- }
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- stream.write("\n".getBytes());
- KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
- stream.write(context.getIdToken().getName().getBytes());
- stream.write("\n".getBytes());
- stream.write(logoutUri.getBytes());
-
- }
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- doGet(req, resp);
}
- }
+ };
public static Server server = null;
- protected static WebAppContext appContext = null;
-
-
- protected static void deploySP() throws Exception {
- appContext = new WebAppContext();
- appContext.setResourceBase(Jetty9Test.class.getClassLoader().getResource("jetty-test/webapp").toExternalForm());
- appContext.setContextPath("/customer-portal");
- appContext.setParentLoaderPriority(true);
-
- appContext.addServlet(new ServletHolder(new SendUsernameServlet()), "/*");
-
-
- ConstraintSecurityHandler securityHandler = formHandler();
-
- AbstractKeycloakJettyAuthenticator authenticator = new KeycloakJettyAuthenticator();
- securityHandler.setAuthenticator(authenticator);
-
- appContext.setSecurityHandler(securityHandler);
- }
-
- private static ConstraintSecurityHandler formHandler() {
- Constraint constraint = new Constraint();
- constraint.setName(Constraint.__FORM_AUTH);
- ;
- constraint.setRoles(new String[] { "user", "admin" });
- constraint.setAuthenticate(true);
-
- ConstraintMapping constraintMapping = new ConstraintMapping();
- constraintMapping.setConstraint(constraint);
- constraintMapping.setPathSpec("/*");
-
- ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
- securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
-
- HashLoginService loginService = new HashLoginService();
- securityHandler.setLoginService(loginService);
- return securityHandler;
- }
-
@BeforeClass
public static void initJetty() throws Exception {
- server = new Server(8080);
+ server = new Server(8082);
+ List<Handler> list = new ArrayList<Handler>();
+ System.setProperty("app.server.base.url", "http://localhost:8082");
+ System.setProperty("my.host.name", "localhost");
+ URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
+ File base = new File(dir.getFile()).getParentFile();
+ list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
+ list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
+ list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
+ list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
+ list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
+
- deploySP();
HandlerCollection handlers = new HandlerCollection();
- handlers.setHandlers(new Handler[] { appContext });
+ handlers.setHandlers(list.toArray(new Handler[list.size()]));
server.setHandler(handlers);
server.start();
@@ -175,55 +115,74 @@ public class Jetty9Test {
}
@Rule
- public WebRule webRule = new WebRule(this);
- @WebResource
- protected WebDriver driver;
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
- public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testLoginSSOAndLogout() throws Exception {
- driver.navigate().to("http://localhost:8080/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8080/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
-
- // test servletRequest.logout()
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
- pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
- driver.navigate().to("http://localhost:8080/customer-portal/logout");
- pageSource = driver.getPageSource();
- Assert.assertTrue(pageSource.contains("logout"));
- driver.navigate().to("http://localhost:8080/customer-portal");
- currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ testStrategy.testLoginSSOAndLogout();
+ }
+ @Test
+ public void testServletRequestLogout() throws Exception {
+ testStrategy.testServletRequestLogout();
+ }
+
+ @Test
+ public void testLoginSSOIdle() throws Exception {
+ testStrategy.testLoginSSOIdle();
+
+ }
+
+ @Test
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
+ }
+
+ @Test
+ public void testLoginSSOMax() throws Exception {
+ testStrategy.testLoginSSOMax();
+ }
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ testStrategy.testNullBearerToken();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ testStrategy.testBadUser();
+ }
+
+ @Test
+ public void testVersion() throws Exception {
+ testStrategy.testVersion();
+ }
+
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
+ @Test
+ public void testSingleSessionInvalidated() throws Throwable {
+ testStrategy.testSingleSessionInvalidated();
}
+ /**
+ * KEYCLOAK-741
+ */
@Test
- @Ignore
- public void runit() throws Exception {
- Thread.sleep(10000000);
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
+
}
}
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
new file mode 100755
index 0000000..285b047
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
@@ -0,0 +1,9 @@
+{
+ "realm" : "demo",
+ "resource" : "customer-db",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "ssl-required" : "external",
+ "bearer-only" : true,
+ "enable-cors" : true
+
+}
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
new file mode 100755
index 0000000..ef10b71
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..19acca0
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..3cfd478
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..f235440
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..dd38f24
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "secure-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8080/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..75de1e3
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..6a7f60b
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "session-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..2c81890
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java b/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java
index 8995fa9..528a2e0 100755
--- a/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java
+++ b/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java
@@ -46,6 +46,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -58,109 +59,48 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
+import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
+import java.net.URL;
import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Jetty9Test {
- static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
-
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/jetty-test/demorealm.json"), RealmRepresentation.class);
+ RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
- }
- };
-
- public static class SendUsernameServlet extends HttpServlet {
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- if (req.getPathInfo().endsWith("logout")) {
- req.logout();
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- stream.write("logout".getBytes());
- return;
-
- }
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- stream.write("\n".getBytes());
- KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
- stream.write(context.getIdToken().getName().getBytes());
- stream.write("\n".getBytes());
- stream.write(logoutUri.getBytes());
-
- }
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- doGet(req, resp);
}
- }
+ };
public static Server server = null;
- protected static WebAppContext appContext = null;
-
-
- protected static void deploySP() throws Exception {
- appContext = new WebAppContext();
- appContext.setResourceBase(Jetty9Test.class.getClassLoader().getResource("jetty-test/webapp").toExternalForm());
- appContext.setContextPath("/customer-portal");
- appContext.setParentLoaderPriority(true);
-
- appContext.addServlet(new ServletHolder(new SendUsernameServlet()), "/*");
-
-
- ConstraintSecurityHandler securityHandler = formHandler();
-
- AbstractKeycloakJettyAuthenticator authenticator = new KeycloakJettyAuthenticator();
- securityHandler.setAuthenticator(authenticator);
-
- appContext.setSecurityHandler(securityHandler);
- }
-
- private static ConstraintSecurityHandler formHandler() {
- Constraint constraint = new Constraint();
- constraint.setName(Constraint.__FORM_AUTH);
- ;
- constraint.setRoles(new String[] { "user", "admin" });
- constraint.setAuthenticate(true);
-
- ConstraintMapping constraintMapping = new ConstraintMapping();
- constraintMapping.setConstraint(constraint);
- constraintMapping.setPathSpec("/*");
-
- ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
- securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
-
- HashLoginService loginService = new HashLoginService();
- securityHandler.setLoginService(loginService);
- return securityHandler;
- }
-
@BeforeClass
public static void initJetty() throws Exception {
- server = new Server(8080);
+ server = new Server(8082);
+ List<Handler> list = new ArrayList<Handler>();
+ System.setProperty("app.server.base.url", "http://localhost:8082");
+ System.setProperty("my.host.name", "localhost");
+ URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
+ File base = new File(dir.getFile()).getParentFile();
+ list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
+ list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
+ list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
+ list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
+ list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
+
- deploySP();
HandlerCollection handlers = new HandlerCollection();
- handlers.setHandlers(new Handler[] { appContext });
+ handlers.setHandlers(list.toArray(new Handler[list.size()]));
server.setHandler(handlers);
server.start();
@@ -175,55 +115,74 @@ public class Jetty9Test {
}
@Rule
- public WebRule webRule = new WebRule(this);
- @WebResource
- protected WebDriver driver;
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
- public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testLoginSSOAndLogout() throws Exception {
- driver.navigate().to("http://localhost:8080/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8080/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
-
- // test servletRequest.logout()
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
- pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
- driver.navigate().to("http://localhost:8080/customer-portal/logout");
- pageSource = driver.getPageSource();
- Assert.assertTrue(pageSource.contains("logout"));
- driver.navigate().to("http://localhost:8080/customer-portal");
- currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ testStrategy.testLoginSSOAndLogout();
+ }
+ @Test
+ public void testServletRequestLogout() throws Exception {
+ testStrategy.testServletRequestLogout();
+ }
+
+ @Test
+ public void testLoginSSOIdle() throws Exception {
+ testStrategy.testLoginSSOIdle();
+
+ }
+
+ @Test
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
+ }
+
+ @Test
+ public void testLoginSSOMax() throws Exception {
+ testStrategy.testLoginSSOMax();
+ }
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ testStrategy.testNullBearerToken();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ testStrategy.testBadUser();
+ }
+
+ @Test
+ public void testVersion() throws Exception {
+ testStrategy.testVersion();
+ }
+
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
+ @Test
+ public void testSingleSessionInvalidated() throws Throwable {
+ testStrategy.testSingleSessionInvalidated();
}
+ /**
+ * KEYCLOAK-741
+ */
@Test
- @Ignore
- public void runit() throws Exception {
- Thread.sleep(10000000);
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
+
}
}
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
new file mode 100755
index 0000000..285b047
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
@@ -0,0 +1,9 @@
+{
+ "realm" : "demo",
+ "resource" : "customer-db",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "ssl-required" : "external",
+ "bearer-only" : true,
+ "enable-cors" : true
+
+}
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
new file mode 100755
index 0000000..ef10b71
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..19acca0
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..3cfd478
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..f235440
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..dd38f24
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "secure-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8080/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..75de1e3
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8081/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json b/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..6a7f60b
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "session-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..2c81890
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatServer.java b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatServer.java
index bae08e2..c18aeae 100755
--- a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatServer.java
+++ b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatServer.java
@@ -17,6 +17,7 @@ public class TomcatServer {
private static final Logger LOG = LoggerFactory.getLogger(TomcatServer.class);
private static final boolean isInfo = LOG.isInfoEnabled();
+ private final Host host;
/**
@@ -33,20 +34,11 @@ public class TomcatServer {
* </Server></pre>
* <Server> & <Service> will be created automcatically. We need to hook the remaining to an {@link Embedded} instnace
*
- * @param contextPath Context path for the application
* @param port Port number to be used for the embedded Tomcat server
* @param appBase Path to the Application files (for Maven based web apps, in general: <code>/src/main/</code>)
- * @param shutdownHook If true, registers a server' shutdown hook with JVM. This is useful to shutdown the server
- * in erroneous cases.
* @throws Exception
*/
- public TomcatServer(String contextPath, int port, String appBase, boolean shutdownHook) {
- if (contextPath == null || appBase == null || appBase.length() == 0) {
- throw new IllegalArgumentException("Context path or appbase should not be null");
- }
- if (!contextPath.startsWith("/")) {
- contextPath = "/" + contextPath;
- }
+ public TomcatServer(int port, String appBase) {
this.port = port;
@@ -54,44 +46,24 @@ public class TomcatServer {
server.setName("TomcatEmbeddedServer");
server.setCatalinaBase(TomcatTest.getBaseDirectory());
- Host localHost = server.createHost("localhost", appBase);
- localHost.setAutoDeploy(false);
+ host = server.createHost("localhost", appBase);
+ host.setAutoDeploy(false);
+
+ }
- StandardContext rootContext = (StandardContext) server.createContext(contextPath, "webapp");
+ public void deploy(String contextPath, String appDir) {
+ if (contextPath == null) {
+ throw new IllegalArgumentException("Context path or appbase should not be null");
+ }
+ if (!contextPath.startsWith("/")) {
+ contextPath = "/" + contextPath;
+ }
+ StandardContext rootContext = (StandardContext) server.createContext(contextPath, appDir);
KeycloakAuthenticatorValve valve = new KeycloakAuthenticatorValve();
rootContext.addValve(valve);
//rootContext.addLifecycleListener(valve);
rootContext.setDefaultWebXml("web.xml");
- localHost.addChild(rootContext);
-
- Engine engine = server.createEngine();
- engine.setDefaultHost(localHost.getName());
- engine.setName("TomcatEngine");
- engine.addChild(localHost);
-
- server.addEngine(engine);
-
- Connector connector = server.createConnector(localHost.getName(), port, false);
- server.addConnector(connector);
-
- // register shutdown hook
- if (shutdownHook) {
- Runtime.getRuntime().addShutdownHook(new Thread() {
- public void run() {
- if (isRunning) {
- if (isInfo) LOG.info("Stopping the Tomcat server, through shutdown hook");
- try {
- if (server != null) {
- server.stop();
- }
- } catch (LifecycleException e) {
- LOG.error("Error while stopping the Tomcat server, through shutdown hook", e);
- }
- }
- }
- });
- }
-
+ host.addChild(rootContext);
}
/**
@@ -103,6 +75,16 @@ public class TomcatServer {
return;
}
+ Engine engine = server.createEngine();
+ engine.setDefaultHost(host.getName());
+ engine.setName("TomcatEngine");
+ engine.addChild(host);
+
+ server.addEngine(engine);
+
+ Connector connector = server.createConnector(host.getName(), port, false);
+ server.addConnector(connector);
+
if (isInfo) LOG.info("Starting the Tomcat server @ port={}", port);
server.setAwait(true);
diff --git a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
index 915bc2d..4f2a29e 100755
--- a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
+++ b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
@@ -35,6 +35,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -58,51 +59,30 @@ import java.util.regex.Matcher;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class TomcatTest {
- static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
-
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/tomcat-test/demorealm.json"), RealmRepresentation.class);
+ RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
}
};
- public static class SendUsernameServlet extends HttpServlet {
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- stream.write("\n".getBytes());
- KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
- stream.write(context.getIdToken().getName().getBytes());
- stream.write("\n".getBytes());
- stream.write(logoutUri.getBytes());
-
- }
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- doGet(req, resp);
- }
- }
-
static TomcatServer tomcat = null;
@BeforeClass
public static void initTomcat() throws Exception {
- URL dir = TomcatTest.class.getResource("/tomcat-test/webapp/META-INF/context.xml");
- String baseDir = new File(dir.getFile()).getParentFile().getParentFile().getParentFile().toString();
+ URL dir = TomcatTest.class.getResource("/adapter-test/demorealm.json");
+ String baseDir = new File(dir.getFile()).getParentFile().toString();
System.out.println("Tomcat basedir: " + baseDir);
- tomcat = new TomcatServer("/customer-portal", 8080, baseDir, false);
+ tomcat = new TomcatServer(8082, baseDir);
+ System.setProperty("app.server.base.url", "http://localhost:8082");
+ System.setProperty("my.host.name", "localhost");
+ tomcat.deploy("/customer-portal", "customer-portal");
+ tomcat.deploy("/customer-db", "customer-db");
+ tomcat.deploy("/product-portal", "product-portal");
+ tomcat.deploy("/secure-portal", "secure-portal");
+ tomcat.deploy("/session-portal", "session-portal");
tomcat.start();
@@ -115,52 +95,77 @@ public class TomcatTest {
}
@Rule
- public WebRule webRule = new WebRule(this);
- @WebResource
- protected WebDriver driver;
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
- public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
+ @Test
+ public void testLoginSSOAndLogout() throws Exception {
+ testStrategy.testLoginSSOAndLogout();
+ }
- @Ignore
@Test
- public void testServer() throws Exception{
- Thread.sleep(1000000000);
+ public void testServletRequestLogout() throws Exception {
+ // can't test this. Servlet 2.5 doesn't have logout()
+ //testStrategy.testServletRequestLogout();
}
@Test
- public void testLoginSSOAndLogout() throws Exception {
- driver.navigate().to("http://localhost:8080/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- //System.out.println(driver.getPageSource());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8080/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ public void testLoginSSOIdle() throws Exception {
+ testStrategy.testLoginSSOIdle();
+
+ }
+
+ @Test
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
+ }
+ @Test
+ public void testLoginSSOMax() throws Exception {
+ testStrategy.testLoginSSOMax();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ testStrategy.testNullBearerToken();
+ }
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ testStrategy.testBadUser();
+ }
+
+ @Test
+ public void testVersion() throws Exception {
+ testStrategy.testVersion();
}
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
@Test
- @Ignore
- public void runit() throws Exception {
- Thread.sleep(10000000);
+ public void testSingleSessionInvalidated() throws Throwable {
+ testStrategy.testSingleSessionInvalidated();
}
+ /**
+ * KEYCLOAK-741
+ */
+ @Test
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
+
+ }
static String getBaseDirectory() {
String dirPath = null;
@@ -176,12 +181,7 @@ public class TomcatTest {
}
}
}
-
String absolutePath = new File(dirPath).getAbsolutePath();
return absolutePath;
}
-
-
-
-
}
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
new file mode 100755
index 0000000..285b047
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
@@ -0,0 +1,9 @@
+{
+ "realm" : "demo",
+ "resource" : "customer-db",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "ssl-required" : "external",
+ "bearer-only" : true,
+ "enable-cors" : true
+
+}
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
new file mode 100755
index 0000000..ef10b71
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json b/testsuite/tomcat6/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..e9ad987
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json
@@ -0,0 +1,11 @@
+{
+ "realm": "demo",
+ "resource": "customer-portal",
+ "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url": "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "expose-token": true,
+ "credentials": {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..19acca0
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json b/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
new file mode 100755
index 0000000..9359cc9
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
@@ -0,0 +1,141 @@
+{
+ "id": "demo",
+ "realm": "demo",
+ "enabled": true,
+ "accessTokenLifespan": 3000,
+ "accessCodeLifespan": 10,
+ "accessCodeLifespanUserAction": 6000,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "social": false,
+ "passwordCredentialGrantAllowed": true,
+ "updateProfileOnInitialSocialLogin": false,
+ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+ "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "requiredCredentials": [ "password" ],
+ "users" : [
+ {
+ "username" : "bburke@redhat.com",
+ "enabled": true,
+ "email" : "bburke@redhat.com",
+ "firstName": "Bill",
+ "lastName": "Burke",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "user",
+ "description": "User privileges"
+ },
+ {
+ "name": "admin",
+ "description": "Administrator privileges"
+ }
+ ]
+ },
+ "scopeMappings": [
+ {
+ "client": "third-party",
+ "roles": ["user"]
+ },
+ {
+ "client": "customer-portal",
+ "roles": ["user"]
+ },
+ {
+ "client": "product-portal",
+ "roles": ["user"]
+ }
+
+ ],
+ "applications": [
+ {
+ "name": "customer-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/customer-portal",
+ "baseUrl": "http://localhost:8082/customer-portal",
+ "redirectUris": [
+ "http://localhost:8082/customer-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "customer-cookie-portal",
+ "enabled": true,
+ "baseUrl": "http://localhost:8082/customer-cookie-portal",
+ "redirectUris": [
+ "http://localhost:8082/customer-cookie-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "customer-portal-js",
+ "enabled": true,
+ "publicClient": true,
+ "adminUrl": "http://localhost:8082/customer-portal-js",
+ "baseUrl": "http://localhost:8082/customer-portal-js",
+ "redirectUris": [
+ "http://localhost:8080/customer-portal-js/*"
+ ]
+ },
+ {
+ "name": "customer-portal-cli",
+ "enabled": true,
+ "publicClient": true,
+ "redirectUris": [
+ "urn:ietf:wg:oauth:2.0:oob",
+ "http://localhost"
+ ]
+ },
+ {
+ "name": "product-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/product-portal",
+ "baseUrl": "http://localhost:8082/product-portal",
+ "redirectUris": [
+ "http://localhost:8082/product-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "secure-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/secure-portal",
+ "baseUrl": "http://localhost:8082/secure-portal",
+ "redirectUris": [
+ "http://localhost:8082/secure-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "session-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/session-portal",
+ "baseUrl": "http://localhost:8082/session-portal",
+ "redirectUris": [
+ "http://localhost:8082/session-portal/*"
+ ],
+ "secret": "password"
+ }
+ ],
+ "oauthClients": [
+ {
+ "name": "third-party",
+ "enabled": true,
+ "redirectUris": [
+ "http://localhost:8082/oauth-client/*",
+ "http://localhost:8082/oauth-client-cdi/*"
+ ],
+ "secret": "password"
+ }
+ ]
+}
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/META-INF/context.xml b/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json b/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..3cfd478
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..f235440
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/META-INF/context.xml b/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json b/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..dd38f24
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "secure-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8080/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..75de1e3
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/META-INF/context.xml b/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json b/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..6a7f60b
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "session-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..2c81890
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
index 18b1de7..70da95d 100755
--- a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
+++ b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
@@ -36,6 +36,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -59,56 +60,33 @@ import java.util.regex.Matcher;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Tomcat7Test {
- static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
-
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/tomcat-test/demorealm.json"), RealmRepresentation.class);
+ RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
}
};
- public static class SendUsernameServlet extends HttpServlet {
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- stream.write("\n".getBytes());
- KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
- stream.write(context.getIdToken().getName().getBytes());
- stream.write("\n".getBytes());
- stream.write(logoutUri.getBytes());
-
- }
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- doGet(req, resp);
- }
- }
-
static Tomcat tomcat = null;
@BeforeClass
public static void initTomcat() throws Exception {
- URL dir = Tomcat7Test.class.getResource("/tomcat-test/webapp/META-INF/context.xml");
- File webappDir = new File(dir.getFile()).getParentFile().getParentFile();
tomcat = new Tomcat();
String baseDir = getBaseDirectory();
tomcat.setBaseDir(baseDir);
- tomcat.setPort(8080);
-
- tomcat.addWebapp("/customer-portal", webappDir.toString());
- System.out.println("configuring app with basedir: " + webappDir.toString());
+ tomcat.setPort(8082);
+
+ System.setProperty("app.server.base.url", "http://localhost:8082");
+ System.setProperty("my.host.name", "localhost");
+ URL dir = Tomcat7Test.class.getResource("/adapter-test/demorealm.json");
+ File base = new File(dir.getFile()).getParentFile();
+ tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
+ tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
+ tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
+ tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
+ tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
tomcat.start();
//tomcat.getServer().await();
@@ -121,42 +99,75 @@ public class Tomcat7Test {
}
@Rule
- public WebRule webRule = new WebRule(this);
- @WebResource
- protected WebDriver driver;
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
- public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testLoginSSOAndLogout() throws Exception {
- driver.navigate().to("http://localhost:8080/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8080/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ testStrategy.testLoginSSOAndLogout();
+ }
+ @Test
+ public void testServletRequestLogout() throws Exception {
+ testStrategy.testServletRequestLogout();
+ }
+ @Test
+ public void testLoginSSOIdle() throws Exception {
+ testStrategy.testLoginSSOIdle();
+
+ }
+
+ @Test
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
}
@Test
- @Ignore
- public void runit() throws Exception {
- Thread.sleep(10000000);
+ public void testLoginSSOMax() throws Exception {
+ testStrategy.testLoginSSOMax();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ testStrategy.testNullBearerToken();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ testStrategy.testBadUser();
+ }
+
+ @Test
+ public void testVersion() throws Exception {
+ testStrategy.testVersion();
+ }
+
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
+ @Test
+ public void testSingleSessionInvalidated() throws Throwable {
+ testStrategy.testSingleSessionInvalidated();
+ }
+
+ /**
+ * KEYCLOAK-741
+ */
+ @Test
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
+
}
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
new file mode 100755
index 0000000..285b047
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
@@ -0,0 +1,9 @@
+{
+ "realm" : "demo",
+ "resource" : "customer-db",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "ssl-required" : "external",
+ "bearer-only" : true,
+ "enable-cors" : true
+
+}
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
new file mode 100755
index 0000000..ef10b71
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json b/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..e9ad987
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json
@@ -0,0 +1,11 @@
+{
+ "realm": "demo",
+ "resource": "customer-portal",
+ "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url": "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "expose-token": true,
+ "credentials": {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..19acca0
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json b/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
new file mode 100755
index 0000000..9359cc9
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
@@ -0,0 +1,141 @@
+{
+ "id": "demo",
+ "realm": "demo",
+ "enabled": true,
+ "accessTokenLifespan": 3000,
+ "accessCodeLifespan": 10,
+ "accessCodeLifespanUserAction": 6000,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "social": false,
+ "passwordCredentialGrantAllowed": true,
+ "updateProfileOnInitialSocialLogin": false,
+ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+ "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "requiredCredentials": [ "password" ],
+ "users" : [
+ {
+ "username" : "bburke@redhat.com",
+ "enabled": true,
+ "email" : "bburke@redhat.com",
+ "firstName": "Bill",
+ "lastName": "Burke",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "user",
+ "description": "User privileges"
+ },
+ {
+ "name": "admin",
+ "description": "Administrator privileges"
+ }
+ ]
+ },
+ "scopeMappings": [
+ {
+ "client": "third-party",
+ "roles": ["user"]
+ },
+ {
+ "client": "customer-portal",
+ "roles": ["user"]
+ },
+ {
+ "client": "product-portal",
+ "roles": ["user"]
+ }
+
+ ],
+ "applications": [
+ {
+ "name": "customer-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/customer-portal",
+ "baseUrl": "http://localhost:8082/customer-portal",
+ "redirectUris": [
+ "http://localhost:8082/customer-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "customer-cookie-portal",
+ "enabled": true,
+ "baseUrl": "http://localhost:8082/customer-cookie-portal",
+ "redirectUris": [
+ "http://localhost:8082/customer-cookie-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "customer-portal-js",
+ "enabled": true,
+ "publicClient": true,
+ "adminUrl": "http://localhost:8082/customer-portal-js",
+ "baseUrl": "http://localhost:8082/customer-portal-js",
+ "redirectUris": [
+ "http://localhost:8080/customer-portal-js/*"
+ ]
+ },
+ {
+ "name": "customer-portal-cli",
+ "enabled": true,
+ "publicClient": true,
+ "redirectUris": [
+ "urn:ietf:wg:oauth:2.0:oob",
+ "http://localhost"
+ ]
+ },
+ {
+ "name": "product-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/product-portal",
+ "baseUrl": "http://localhost:8082/product-portal",
+ "redirectUris": [
+ "http://localhost:8082/product-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "secure-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/secure-portal",
+ "baseUrl": "http://localhost:8082/secure-portal",
+ "redirectUris": [
+ "http://localhost:8082/secure-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "session-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/session-portal",
+ "baseUrl": "http://localhost:8082/session-portal",
+ "redirectUris": [
+ "http://localhost:8082/session-portal/*"
+ ],
+ "secret": "password"
+ }
+ ],
+ "oauthClients": [
+ {
+ "name": "third-party",
+ "enabled": true,
+ "redirectUris": [
+ "http://localhost:8082/oauth-client/*",
+ "http://localhost:8082/oauth-client-cdi/*"
+ ],
+ "secret": "password"
+ }
+ ]
+}
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json b/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..3cfd478
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..f235440
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json b/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..dd38f24
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "secure-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8080/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..75de1e3
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json b/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..6a7f60b
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "session-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..2c81890
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java b/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
index ec218bb..9ff92d8 100755
--- a/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
+++ b/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
@@ -36,6 +36,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -59,56 +60,33 @@ import java.util.regex.Matcher;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class TomcatTest {
- static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
-
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/tomcat-test/demorealm.json"), RealmRepresentation.class);
+ RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
- }
- };
-
- public static class SendUsernameServlet extends HttpServlet {
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- stream.write("\n".getBytes());
- KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
- stream.write(context.getIdToken().getName().getBytes());
- stream.write("\n".getBytes());
- stream.write(logoutUri.getBytes());
-
- }
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- doGet(req, resp);
}
- }
+ };
static Tomcat tomcat = null;
@BeforeClass
public static void initTomcat() throws Exception {
- URL dir = TomcatTest.class.getResource("/tomcat-test/webapp/META-INF/context.xml");
- File webappDir = new File(dir.getFile()).getParentFile().getParentFile();
tomcat = new Tomcat();
String baseDir = getBaseDirectory();
tomcat.setBaseDir(baseDir);
- tomcat.setPort(8080);
-
- tomcat.addWebapp("/customer-portal", webappDir.toString());
- System.out.println("configuring app with basedir: " + webappDir.toString());
+ tomcat.setPort(8082);
+
+ System.setProperty("app.server.base.url", "http://localhost:8082");
+ System.setProperty("my.host.name", "localhost");
+ URL dir = TomcatTest.class.getResource("/adapter-test/demorealm.json");
+ File base = new File(dir.getFile()).getParentFile();
+ tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
+ tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
+ tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
+ tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
+ tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
tomcat.start();
//tomcat.getServer().await();
@@ -121,44 +99,76 @@ public class TomcatTest {
}
@Rule
- public WebRule webRule = new WebRule(this);
- @WebResource
- protected WebDriver driver;
- @WebResource
- protected LoginPage loginPage;
+ public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
- public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testLoginSSOAndLogout() throws Exception {
- driver.navigate().to("http://localhost:8080/customer-portal");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- loginPage.login("bburke@redhat.com", "password");
- System.out.println("Current url: " + driver.getCurrentUrl());
- Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal");
- String pageSource = driver.getPageSource();
- System.out.println(pageSource);
- Assert.assertTrue(pageSource.contains("Bill Burke"));
-
- // test logout
-
- String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
- .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
- driver.navigate().to(logoutUri);
- Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
- driver.navigate().to("http://localhost:8080/customer-portal");
- String currentUrl = driver.getCurrentUrl();
- Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
+ testStrategy.testLoginSSOAndLogout();
+ }
+ @Test
+ public void testServletRequestLogout() throws Exception {
+ testStrategy.testServletRequestLogout();
+ }
+
+ @Test
+ public void testLoginSSOIdle() throws Exception {
+ testStrategy.testLoginSSOIdle();
}
@Test
- @Ignore
- public void runit() throws Exception {
- Thread.sleep(10000000);
+ public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
+ testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
}
+ @Test
+ public void testLoginSSOMax() throws Exception {
+ testStrategy.testLoginSSOMax();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testNullBearerToken() throws Exception {
+ testStrategy.testNullBearerToken();
+ }
+
+ /**
+ * KEYCLOAK-518
+ * @throws Exception
+ */
+ @Test
+ public void testBadUser() throws Exception {
+ testStrategy.testBadUser();
+ }
+
+ @Test
+ public void testVersion() throws Exception {
+ testStrategy.testVersion();
+ }
+
+
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
+ @Test
+ public void testSingleSessionInvalidated() throws Throwable {
+ testStrategy.testSingleSessionInvalidated();
+ }
+
+ /**
+ * KEYCLOAK-741
+ */
+ @Test
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ testStrategy.testSessionInvalidatedAfterFailedRefresh();
+
+ }
private static String getBaseDirectory() {
String dirPath = null;
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
new file mode 100755
index 0000000..285b047
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json
@@ -0,0 +1,9 @@
+{
+ "realm" : "demo",
+ "resource" : "customer-db",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "ssl-required" : "external",
+ "bearer-only" : true,
+ "enable-cors" : true
+
+}
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
new file mode 100755
index 0000000..ef10b71
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json b/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..e9ad987
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json
@@ -0,0 +1,11 @@
+{
+ "realm": "demo",
+ "resource": "customer-portal",
+ "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url": "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "expose-token": true,
+ "credentials": {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..19acca0
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json b/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json
new file mode 100755
index 0000000..9359cc9
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json
@@ -0,0 +1,141 @@
+{
+ "id": "demo",
+ "realm": "demo",
+ "enabled": true,
+ "accessTokenLifespan": 3000,
+ "accessCodeLifespan": 10,
+ "accessCodeLifespanUserAction": 6000,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "social": false,
+ "passwordCredentialGrantAllowed": true,
+ "updateProfileOnInitialSocialLogin": false,
+ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+ "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "requiredCredentials": [ "password" ],
+ "users" : [
+ {
+ "username" : "bburke@redhat.com",
+ "enabled": true,
+ "email" : "bburke@redhat.com",
+ "firstName": "Bill",
+ "lastName": "Burke",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "user",
+ "description": "User privileges"
+ },
+ {
+ "name": "admin",
+ "description": "Administrator privileges"
+ }
+ ]
+ },
+ "scopeMappings": [
+ {
+ "client": "third-party",
+ "roles": ["user"]
+ },
+ {
+ "client": "customer-portal",
+ "roles": ["user"]
+ },
+ {
+ "client": "product-portal",
+ "roles": ["user"]
+ }
+
+ ],
+ "applications": [
+ {
+ "name": "customer-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/customer-portal",
+ "baseUrl": "http://localhost:8082/customer-portal",
+ "redirectUris": [
+ "http://localhost:8082/customer-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "customer-cookie-portal",
+ "enabled": true,
+ "baseUrl": "http://localhost:8082/customer-cookie-portal",
+ "redirectUris": [
+ "http://localhost:8082/customer-cookie-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "customer-portal-js",
+ "enabled": true,
+ "publicClient": true,
+ "adminUrl": "http://localhost:8082/customer-portal-js",
+ "baseUrl": "http://localhost:8082/customer-portal-js",
+ "redirectUris": [
+ "http://localhost:8080/customer-portal-js/*"
+ ]
+ },
+ {
+ "name": "customer-portal-cli",
+ "enabled": true,
+ "publicClient": true,
+ "redirectUris": [
+ "urn:ietf:wg:oauth:2.0:oob",
+ "http://localhost"
+ ]
+ },
+ {
+ "name": "product-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/product-portal",
+ "baseUrl": "http://localhost:8082/product-portal",
+ "redirectUris": [
+ "http://localhost:8082/product-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "secure-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/secure-portal",
+ "baseUrl": "http://localhost:8082/secure-portal",
+ "redirectUris": [
+ "http://localhost:8082/secure-portal/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "session-portal",
+ "enabled": true,
+ "adminUrl": "http://localhost:8082/session-portal",
+ "baseUrl": "http://localhost:8082/session-portal",
+ "redirectUris": [
+ "http://localhost:8082/session-portal/*"
+ ],
+ "secret": "password"
+ }
+ ],
+ "oauthClients": [
+ {
+ "name": "third-party",
+ "enabled": true,
+ "redirectUris": [
+ "http://localhost:8082/oauth-client/*",
+ "http://localhost:8082/oauth-client-cdi/*"
+ ],
+ "secret": "password"
+ }
+ ]
+}
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json b/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..3cfd478
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..f235440
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json b/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..dd38f24
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "secure-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8080/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..75de1e3
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/secure-portal/WEB-INF/web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/META-INF/context.xml
new file mode 100755
index 0000000..6f24639
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json b/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
new file mode 100755
index 0000000..6a7f60b
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+ "realm" : "demo",
+ "resource" : "session-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8081/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
new file mode 100755
index 0000000..2c81890
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/session-portal/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>adapter-test</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>