keycloak-uncached
Changes
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServlet.java 15(+14 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java 133(+73 -60)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/UseServletFilter.java 20(+20 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java 55(+42 -13)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SAMLFilterDependency.java 87(+87 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java 54(+54 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java 61(+37 -24)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/jboss-deployment-structure.xml 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml 7(+1 -6)
testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPSAMLFilterAdapterTest.java 12(+12 -0)
testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6SAMLFilterAdapterTest.java 12(+12 -0)
testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflySAMLFilterAdapterTest.java 11(+11 -0)
Details
diff --git a/testsuite/integration-arquillian/pom.xml b/testsuite/integration-arquillian/pom.xml
index f1bc7e9..dbbaaf4 100644
--- a/testsuite/integration-arquillian/pom.xml
+++ b/testsuite/integration-arquillian/pom.xml
@@ -70,6 +70,11 @@
<scope>import</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.shrinkwrap.resolver</groupId>
+ <artifactId>shrinkwrap-resolver-impl-maven</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.jboss.arquillian.extension</groupId>
<artifactId>arquillian-drone-bom</artifactId>
<version>${arquillian-drone.version}</version>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java
index e85d43e..163d3f1 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class BadClientSalesPostSigServlet extends SAMLServletWithLogout {
+public class BadClientSalesPostSigServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "bad-client-sales-post-sig";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java
index 08fd844..f4dcc0c 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class BadRealmSalesPostSigServlet extends SAMLServletWithLogout {
+public class BadRealmSalesPostSigServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "bad-realm-sales-post-sig";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java
index 391c122..4257c2f 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class Employee2Servlet extends SAMLServletWithLogout {
+public class Employee2Servlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "employee2";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java
index ec21b58..0e7886c 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class EmployeeSigFrontServlet extends SAMLServletWithLogout {
+public class EmployeeSigFrontServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "employee-sig-front";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java
index 24d92d0..910ef46 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class EmployeeSigServlet extends SAMLServletWithLogout {
+public class EmployeeSigServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "employee-sig";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java
index 730ed2e..93f2043 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesMetadataServlet extends SAMLServletWithLogout {
+public class SalesMetadataServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-metadata";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java
index 892848a..874b1e8 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostEncServlet extends SAMLServletWithLogout {
+public class SalesPostEncServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post-enc";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java
index 47afaae..a5879c0 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostPassiveServlet extends SAMLServletWithLogout {
+public class SalesPostPassiveServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post-passive";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java
index e14acd4..cd9ea11 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostServlet extends SAMLServletWithLogout {
+public class SalesPostServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java
index 789469e..77c68f1 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostSigEmailServlet extends SAMLServletWithLogout {
+public class SalesPostSigEmailServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post-sig-email";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java
index 059202f..5ccb96f 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostSigPersistentServlet extends SAMLServletWithLogout {
+public class SalesPostSigPersistentServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post-sig-persistent";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java
index 77c57f1..b4ab9bb 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostSigServlet extends SAMLServletWithLogout {
+public class SalesPostSigServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post-sig";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java
index 17ca8a8..697ac83 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java
@@ -25,7 +25,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class SalesPostSigTransientServlet extends SAMLServletWithLogout {
+public class SalesPostSigTransientServlet extends SAMLServlet {
public static final String DEPLOYMENT_NAME = "sales-post-sig-transient";
@ArquillianResource
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java
index 6a07594..58feae3 100755
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java
@@ -17,78 +17,91 @@
package org.keycloak.testsuite.adapter.servlet;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+
import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
import java.io.IOException;
-import java.io.OutputStream;
import java.security.Principal;
-import java.util.List;
/**
-* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
-* @version $Revision: 1 $
-*/
-public class SendUsernameServlet extends HttpServlet {
-
- public static Principal sentPrincipal;
- public static List<String> checkRoles;
-
- @Override
- protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- System.out.println("In SendUsername Servlet doGet()");
- if (checkRoles != null) {
- for (String role : checkRoles) {
- System.out.println("check role: " + role);
- //Assert.assertTrue(req.isUserInRole(role));
- if (!req.isUserInRole(role)) {
- resp.sendError(403);
- return;
- }
- }
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @author mhajas
+ * @version $Revision: 1 $
+ */
+@Path("/")
+public class SendUsernameServlet {
+ private static boolean checkRoles = false;
+
+ @Context
+ private HttpServletRequest httpServletRequest;
+
+ @GET
+ @NoCache
+ public Response doGet(@QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+ System.out.println("In SendUsername Servlet doGet() check roles is " + (checkRolesFlag || checkRoles));
+ if (httpServletRequest.getUserPrincipal() != null && (checkRolesFlag || checkRoles) && !checkRoles()) {
+ return Response.status(Response.Status.FORBIDDEN).entity("Forbidden").build();
}
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- stream.write("request-path: ".getBytes());
- stream.write(req.getServletPath().getBytes());
- stream.write("\n".getBytes());
- stream.write("principal=".getBytes());
- if (principal == null) {
- stream.write("null".getBytes());
- return;
- }
- String name = principal.getName();
- stream.write(name.getBytes());
- sentPrincipal = principal;
+ return Response.ok(getOutput(), MediaType.TEXT_PLAIN).build();
}
- @Override
- protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
- System.out.println("In SendUsername Servlet doPost()");
- if (checkRoles != null) {
- for (String role : checkRoles) {
- System.out.println("check role: " + role);
- if (!req.isUserInRole(role)) {
- throw new RuntimeException("User: " + req.getUserPrincipal() + " is not in Role: " + role);
- }
- }
+
+ @POST
+ @NoCache
+ public Response doPost(@QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+ System.out.println("In SendUsername Servlet doPost() check roles is " + (checkRolesFlag || checkRoles));
+
+ if (httpServletRequest.getUserPrincipal() != null && (checkRolesFlag || checkRoles) && !checkRoles()) {
+ throw new RuntimeException("User: " + httpServletRequest.getUserPrincipal() + " do not have required role");
}
- resp.setContentType("text/plain");
- OutputStream stream = resp.getOutputStream();
- Principal principal = req.getUserPrincipal();
- stream.write("request-path: ".getBytes());
- stream.write(req.getServletPath().getBytes());
- stream.write("\n".getBytes());
- stream.write("principal=".getBytes());
+
+ return Response.ok(getOutput(), MediaType.TEXT_PLAIN).build();
+ }
+
+ @GET
+ @Path("{path}")
+ public Response doGetElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+ System.out.println("In SendUsername Servlet doGetElseWhere() - path: " + path);
+ return doGet(checkRolesFlag);
+ }
+
+ @POST
+ @Path("{path}")
+ public Response doPostElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+ System.out.println("In SendUsername Servlet doPostElseWhere() - path: " + path);
+ return doPost(checkRolesFlag);
+ }
+
+ @GET
+ @Path("checkRoles")
+ public String checkRolesEndPoint() {
+ checkRoles = true;
+ System.out.println("Setting checkRoles to true");
+ return "Roles will be checked";
+ }
+
+ private boolean checkRoles() {
+ return httpServletRequest.isUserInRole("manager");
+ }
+
+ private String getOutput() {
+ String output = "request-path: ";
+ output += httpServletRequest.getServletPath();
+ output += "\n";
+ output += "principal=";
+ Principal principal = httpServletRequest.getUserPrincipal();
+
if (principal == null) {
- stream.write("null".getBytes());
- return;
+ return output + "null";
}
- String name = principal.getName();
- stream.write(name.getBytes());
- sentPrincipal = principal;
+
+ return output + principal.getName();
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/UseServletFilter.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/UseServletFilter.java
new file mode 100644
index 0000000..dc0b3f4
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/UseServletFilter.java
@@ -0,0 +1,20 @@
+package org.keycloak.testsuite.arquillian.annotation;
+
+import java.lang.annotation.*;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * @author mhajas
+ */
+@Documented
+@Retention(RUNTIME)
+@Target({ElementType.TYPE})
+@Inherited
+public @interface UseServletFilter {
+
+ String filterName();
+ String filterClass();
+ String filterPattern() default "/*";
+ String dispatcherType() default "";
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
index a63595e..68d7183 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
@@ -25,7 +25,9 @@ import org.jboss.logging.Logger;
import org.jboss.logging.Logger.Level;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.keycloak.representations.adapters.config.AdapterConfig;
+import org.keycloak.testsuite.arquillian.annotation.UseServletFilter;
import org.keycloak.testsuite.util.IOUtil;
import org.keycloak.util.JsonSerialization;
import org.w3c.dom.Document;
@@ -35,11 +37,9 @@ import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
-import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.hasAppServerContainerAnnotation;
-import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.isRelative;
-import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.isTomcatAppServer;
-import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.*;
+import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.*;
+import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.getAuthServerContextRoot;
import static org.keycloak.testsuite.util.IOUtil.*;
;
@@ -125,7 +125,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
adapterConfig.setAuthServerUrl(getAuthServerContextRoot() + "/auth");
adapterConfig.setRealmKey(REALM_KEY);
}
-
+
if ("true".equals(System.getProperty("app.server.ssl.required"))) {
adapterConfig.setSslRequired("all");
}
@@ -155,17 +155,46 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
}
protected void modifyWebXml(Archive<?> archive, TestClass testClass) {
- if (isTomcatAppServer(testClass.getJavaClass())) {
- try {
- String webXmlContent = IOUtils.toString(
- archive.get(WEBXML_PATH).getAsset().openStream());
-
+ try {
+ String webXmlContent = IOUtils.toString(
+ archive.get(WEBXML_PATH).getAsset().openStream());
+ if (isTomcatAppServer(testClass.getJavaClass())) {
webXmlContent = webXmlContent.replace("<auth-method>KEYCLOAK</auth-method>", "<auth-method>BASIC</auth-method>");
+ }
+
+ if (testClass.getJavaClass().isAnnotationPresent(UseServletFilter.class)) {
+ //We need to add filter declaration to web.xml
+ log.info("Adding filter to " + testClass.getAnnotation(UseServletFilter.class).filterClass() + " with mapping " + testClass.getAnnotation(UseServletFilter.class).filterPattern() + " for " + archive.getName());
+ String filter = "\n<filter>\n" +
+ "<filter-name>" + testClass.getAnnotation(UseServletFilter.class).filterName() + "</filter-name>\n" +
+ "<filter-class>" + testClass.getAnnotation(UseServletFilter.class).filterClass() + "</filter-class>\n" +
+ "</filter>\n" +
+ "\n<filter-mapping>\n" +
+ "<filter-name>" + testClass.getAnnotation(UseServletFilter.class).filterName() + "</filter-name>\n" +
+ "<url-pattern>" + testClass.getAnnotation(UseServletFilter.class).filterPattern() + "</url-pattern>\n";
+ if (!testClass.getAnnotation(UseServletFilter.class).dispatcherType().isEmpty()) {
+ filter += "<dispatcher>" + testClass.getAnnotation(UseServletFilter.class).dispatcherType() + "</dispatcher>\n";
+ }
+ filter += "</filter-mapping>\n";
+
+ webXmlContent = webXmlContent.replace("</module-name>", "</module-name> " + filter);
- archive.add(new StringAsset((webXmlContent)), WEBXML_PATH);
- } catch (IOException ex) {
- throw new RuntimeException("Cannot load web.xml from archive.");
+ //Also we need to add all dependencies within war lib directory, because filter needs to work without installed adapter
+ log.info("Adding SAMLFilter dependencies to " + archive.getName());
+ ((WebArchive) archive).addAsLibraries(new SAMLFilterDependency().getDependencies());
+
+
+ //finally we need to remove all keycloak related configuration from web.xml
+ int start = webXmlContent.indexOf("<security-constraint>");
+ int end = webXmlContent.indexOf("</security-role>") + "</security-role>".length();
+
+
+ webXmlContent = webXmlContent.substring(0, start) + webXmlContent.substring(end);
}
+
+ archive.add(new StringAsset((webXmlContent)), WEBXML_PATH);
+ } catch (IOException ex) {
+ throw new RuntimeException("Cannot load web.xml from archive.");
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SAMLFilterDependency.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SAMLFilterDependency.java
new file mode 100644
index 0000000..808a383
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/SAMLFilterDependency.java
@@ -0,0 +1,87 @@
+package org.keycloak.testsuite.arquillian;
+
+import org.jboss.logging.Logger;
+import org.jboss.shrinkwrap.resolver.api.maven.Maven;
+import org.jboss.shrinkwrap.resolver.api.maven.PackagingType;
+import org.jboss.shrinkwrap.resolver.api.maven.ScopeType;
+import org.jboss.shrinkwrap.resolver.api.maven.coordinate.MavenDependency;
+import org.jboss.shrinkwrap.resolver.api.maven.coordinate.MavenDependencyExclusion;
+
+import java.io.File;
+import java.util.Collections;
+import java.util.Set;
+
+/**
+ * @author mhajas
+ */
+public class SAMLFilterDependency implements MavenDependency {
+
+ private static File[] files;
+
+ protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass());
+
+ @Override
+ public Set<MavenDependencyExclusion> getExclusions() {
+ return Collections.EMPTY_SET;
+ }
+
+ @Override
+ public ScopeType getScope() {
+ return ScopeType.COMPILE;
+ }
+
+ @Override
+ public boolean isOptional() {
+ return false;
+ }
+
+ @Override
+ public PackagingType getPackaging() {
+ return PackagingType.JAR;
+ }
+
+ @Override
+ public PackagingType getType() {
+ return PackagingType.JAR;
+ }
+
+ @Override
+ public String getClassifier() {
+ return null;
+ }
+
+ @Override
+ public String getVersion() {
+ return System.getProperty("project.version");
+ }
+
+ @Override
+ public String getGroupId() {
+ return "org.keycloak";
+ }
+
+ @Override
+ public String getArtifactId() {
+ return "keycloak-saml-servlet-filter-adapter";
+ }
+
+ @Override
+ public String toCanonicalForm() {
+ return getGroupId() + ":" + getArtifactId() + ":" + getVersion();
+ }
+
+ private void resolve() {
+ log.info("Resolving SAMLFilter dependencies");
+ files = Maven.configureResolver().addDependency(this)
+ .resolve().withTransitivity().asFile();
+ log.info("Resolving dependencies is finished with " + files.length + " files");
+ }
+
+ public File[] getDependencies() {
+ if (files == null) {
+ resolve();
+ }
+
+ return files;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java
new file mode 100644
index 0000000..0df65a4
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java
@@ -0,0 +1,54 @@
+package org.keycloak.testsuite.adapter.servlet;
+
+import org.junit.After;
+import org.junit.Before;
+import org.keycloak.testsuite.arquillian.annotation.UseServletFilter;
+
+/**
+ * @author mhajas
+ */
+
+@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter")
+public abstract class AbstractSAMLFilterServletAdapterTest extends AbstractSAMLServletsAdapterTest {
+
+ @Before
+ public void checkRoles() {
+ badClientSalesPostSigServletPage.checkRoles(true);
+ badRealmSalesPostSigServletPage.checkRoles(true);
+ employeeSigServletPage.checkRoles(true);
+ employeeSigFrontServletPage.checkRoles(true);
+ salesMetadataServletPage.checkRoles(true);
+ salesPostServletPage.checkRoles(true);
+ salesPostEncServletPage.checkRoles(true);
+ salesPostSigServletPage.checkRoles(true);
+ salesPostPassiveServletPage.checkRoles(true);
+ salesPostSigEmailServletPage.checkRoles(true);
+ salesPostSigPersistentServletPage.checkRoles(true);
+ salesPostSigTransientServletPage.checkRoles(true);
+ employee2ServletPage.navigateTo();
+
+ //using endpoint instead of query param because we are not able to put query param to IDP initiated login
+ testRealmLoginPage.form().login(bburkeUser);
+ employee2ServletPage.checkRolesEndPoint();
+ employee2ServletPage.logout();
+
+ forbiddenIfNotAuthenticated = false;
+ }
+
+ @After
+ public void uncheckRoles() {
+ badClientSalesPostSigServletPage.checkRoles(false);
+ badRealmSalesPostSigServletPage.checkRoles(false);
+ employee2ServletPage.checkRoles(false);
+ employeeSigServletPage.checkRoles(false);
+ employeeSigFrontServletPage.checkRoles(false);
+ salesMetadataServletPage.checkRoles(false);
+ salesPostServletPage.checkRoles(false);
+ salesPostEncServletPage.checkRoles(false);
+ salesPostSigServletPage.checkRoles(false);
+ salesPostPassiveServletPage.checkRoles(false);
+ salesPostSigEmailServletPage.checkRoles(false);
+ salesPostSigPersistentServletPage.checkRoles(false);
+ salesPostSigTransientServletPage.checkRoles(false);
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java
index cef65dc..ddc23b7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java
@@ -50,46 +50,48 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
*/
public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAdapterTest {
@Page
- private BadClientSalesPostSigServlet badClientSalesPostSigServletPage;
+ protected BadClientSalesPostSigServlet badClientSalesPostSigServletPage;
@Page
- private BadRealmSalesPostSigServlet badRealmSalesPostSigServletPage;
+ protected BadRealmSalesPostSigServlet badRealmSalesPostSigServletPage;
@Page
- private Employee2Servlet employee2ServletPage;
+ protected Employee2Servlet employee2ServletPage;
@Page
- private EmployeeSigServlet employeeSigServletPage;
+ protected EmployeeSigServlet employeeSigServletPage;
@Page
- private EmployeeSigFrontServlet employeeSigFrontServletPage;
+ protected EmployeeSigFrontServlet employeeSigFrontServletPage;
@Page
- private SalesMetadataServlet salesMetadataServletPage;
+ protected SalesMetadataServlet salesMetadataServletPage;
@Page
- private SalesPostServlet salesPostServletPage;
+ protected SalesPostServlet salesPostServletPage;
@Page
- private SalesPostEncServlet salesPostEncServletPage;
+ protected SalesPostEncServlet salesPostEncServletPage;
@Page
- private SalesPostPassiveServlet salesPostPassiveServletPage;
+ protected SalesPostPassiveServlet salesPostPassiveServletPage;
@Page
- private SalesPostSigServlet salesPostSigServletPage;
+ protected SalesPostSigServlet salesPostSigServletPage;
@Page
- private SalesPostSigEmailServlet salesPostSigEmailServletPage;
+ protected SalesPostSigEmailServlet salesPostSigEmailServletPage;
@Page
- private SalesPostSigPersistentServlet salesPostSigPersistentServletPage;
+ protected SalesPostSigPersistentServlet salesPostSigPersistentServletPage;
@Page
- private SalesPostSigTransientServlet salesPostSigTransientServletPage;
+ protected SalesPostSigTransientServlet salesPostSigTransientServletPage;
@Page
- private SAMLIDPInitiatedLogin samlidpInitiatedLogin;
+ protected SAMLIDPInitiatedLogin samlidpInitiatedLogin;
+
+ protected boolean forbiddenIfNotAuthenticated = true;
@Deployment(name = BadClientSalesPostSigServlet.DEPLOYMENT_NAME)
protected static WebArchive badClientSalesPostSig() {
@@ -196,7 +198,7 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd
waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
}
- private void testSuccessfulAndUnauthorizedLogin(SAMLServletWithLogout page, Login loginPage) {
+ private void testSuccessfulAndUnauthorizedLogin(SAMLServlet page, Login loginPage) {
assertSuccessfulLogin(page, bburkeUser, loginPage);
page.logout();
assertForbiddenLogin(page, "unauthorized", "password", loginPage);
@@ -223,7 +225,6 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd
assertForbidden(employee2ServletPage);
assertForbidden(employeeSigFrontServletPage);
assertForbidden(salesPostSigPersistentServletPage);
-
salesPostServletPage.logout();
}
@@ -243,8 +244,12 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd
assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
salesPostPassiveServletPage.navigateTo();
- waitUntilElement(By.xpath("//body")).text().not().contains("principal=");
- assertTrue(driver.getPageSource().contains("Forbidden") || driver.getPageSource().contains("<body></body>") || driver.getPageSource().equals(""));
+ if (forbiddenIfNotAuthenticated) {
+ waitUntilElement(By.xpath("//body")).text().not().contains("principal=");
+ assertTrue(driver.getPageSource().contains("Forbidden") || driver.getPageSource().contains("<body></body>") || driver.getPageSource().equals(""));
+ } else {
+ waitUntilElement(By.xpath("//body")).text().contains("principal=null");
+ }
salesPostSigEmailServletPage.navigateTo();
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
@@ -320,9 +325,13 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd
public void salesPostPassiveTest() {
salesPostPassiveServletPage.navigateTo();
- waitUntilElement(By.xpath("//body")).text().not().contains("principal=");
- //Different 403 status page on EAP and Wildfly
- assertTrue(driver.getPageSource().contains("Forbidden") || driver.getPageSource().contains("<body></body>") || driver.getPageSource().equals(""));
+ if (forbiddenIfNotAuthenticated) {
+ waitUntilElement(By.xpath("//body")).text().not().contains("principal=");
+ //Different 403 status page on EAP and Wildfly
+ assertTrue(driver.getPageSource().contains("Forbidden") || driver.getPageSource().contains("<body></body>") || driver.getPageSource().equals(""));
+ } else {
+ waitUntilElement(By.xpath("//body")).text().contains("principal=null");
+ }
assertSuccessfulLogin(salesPostServletPage, bburkeUser, testRealmSAMLPostLoginPage);
@@ -331,9 +340,13 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd
salesPostPassiveServletPage.logout();
salesPostPassiveServletPage.navigateTo();
- waitUntilElement(By.xpath("//body")).text().not().contains("principal=");
- //Different 403 status page on EAP and Wildfly
- assertTrue(driver.getPageSource().contains("Forbidden") || driver.getPageSource().contains("<body></body>") || driver.getPageSource().equals(""));
+ if (forbiddenIfNotAuthenticated) {
+ waitUntilElement(By.xpath("//body")).text().not().contains("principal=");
+ //Different 403 status page on EAP and Wildfly
+ assertTrue(driver.getPageSource().contains("Forbidden") || driver.getPageSource().contains("<body></body>") || driver.getPageSource().equals(""));
+ } else {
+ waitUntilElement(By.xpath("//body")).text().contains("principal=null");
+ }
assertForbiddenLogin(salesPostServletPage, "unauthorized", "password", testRealmSAMLPostLoginPage);
assertForbidden(salesPostPassiveServletPage);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/jboss-deployment-structure.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/jboss-deployment-structure.xml
index 6f4b9c2..6b5322d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/jboss-deployment-structure.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/jboss-deployment-structure.xml
@@ -27,7 +27,7 @@
<module name="org.codehaus.jackson.jackson-mapper-asl" />
<module name="org.bouncycastle" />
<module name="org.jboss.xnio" />
-
+
</dependencies>
</deployment>
</jboss-deployment-structure>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml
index 44aa653..4207f91 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml
@@ -23,13 +23,8 @@
<module-name>%CONTEXT_PATH%</module-name>
- <servlet>
- <servlet-name>Servlet</servlet-name>
- <servlet-class>org.keycloak.testsuite.adapter.servlet.SendUsernameServlet</servlet-class>
- </servlet>
-
<servlet-mapping>
- <servlet-name>Servlet</servlet-name>
+ <servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPSAMLFilterAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPSAMLFilterAdapterTest.java
new file mode 100644
index 0000000..bf739a7
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPSAMLFilterAdapterTest.java
@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractSAMLFilterServletAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.arquillian.annotation.UseServletFilter;
+
+/**
+ * @author mhajas
+ */
+@AppServerContainer("app-server-eap")
+public class EAPSAMLFilterAdapterTest extends AbstractSAMLFilterServletAdapterTest {
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6SAMLFilterAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6SAMLFilterAdapterTest.java
new file mode 100644
index 0000000..627e5f3
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6SAMLFilterAdapterTest.java
@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractSAMLFilterServletAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.arquillian.annotation.UseServletFilter;
+
+/**
+ * @author mhajas
+ */
+@AppServerContainer("app-server-eap6")
+public class EAPSAMLFilterAdapterTest extends AbstractSAMLFilterServletAdapterTest {
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflySAMLFilterAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflySAMLFilterAdapterTest.java
new file mode 100644
index 0000000..d5e837d
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflySAMLFilterAdapterTest.java
@@ -0,0 +1,11 @@
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractSAMLFilterServletAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ * @author mhajas
+ */
+@AppServerContainer("app-server-wildfly")
+public class WildflySAMLFilterAdapterTest extends AbstractSAMLFilterServletAdapterTest {
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9SAMLFilterAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9SAMLFilterAdapterTest.java
new file mode 100644
index 0000000..230cafa
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9SAMLFilterAdapterTest.java
@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractSAMLFilterServletAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.arquillian.annotation.UseServletFilter;
+
+/**
+ * @author mhajas
+ */
+@AppServerContainer("app-server-wildfly9")
+public class Wildfly9SAMLFilterAdapterTest extends AbstractSAMLFilterServletAdapterTest {
+}
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 1489009..0db29a3 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -173,6 +173,7 @@
<browser>${browser}</browser>
<firefox_binary>${firefox_binary}</firefox_binary>
+ <project.version>${project.version}</project.version>
</systemPropertyVariables>
<properties>
<property>