keycloak-aplcache
Changes
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java 81(+81 -0)
Details
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java
new file mode 100644
index 0000000..d7056ee
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.pages;
+
+import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
+import org.keycloak.testsuite.auth.page.login.OIDCLogin;
+import org.keycloak.testsuite.util.URLUtils;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public class AppServerWelcomePage extends AppServerContextRoot {
+
+ @Page
+ protected OIDCLogin loginPage;
+
+ @FindBy(xpath = "//a[text() = 'Access Control']")
+ private WebElement accessControlLink;
+
+ @FindBy(xpath = "//a[text() = 'Manage user profile']")
+ private WebElement manageProfileLink;
+
+ @FindBy(xpath = "//div[text() = 'Logout']")
+ private WebElement logoutLink;
+
+ @Override
+ public boolean isCurrent() {
+ return driver.getPageSource().contains("Access Control");
+ }
+
+ public void navigateToConsole() {
+ WaitUtils.pause(2000);
+ URLUtils.navigateToUri(driver, getInjectedUrl().toString() + "/console", true);
+ waitForPageToLoad(driver);
+ }
+
+ public void login(String username, String password) {
+ loginPage.form().waitForLoginButtonPresent();
+ loginPage.form().login(username, password);
+ waitForPageToLoad(driver);
+ }
+
+ public void navigateToAccessControl() {
+ accessControlLink.click();
+ waitForPageToLoad(driver);
+ }
+
+ public void navigateManageProfile() {
+ manageProfileLink.click();
+ waitForPageToLoad(driver);
+ }
+
+ public void logout() {
+ logoutLink.click();
+ waitForPageToLoad(driver);
+ }
+
+ public boolean isLoginPage() {
+ return loginPage.isCurrent();
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json
new file mode 100644
index 0000000..373ca9a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json
@@ -0,0 +1,68 @@
+{
+ "realm": "jboss-infra",
+ "enabled": true,
+ "sslRequired": "external",
+ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+ "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "requiredCredentials": [
+ "password"
+ ],
+ "users": [
+ {
+ "username": "admin",
+ "enabled": true,
+ "email": "admin@admin.com",
+ "firstName": "Admin",
+ "lastName": "Istrator",
+ "credentials": [
+ {
+ "type": "password",
+ "value": "admin"
+ }
+ ],
+ "realmRoles": [
+ "Administrator"
+ ],
+ "clientRoles": {
+ "realm-management": [
+ "realm-admin"
+ ],
+ "account": [
+ "manage-account"
+ ]
+ }
+ }
+ ],
+ "roles": {
+ "realm": [
+ {
+ "name": "Administrator",
+ "description": "Administrator privileges"
+ }
+ ]
+ },
+ "clients": [
+ {
+ "clientId": "wildfly-console",
+ "enabled": true,
+ "adminUrl": "http://localhost:10190",
+ "baseUrl": "http://localhost:10190",
+ "publicClient": true,
+ "redirectUris": [
+ "http://localhost:10190/*"
+ ],
+ "webOrigins": ["http://localhost:10190"]
+ },
+ {
+ "clientId": "wildfly-management",
+ "secret": "secret",
+ "enabled": true,
+ "baseUrl": "/photoz-restful-api",
+ "publicClient": false,
+ "redirectUris": [
+ "/photoz-restful-api/*"
+ ],
+ "webOrigins" : ["*"]
+ }
+ ]
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml
index 3a6e545..061e94e 100644
--- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml
@@ -42,7 +42,7 @@
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-cli</artifactId>
<scope>test</scope>
- <version>2.2.0.Final</version>
+ <version>3.0.0.Beta30</version>
</dependency>
</dependencies>
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyManagementProtectionTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyManagementProtectionTest.java
new file mode 100644
index 0000000..88d4200
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyManagementProtectionTest.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.example.authorization;
+
+import static org.junit.Assert.assertTrue;
+import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+
+import java.util.List;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.adapter.AbstractAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
+import org.keycloak.testsuite.pages.AppServerWelcomePage;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.wildfly.extras.creaper.core.ManagementClient;
+import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
+import org.wildfly.extras.creaper.core.online.OnlineOptions;
+
+/**
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+@AppServerContainer("app-server-wildfly")
+//@AdapterLibsLocationProperty("adapter.libs.wildfly")
+public class WildflyManagementProtectionTest extends AbstractAdapterTest {
+
+ @Page
+ protected AppServerWelcomePage appServerWelcomePage;
+
+ @Page
+ protected AccountUpdateProfilePage accountUpdateProfilePage;
+
+ @Override
+ public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
+ testRealms.add(loadRealm("/wildfly-integration/wildfly-management-realm.json"));
+ }
+
+ @Before
+ public void beforeAuthTest() {
+ super.beforeAuthTest();
+
+ try {
+ OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions
+ .standalone()
+ .hostAndPort("localhost", 10190)
+ .build());
+
+ // Create a realm for both wildfly console and mgmt interface
+ clientWorkerNodeClient.execute("/subsystem=keycloak/realm=jboss-infra:add(auth-server-url=http://localhost:8180/auth,realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB)");
+
+ // Create a secure-deployment in order to protect mgmt interface
+ clientWorkerNodeClient.execute("/subsystem=keycloak/secure-deployment=wildfly-management:add(realm=jboss-infra,resource=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)");
+
+ // Protect HTTP mgmt interface with Keycloak adapter
+ clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)");
+ clientWorkerNodeClient.execute("/subsystem=elytron/http-authentication-factory=keycloak-mgmt-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=wildfly-management,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])");
+ clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=keycloak-mgmt-http-authentication)");
+ clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade, value={enabled=true, sasl-authentication-factory=management-sasl-authentication})");
+
+ // Enable RBAC where roles are obtained from the identity
+ clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)");
+ clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)");
+
+ // Create a secure-server in order to publish the wildfly console configuration via mgmt interface
+ clientWorkerNodeClient.execute("/subsystem=keycloak/secure-server=wildfly-console:add(realm=jboss-infra,resource=wildfly-console,public-client=true)");
+
+ // reload
+ clientWorkerNodeClient.execute("reload");
+ } catch (Exception cause) {
+ throw new RuntimeException("Failed to configure app server", cause);
+ }
+ }
+
+ @Test
+ public void testLogin() throws InterruptedException {
+ appServerWelcomePage.navigateToConsole();
+ appServerWelcomePage.login("admin", "admin");
+ WaitUtils.pause(2000);
+ assertTrue(appServerWelcomePage.isCurrent());
+ }
+
+ @Test
+ public void testUserCanAccessAccountService() throws InterruptedException {
+ appServerWelcomePage.navigateToConsole();
+ appServerWelcomePage.login("admin", "admin");
+ WaitUtils.pause(2000);
+ appServerWelcomePage.navigateToAccessControl();
+ appServerWelcomePage.navigateManageProfile();
+ assertTrue(accountUpdateProfilePage.isCurrent());
+ }
+}