keycloak-aplcache

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index 7bba7c9..b9e4b61 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -83,6 +83,8 @@ public class AdapterTest {
 
             URL url = getClass().getResource("/adapter-test/cust-app-keycloak.json");
             deployApplication("customer-portal", "/customer-portal", CustomerServlet.class, url.getPath(), "user");
+            url = getClass().getResource("/adapter-test/secure-portal-keycloak.json");
+            deployApplication("secure-portal", "/secure-portal", CallAuthenticatedServlet.class, url.getPath(), "user", false);
             url = getClass().getResource("/adapter-test/customer-db-keycloak.json");
             deployApplication("customer-db", "/customer-db", CustomerDatabaseServlet.class, url.getPath(), "user");
             url = getClass().getResource("/adapter-test/product-keycloak.json");
@@ -365,6 +367,29 @@ public class AdapterTest {
 
     }
 
+    @Test
+    public void testAuthenticated() throws Exception {
+        // test login to customer-portal which does a bearer request to customer-db
+        driver.navigate().to("http://localhost:8081/secure-portal");
+        System.out.println("Current url: " + driver.getCurrentUrl());
+        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+        loginPage.login("bburke@redhat.com", "password");
+        System.out.println("Current url: " + driver.getCurrentUrl());
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/secure-portal");
+        String pageSource = driver.getPageSource();
+        System.out.println(pageSource);
+        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
+
+        // test logout
+
+        String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
+                .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/secure-portal").build("demo").toString();
+        driver.navigate().to(logoutUri);
+        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+        driver.navigate().to("http://localhost:8081/secure-portal");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+    }
+
 
 
 }

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java
new file mode 100755
index 0000000..53cba81
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CallAuthenticatedServlet.java
@@ -0,0 +1,39 @@
+package org.keycloak.testsuite.adapter;
+
+import org.junit.Assert;
+import org.keycloak.KeycloakSecurityContext;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class CallAuthenticatedServlet extends HttpServlet {
+    private static final String LINK = "<a href=\"%s\" id=\"%s\">%s</a>";
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        if (!req.authenticate(resp)) {
+            return;
+        }
+
+        KeycloakSecurityContext sc = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
+        Assert.assertNotNull(sc);
+        resp.setContentType("text/html");
+        PrintWriter pw = resp.getWriter();
+        pw.printf("<html><head><title>%s</title></head><body>", "Customer Portal");
+        pw.println("Stian Thorgersen");
+        pw.println("Bill Burke");
+        pw.print("</body></html>");
+        pw.flush();
+
+
+
+    }
+}

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
index da334fa..534505c 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
@@ -104,16 +104,23 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
         deploymentInfo.addServlet(servlet);
         return deploymentInfo;
     }
-
     public void deployApplication(String name, String contextPath, Class<? extends Servlet> servletClass, String adapterConfigPath, String role) {
+        deployApplication(name, contextPath, servletClass, adapterConfigPath, role, true);
+
+    }
+
+    public void deployApplication(String name, String contextPath, Class<? extends Servlet> servletClass, String adapterConfigPath, String role, boolean isConstrained) {
+        String constraintUrl = "/*";
         DeploymentInfo di = createDeploymentInfo(name, contextPath, servletClass);
         di.addInitParameter("keycloak.config.file", adapterConfigPath);
-        SecurityConstraint constraint = new SecurityConstraint();
-        WebResourceCollection collection = new WebResourceCollection();
-        collection.addUrlPattern("/*");
-        constraint.addWebResourceCollection(collection);
-        constraint.addRoleAllowed(role);
-        di.addSecurityConstraint(constraint);
+        if (isConstrained) {
+            SecurityConstraint constraint = new SecurityConstraint();
+            WebResourceCollection collection = new WebResourceCollection();
+            collection.addUrlPattern(constraintUrl);
+            constraint.addWebResourceCollection(collection);
+            constraint.addRoleAllowed(role);
+            di.addSecurityConstraint(constraint);
+        }
         LoginConfig loginConfig = new LoginConfig("KEYCLOAK", "demo");
         di.setLoginConfig(loginConfig);
         server.getServer().deploy(di);

diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
index 1ece402..ed538f2 100755
--- a/testsuite/integration/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
@@ -95,6 +95,16 @@
                 "http://localhost:8081/product-portal/*"
             ],
             "secret": "password"
+        },
+        {
+            "name": "secure-portal",
+            "enabled": true,
+            "adminUrl": "http://localhost:8081/secure-portal",
+            "baseUrl": "http://localhost:8081/secure-portal",
+            "redirectUris": [
+                "http://localhost:8081/secure-portal/*"
+            ],
+            "secret": "password"
         }
     ],
     "oauthClients": [

diff --git a/testsuite/integration/src/test/resources/adapter-test/secure-portal-keycloak.json b/testsuite/integration/src/test/resources/adapter-test/secure-portal-keycloak.json
new file mode 100755
index 0000000..c479feb
--- /dev/null
+++ b/testsuite/integration/src/test/resources/adapter-test/secure-portal-keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "secure-portal",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url" : "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "credentials" : {
+      "secret": "password"
+   }
+}