KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured

This commit is contained in:
mhajas
2020-06-29 09:03:56 +02:00
committed by Hynek Mlnařík
parent 967449f5c6
commit 93149d6b47
43 changed files with 394 additions and 372 deletions

View File

@@ -999,4 +999,11 @@ because this is not UI testing). For debugging purposes you can override the hea
mvn clean install -f testsuite/integration-arquillian/tests/base \
-Pfirefox-strict-cookies \
-Dtest=**.javascript.** \
-Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
-Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
**General adapter tests**
mvn clean install -f testsuite/integration-arquillian/tests/base \
-Pfirefox-strict-cookies \
-Dtest=**.adapter.** \
-Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]

View File

@@ -3,7 +3,7 @@ embed-server --server-config=standalone.xml
/subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \
realm=demo, \
resource=customer-portal-subsystem, \
auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
@@ -13,7 +13,7 @@ embed-server --server-config=standalone.xml
/subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \
realm=demo, \
resource=product-portal-subsystem, \
auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \

View File

@@ -1,7 +1,7 @@
/subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \
realm=demo, \
resource=customer-portal-subsystem, \
auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.http.port:8543}/auth, \
auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.actual.http.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
@@ -11,7 +11,7 @@
/subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \
realm=demo, \
resource=product-portal-subsystem, \
auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.actual.https.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \

View File

@@ -29,8 +29,8 @@
<Connector port="8643" maxThreads="500"
server="Apache"
scheme="https" secure="true" SSLEnabled="true" acceptCount="500"
keystoreFile="conf/adapter.jks" keystorePass="secret"
truststoreFile="conf/keycloak.truststore" truststorePass="secret"/>
keystoreFile="lib/adapter.jks" keystorePass="secret"
truststoreFile="lib/keycloak.truststore" truststorePass="secret"/>
</xsl:copy>
</xsl:template>

View File

@@ -363,7 +363,7 @@
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.tomcat.home}/conf</outputDirectory>
<outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
<resources>
<resource>
<directory>${common.resources}/keystore</directory>

View File

@@ -26,6 +26,11 @@ public class ServerURLs {
public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost");
public static final String AUTH_SERVER_HOST2 = System.getProperty("auth.server.host2", AUTH_SERVER_HOST);
public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280");
public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http";
public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost");
public static String getAuthServerContextRoot() {
return getAuthServerContextRoot(0);
}
@@ -39,14 +44,7 @@ public class ServerURLs {
}
public static String getAppServerContextRoot(int clusterPortOffset) {
String host = System.getProperty("app.server.host", "localhost");
boolean sslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
int port = sslRequired ? parsePort("app.server.https.port") : parsePort("app.server.http.port");
String scheme = sslRequired ? "https" : "http";
return String.format("%s://%s:%s", scheme, host, port + clusterPortOffset);
return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT) + clusterPortOffset));
}
/**

View File

@@ -18,7 +18,8 @@
var module = angular.module('product', []);
function getAuthServerUrl() {
var url = 'https://localhost-auth-127.0.0.1.nip.io:8543';
let authUrl = auth.authz.authServerUrl
var url = authUrl.substring(0, authUrl.length - 5);
return url;
}

View File

@@ -11,7 +11,8 @@
boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
String authScheme = isTLSEnabled ? "https" : "http";
String authUri = authScheme + "://localhost:" + authPort + "/auth";
String authHost = System.getProperty("auth.server.host", "localhost");
String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth";
%>
<h2>Click here <a href="<%= KeycloakUriBuilder.fromUri(authUri).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", redirectUri).build("servlet-authz").toString()%>">Sign Out</a></h2>

View File

@@ -11,7 +11,8 @@
boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
String authScheme = isTLSEnabled ? "https" : "http";
String authUri = authScheme + "://localhost:" + authPort + "/auth";
String authHost = System.getProperty("auth.server.host", "localhost");
String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth";
%>
<h2>Click here <a href="<%= KeycloakUriBuilder.fromUri(authUri).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", redirectUri).build("servlet-policy-enforcer-authz").toString()%>">Sign Out</a></h2>

View File

@@ -18,7 +18,6 @@
package org.keycloak.testsuite.adapter.servlet;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.common.util.UriUtils;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
@@ -53,7 +52,7 @@ public class CustomerServlet extends HttpServlet {
//Clear principal form database-service by calling logout
StringBuilder result = new StringBuilder();
String urlBase = ServletTestUtils.getUrlBase(req);
String urlBase = ServletTestUtils.getUrlBase();
URL url = new URL(urlBase + "/customer-db/");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
@@ -74,7 +73,7 @@ public class CustomerServlet extends HttpServlet {
//try {
String urlBase = ServletTestUtils.getUrlBase(req);
String urlBase = ServletTestUtils.getUrlBase();
// Decide what to call based on the URL suffix
String serviceUrl;
@@ -105,7 +104,6 @@ public class CustomerServlet extends HttpServlet {
// }
}
private String invokeService(String serviceUrl, KeycloakSecurityContext context) throws IOException {
StringBuilder result = new StringBuilder();

View File

@@ -56,13 +56,7 @@ public class CustomerServletNoConf extends HttpServlet {
//try {
StringBuilder result = new StringBuilder();
String urlBase;
if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
urlBase = System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
} else {
urlBase = System.getProperty("app.server.base.url", "http://localhost:8280");
}
String urlBase = ServletTestUtils.getUrlBase();
URL url = new URL(urlBase + "/customer-db/");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();

View File

@@ -37,7 +37,7 @@ public class InputServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String appBase = ServletTestUtils.getUrlBase(req);
String appBase = ServletTestUtils.getUrlBase();
String actionUrl = appBase + "/input-portal/secured/post";
if (req.getRequestURI().endsWith("insecure")) {

View File

@@ -13,22 +13,18 @@ import java.io.IOException;
*/
public class OfflineTokenServlet extends AbstractShowTokensServlet {
private static final String ADAPTER_ROOT_URL = (System.getProperty("auth.server.ssl.required", "false").equals("true")) ?
System.getProperty("auth.server.ssl.base.url", "https://localhost:8543") :
System.getProperty("auth.server.base.url", "http://localhost:8180");
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if (req.getRequestURI().endsWith("logout")) {
UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase(req) + "/offline-client");
UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase() + "/offline-client");
if (req.getParameter(OAuth2Constants.SCOPE) != null) {
redirectUriBuilder.queryParam(OAuth2Constants.SCOPE, req.getParameter(OAuth2Constants.SCOPE));
}
String redirectUri = redirectUriBuilder.build().toString();
String serverLogoutRedirect = UriBuilder.fromUri(ADAPTER_ROOT_URL + "/auth/realms/test/protocol/openid-connect/logout")
String serverLogoutRedirect = UriBuilder.fromUri(ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/test/protocol/openid-connect/logout")
.queryParam("redirect_uri", redirectUri)
.build().toString();

View File

@@ -99,7 +99,7 @@ public class SamlSPFacade extends HttpServlet {
try {
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
SAML2Request samlReq = new SAML2Request();
String appServerUrl = ServletTestUtils.getUrlBase(req) + "/employee/";
String appServerUrl = ServletTestUtils.getUrlBase() + "/employee/";
String authServerUrl = ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/demo/protocol/saml";
AuthnRequestType loginReq;
loginReq = samlReq.createAuthnRequestType(UUID.randomUUID().toString(), appServerUrl, authServerUrl, "http://localhost:8280/employee/");

View File

@@ -17,40 +17,32 @@
package org.keycloak.testsuite.adapter.servlet;
import javax.servlet.http.HttpServletRequest;
import org.keycloak.common.util.UriUtils;
import static java.lang.Integer.parseInt;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ServletTestUtils {
// TODO: Couldn't just always read urlBase from req.getRequestURI() ?
public static String getUrlBase(HttpServletRequest req) {
if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
return System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
}
public static final boolean AUTH_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
public static final String AUTH_SERVER_PORT = AUTH_SERVER_SSL_REQUIRED ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
public static final String AUTH_SERVER_SCHEME = AUTH_SERVER_SSL_REQUIRED ? "https" : "http";
public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost");
String urlBase = System.getProperty("app.server.base.url");
public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280");
public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http";
public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost");
if (urlBase == null) {
String authServer = System.getProperty("auth.server.container", "auth-server-undertow");
if (authServer.contains("undertow")) {
urlBase = UriUtils.getOrigin(req.getRequestURL().toString());
} else {
urlBase = "http://localhost:8280";
}
}
return urlBase;
public static String getUrlBase() {
return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT)));
}
public static String getAuthServerUrlBase() {
if (System.getProperty("auth.server.ssl.required", "false").equals("true")) {
return System.getProperty("auth.server.ssl.base.url", "https://localhost:8543");
}
return removeDefaultPorts(String.format("%s://%s:%s", AUTH_SERVER_SCHEME, AUTH_SERVER_HOST, parseInt(AUTH_SERVER_PORT)));
}
return System.getProperty("auth.server.base.url", "http://localhost:8180");
public static String removeDefaultPorts(String url) {
return url != null ? url.replaceFirst("(.*)(:80)(\\/.*)?$", "$1$3").replaceFirst("(.*)(:443)(\\/.*)?$", "$1$3") : null;
}
}

View File

@@ -854,7 +854,7 @@
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
<app.server.config.dir>${app.server.home}/conf</app.server.config.dir>
<app.server.keystore.dir>${app.server.home}/lib</app.server.keystore.dir>
</properties>
<dependencies>
<dependency>
@@ -888,7 +888,7 @@
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
<app.server.config.dir>${app.server.home}/conf</app.server.config.dir>
<app.server.keystore.dir>${app.server.home}/lib</app.server.keystore.dir>
</properties>
<dependencies>
<dependency>
@@ -922,7 +922,7 @@
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
<app.server.config.dir>${app.server.home}/conf</app.server.config.dir>
<app.server.keystore.dir>${app.server.home}/lib</app.server.keystore.dir>
</properties>
<dependencies>
<dependency>
@@ -982,7 +982,7 @@
<configuration>
<keystore>${app.server.keystore}</keystore>
<storepass>${app.server.keystore.password}</storepass>
<alias>localhost</alias>
<alias>localhost3</alias>
<skip>${app.server.skip.unpack}</skip>
</configuration>
</execution>
@@ -1042,7 +1042,7 @@
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.home}</outputDirectory>
<outputDirectory>${app.server.keystore.dir}</outputDirectory>
<resources>
<resource>
<directory>${dependency.keystore.root}</directory>
@@ -1052,6 +1052,43 @@
<skip>${app.server.skip.unpack}</skip>
</configuration>
</execution>
<execution>
<id>copy-processed-truststore-to-secured-deployment-app-server-config</id>
<phase>process-test-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.home}/standalone-secured-deployments/configuration</outputDirectory>
<resources>
<resource>
<directory>${dependency.keystore.root}</directory>
</resource>
</resources>
<overwrite>true</overwrite>
<skip>${app.server.skip.unpack}</skip>
</configuration>
</execution>
<execution>
<id>copy-processed-keystore-to-secured-deployment-app-server-config</id>
<phase>process-test-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.home}/standalone-secured-deployments/configuration</outputDirectory>
<resources>
<resource>
<directory>${app.server.keystore.dir}</directory>
<includes>
<include>adapter.jks</include>
</includes>
</resource>
</resources>
<overwrite>true</overwrite>
<skip>${app.server.skip.unpack}</skip>
</configuration>
</execution>
</executions>
</plugin>
</plugins>

View File

@@ -27,15 +27,27 @@ import org.jboss.arquillian.core.api.annotation.Observes;
import org.jboss.arquillian.test.spi.event.suite.AfterClass;
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
import org.jboss.logging.Logger;
import org.junit.Assume;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.utils.fuse.FuseUtils;
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
import org.wildfly.extras.creaper.commands.web.AddConnector;
import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig;
import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.ManagementClient;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.ManagementProtocol;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
import org.wildfly.extras.creaper.core.online.operations.Address;
import org.wildfly.extras.creaper.core.online.operations.OperationException;
import org.wildfly.extras.creaper.core.online.operations.Operations;
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
import java.io.IOException;
import java.lang.reflect.Method;
@@ -47,6 +59,7 @@ import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot;
@@ -165,10 +178,14 @@ public class AppServerTestEnricher {
}
public static OnlineManagementClient getManagementClient() {
return getManagementClient(200);
}
public static OnlineManagementClient getManagementClient(int portOffset) {
try {
return ManagementClient.online(OnlineOptions
.standalone()
.hostAndPort(System.getProperty("app.server.host", "localhost"), System.getProperty("app.server","").startsWith("eap6") ? 10199 : 10190)
.hostAndPort(System.getProperty("app.server.host", "localhost"), System.getProperty("app.server","").startsWith("eap6") ? 9999 + portOffset : 9990 + portOffset)
.protocol(System.getProperty("app.server","").startsWith("eap6") ? ManagementProtocol.REMOTE : ManagementProtocol.HTTP_REMOTING)
.build()
);
@@ -198,6 +215,66 @@ public class AppServerTestEnricher {
}
}
public static void enableHTTPSForManagementClient(OnlineManagementClient client) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
}
client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
if (AppServerTestEnricher.isEAP6AppServer()) {
if(!operations.exists(Address.subsystem("web").and("connector", "https"))) {
client.apply(new AddConnector.Builder("https")
.protocol("HTTP/1.1")
.scheme("https")
.socketBinding("https")
.secure(true)
.build());
client.apply(new AddConnectorSslConfig.Builder("https")
.password("secret")
.certificateKeyFile("${jboss.server.config.dir}/adapter.jks")
.build());
String appServerJavaHome = System.getProperty("app.server.java.home", "");
if (appServerJavaHome.contains("ibm")) {
// Workaround for bug in IBM JDK: https://bugzilla.redhat.com/show_bug.cgi?id=1430730
// Source: https://access.redhat.com/solutions/4133531
client.execute("/subsystem=web/connector=https/configuration=ssl:write-attribute(name=cipher-suite, value=\"SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA\")");
}
}
} else {
client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
.forDefaultServer());
administration.reloadIfRequired();
client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
.securityRealm("UndertowRealm")
.build());
}
administration.reloadIfRequired();
}
public static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
try (OnlineManagementClient client = getManagementClient()) {
enableHTTPSForManagementClient(client);
}
}
public static void enableHTTPSForAppServer(int portOffset) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
try (OnlineManagementClient client = AppServerTestEnricher.getManagementClient(portOffset)) {
enableHTTPSForManagementClient(client);
}
}
/*
* For Fuse: precedence = 2 - app server has to be stopped
* before AuthServerTestEnricher.afterClass is executed

View File

@@ -16,6 +16,13 @@
*/
package org.keycloak.testsuite.arquillian.containers;
import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.operations.OperationException;
import java.io.IOException;
import java.util.concurrent.TimeoutException;
/**
* The test implementing the interface is expected to maintain container lifecycle
* itself. No app server container will be started.
@@ -27,7 +34,7 @@ public interface SelfManagedAppContainerLifecycle {
/**
* Should be called @Before
*/
void startServer();
void startServer() throws InterruptedException, IOException, OperationException, TimeoutException, CommandFailedException, CliException;
/**
* Should be called @After

View File

@@ -17,6 +17,7 @@
package org.keycloak.testsuite.arquillian.provider;
import org.apache.http.client.utils.URIBuilder;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.container.test.impl.enricher.resource.URLResourceProvider;
import org.jboss.arquillian.core.api.Instance;
@@ -33,68 +34,44 @@ import org.keycloak.testsuite.arquillian.annotation.AuthServerContext;
import java.lang.annotation.Annotation;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.keycloak.testsuite.arquillian.ContainerInfo;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.URLUtils;
import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_HOST;
import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_PORT;
import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_SCHEME;
public class URLProvider extends URLResourceProvider {
protected final Logger log = Logger.getLogger(this.getClass());
public static final String BOUND_TO_ALL = "0.0.0.0";
public static final String LOCALHOST_ADDRESS = "127.0.0.1";
public static final String LOCALHOST_HOSTNAME = "localhost";
private final boolean appServerSslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
@Inject
Instance<SuiteContext> suiteContext;
@Inject
Instance<TestContext> testContext;
private static final Set<String> fixedUrls = new HashSet<>();
@Override
public Object doLookup(ArquillianResource resource, Annotation... qualifiers) {
URL url = (URL) super.doLookup(resource, qualifiers);
if (url == null) {
String port = appServerSslRequired ?
System.getProperty("app.server.https.port", "8643") :
System.getProperty("app.server.http.port", "8280");
String protocol = appServerSslRequired ? "https" : "http";
String appServerContextRoot = ServerURLs.getAppServerContextRoot();
try {
for (Annotation a : qualifiers) {
if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
return new URL(protocol + "://localhost:" + port + "/" + ((OperateOnDeployment) a).value() + "/");
return new URL(appServerContextRoot + "/" + ((OperateOnDeployment) a).value() + "/");
}
}
} catch (MalformedURLException ex) {
throw new RuntimeException(ex);
}
}
// fix injected URL
if (url != null) {
try {
url = fixLocalhost(url);
url = fixBoundToAll(url);
if (appServerSslRequired) {
url = fixSsl(url);
}
} catch (MalformedURLException ex) {
log.log(Level.FATAL, null, ex);
}
if (!fixedUrls.contains(url.toString())) {
fixedUrls.add(url.toString());
log.debug("Fixed injected @ArquillianResource URL to: " + url);
}
}
// inject context roots if annotation present
for (Annotation a : qualifiers) {
@@ -128,29 +105,19 @@ public class URLProvider extends URLResourceProvider {
}
}
// fix injected URL
if (url != null) {
try {
url = new URIBuilder(url.toURI())
.setScheme(APP_SERVER_SCHEME)
.setHost(APP_SERVER_HOST)
.setPort(Integer.parseInt(APP_SERVER_PORT))
.build().toURL();
} catch (URISyntaxException | MalformedURLException ex) {
throw new RuntimeException(ex);
}
}
return url;
}
public URL fixBoundToAll(URL url) throws MalformedURLException {
URL fixedUrl = url;
if (url.getHost().contains(BOUND_TO_ALL)) {
fixedUrl = new URL(fixedUrl.toExternalForm().replace(BOUND_TO_ALL, LOCALHOST_HOSTNAME));
}
return fixedUrl;
}
public URL fixLocalhost(URL url) throws MalformedURLException {
URL fixedUrl = url;
if (url.getHost().contains(LOCALHOST_ADDRESS)) {
fixedUrl = new URL(fixedUrl.toExternalForm().replace(LOCALHOST_ADDRESS, LOCALHOST_HOSTNAME));
}
return fixedUrl;
}
public URL fixSsl(URL url) throws MalformedURLException {
URL fixedUrl = url;
String urlString = fixedUrl.toExternalForm().replace("http", "https").replace(System.getProperty("app.server.http.port", "8280"), System.getProperty("app.server.https.port", "8643"));
return new URL(urlString);
}
}

View File

@@ -17,6 +17,8 @@
package org.keycloak.testsuite.page;
import org.keycloak.testsuite.util.ServerURLs;
import javax.ws.rs.core.UriBuilder;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
@@ -36,10 +38,7 @@ public abstract class AbstractPageWithInjectedUrl extends AbstractPage {
return null;
}
try {
if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8643") + "/" + url);
};
return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/" + url);
return new URL(ServerURLs.getAppServerContextRoot() + "/" + url);
} catch (MalformedURLException e) {
e.printStackTrace();
}

View File

@@ -54,7 +54,11 @@ public class ContainerAssume {
}
public static void assumeAppServerSSL() {
Assume.assumeTrue("Only works with the SSL configured", APP_SERVER_SSL_REQUIRED);
Assume.assumeTrue("Only works with the SSL configured for app server", APP_SERVER_SSL_REQUIRED);
}
public static void assumeNotAppServerSSL() {
Assume.assumeFalse("Only works with the SSL disabled for app server", APP_SERVER_SSL_REQUIRED);
}
public static void assumeNotAuthServerQuarkus() {

View File

@@ -44,6 +44,8 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.keycloak.testsuite.arquillian.ContainerInfo;
import org.keycloak.testsuite.auth.page.login.LoginActions;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.ServerURLs;
/**
*
@@ -64,8 +66,8 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt
protected static final int HTTP_PORT_NODE_1 = 8080 + PORT_OFFSET_NODE_1;
protected static final int PORT_OFFSET_NODE_2 = NumberUtils.toInt(System.getProperty("app.server.2.port.offset"), -1);
protected static final int HTTP_PORT_NODE_2 = 8080 + PORT_OFFSET_NODE_2;
protected static final URI NODE_1_URI = URI.create("http://localhost:" + HTTP_PORT_NODE_1);
protected static final URI NODE_2_URI = URI.create("http://localhost:" + HTTP_PORT_NODE_2);
protected static final URI NODE_1_URI = URI.create("http://" + ServerURLs.APP_SERVER_HOST + ":" + HTTP_PORT_NODE_1);
protected static final URI NODE_2_URI = URI.create("http://" + ServerURLs.APP_SERVER_HOST + ":" + HTTP_PORT_NODE_2);
protected LoadBalancingProxyClient loadBalancerToNodes;
protected Undertow reverseProxyToNodes;
@@ -84,6 +86,7 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt
Assume.assumeThat(PORT_OFFSET_NODE_1, not(is(-1)));
Assume.assumeThat(PORT_OFFSET_NODE_2, not(is(-1)));
Assume.assumeThat(PORT_OFFSET_NODE_REVPROXY, not(is(-1)));
ContainerAssume.assumeNotAppServerSSL();
}
@Before
@@ -91,7 +94,7 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt
loadBalancerToNodes = new LoadBalancingProxyClient().addHost(NODE_1_URI, NODE_1_NAME).setConnectionsPerThread(10);
int maxTime = 3600000; // 1 hour for proxy request timeout, so we can debug the backend keycloak servers
reverseProxyToNodes = Undertow.builder()
.addHttpListener(HTTP_PORT_NODE_REVPROXY, "localhost")
.addHttpListener(HTTP_PORT_NODE_REVPROXY, ServerURLs.APP_SERVER_HOST)
.setIoThreads(2)
.setHandler(new ProxyHandler(loadBalancerToNodes, maxTime, ResponseCodeHandler.HANDLE_404)).build();
reverseProxyToNodes.start();

View File

@@ -21,7 +21,12 @@ import org.apache.commons.io.IOUtils;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.rules.TestName;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
@@ -29,6 +34,7 @@ import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ServerURLs;
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
@@ -50,6 +56,9 @@ import java.util.Map;
import java.util.concurrent.TimeoutException;
import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.APP_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.CURRENT_APP_SERVER;
import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.enableHTTPSForAppServer;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
@@ -66,8 +75,6 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
@Page
protected AppServerContextRoot appServerContextRootPage;
protected static final String APP_SERVER_CONTAINER = System.getProperty("app.server", "");
public static final String JBOSS_DEPLOYMENT_STRUCTURE_XML = "jboss-deployment-structure.xml";
public static final URL jbossDeploymentStructure = AbstractServletsAdapterTest.class
.getResource("/adapter-test/" + JBOSS_DEPLOYMENT_STRUCTURE_XML);
@@ -78,13 +85,26 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
public static final URL tomcatContext = AbstractServletsAdapterTest.class
.getResource("/adapter-test/" + TOMCAT_CONTEXT_XML);
@BeforeClass
public static void setUpAppServer() throws Exception {
if (APP_SERVER_SSL_REQUIRED && (APP_SERVER_CONTAINER.contains("eap") || APP_SERVER_CONTAINER.contains("wildfly"))) { // Other containers need some external configuraiton to run SSL tests
protected static boolean sslConfigured = false;
@Before
public void setUpAppServer() throws Exception {
if (!sslConfigured && shouldConfigureSSL()) { // Other containers need some external configuraiton to run SSL tests
enableHTTPSForAppServer();
sslConfigured = true;
}
}
@AfterClass
public static void resetSSLConfig() {
sslConfigured = false;
}
protected boolean shouldConfigureSSL() {
return APP_SERVER_SSL_REQUIRED && (CURRENT_APP_SERVER.contains("eap") || CURRENT_APP_SERVER.contains("wildfly"));
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
addAdapterTestRealms(testRealms);
@@ -93,30 +113,25 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
modifyClientRedirectUris(tr, "http://localhost:8080", "");
modifyClientRedirectUris(tr, "^((?:/.*|)/\\*)",
"http://localhost:" + System.getProperty("app.server.http.port", "8280") + "$1",
"http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "$1",
"https://localhost:" + System.getProperty("app.server.https.port", "8643") + "$1",
"https://localhost:" + System.getProperty("auth.server.http.port", "8543") + "$1");
ServerURLs.getAppServerContextRoot() + "$1",
ServerURLs.getAuthServerContextRoot() + "$1");
modifyClientWebOrigins(tr, "http://localhost:8080",
"http://localhost:" + System.getProperty("app.server.http.port", "8280"),
"http://localhost:" + System.getProperty("auth.server.http.port", "8180"),
"https://localhost:" + System.getProperty("app.server.https.port", "8643"),
"https://localhost:" + System.getProperty("auth.server.http.port", "8543"));
modifyClientWebOrigins(tr, "http://localhost:8080", ServerURLs.getAppServerContextRoot(),
ServerURLs.getAuthServerContextRoot());
modifyClientUrls(tr, "http://localhost:8080", "");
modifySamlMasterURLs(tr, "http://localhost:8080", "");
modifySAMLClientsAttributes(tr, "http://localhost:8080", "");
if (isRelative()) {
modifyClientUrls(tr, appServerContextRootPage.toString(), "");
modifySamlMasterURLs(tr, "/", "http://localhost:" + System.getProperty("auth.server.http.port", null) + "/");
modifySAMLClientsAttributes(tr, "8080", System.getProperty("auth.server.http.port", "8180"));
modifyClientUrls(tr, ServerURLs.getAppServerContextRoot().toString(), "");
modifySamlMasterURLs(tr, "/", ServerURLs.getAppServerContextRoot() + "/");
modifySAMLClientsAttributes(tr, "8080", AUTH_SERVER_PORT);
} else {
modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifySamlMasterURLs(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifySAMLClientsAttributes(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifyClientJWKSUrl(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifyClientUrls(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
modifySamlMasterURLs(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
modifySAMLClientsAttributes(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
modifyClientJWKSUrl(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
}
if (AUTH_SERVER_SSL_REQUIRED) {
tr.setSslRequired("all");
@@ -265,47 +280,4 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
throw new RuntimeException(ex);
}
}
private static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
try (OnlineManagementClient client = AppServerTestEnricher.getManagementClient()) {
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
}
client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
if (APP_SERVER_CONTAINER.contains("eap6")) {
if(!operations.exists(Address.subsystem("web").and("connector", "https"))) {
client.apply(new AddConnector.Builder("https")
.protocol("HTTP/1.1")
.scheme("https")
.socketBinding("https")
.secure(true)
.build());
client.apply(new AddConnectorSslConfig.Builder("https")
.password("secret")
.certificateKeyFile("${jboss.server.config.dir}/adapter.jks")
.build());
}
} else {
client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
.forDefaultServer());
administration.reloadIfRequired();
client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
.securityRealm("UndertowRealm")
.build());
}
administration.reloadIfRequired();
}
}
}

View File

@@ -25,7 +25,11 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
import java.net.URL;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import org.apache.http.client.methods.HttpGet;
import org.jboss.arquillian.container.test.api.*;
import org.jboss.arquillian.test.api.ArquillianResource;
@@ -39,6 +43,7 @@ import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClient.Binding;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.ServerURLs;
/**
*
@@ -49,6 +54,29 @@ public abstract class AbstractSAMLAdapterClusteredTest extends AbstractAdapterCl
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/adapter-test/keycloak-saml/testsaml-behind-lb.json"));
if (!"localhost".equals(ServerURLs.APP_SERVER_HOST)) {
for (RealmRepresentation realm : testRealms) {
Optional<ClientRepresentation> clientRepresentation = realm.getClients().stream()
.filter(c -> c.getClientId().equals("http://localhost:8580/employee-distributable/"))
.findFirst();
clientRepresentation.ifPresent(cr -> {
cr.setBaseUrl(cr.getBaseUrl().replace("localhost", ServerURLs.APP_SERVER_HOST));
cr.setRedirectUris(cr.getRedirectUris()
.stream()
.map(url -> url.replace("localhost", ServerURLs.APP_SERVER_HOST))
.collect(Collectors.toList())
);
cr.setAttributes(cr.getAttributes().entrySet().stream()
.collect(Collectors.toMap(Map.Entry::getKey,
entry -> entry.getValue().replace("localhost", ServerURLs.APP_SERVER_HOST))
)
);
});
}
}
}
@Override

View File

@@ -29,6 +29,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import java.io.File;
@@ -108,7 +109,7 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
}
private URL getResourceServerUrl() throws MalformedURLException {
return this.appServerContextRootPage.getUriBuilder().path(RESOURCE_SERVER_ID).build().toURL();
return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID);
}
private void configureAuthorizationServices() {

View File

@@ -47,6 +47,7 @@ import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.util.UIUtils;
import org.openqa.selenium.By;
@@ -591,7 +592,7 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
private URL getResourceServerUrl() {
try {
return new URL(this.appServerContextRootPage + "/" + RESOURCE_SERVER_ID);
return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID);
} catch (MalformedURLException e) {
throw new RuntimeException("Could not obtain resource server url.", e);
}

View File

@@ -78,8 +78,6 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
public static final String CORS = "cors";
public static final String AUTH_SERVER_HOST = "localhost-auth-127.0.0.1.nip.io";
private static final String hostBackup;
@ArquillianResource
private Deployer deployer;
@@ -130,10 +128,6 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
deployer.undeploy(AngularCorsProductTestApp.DEPLOYMENT_NAME);
}
static{
hostBackup = System.getProperty("auth.server.host", "localhost");
System.setProperty("auth.server.host", AUTH_SERVER_HOST);
}
@Override
public void setDefaultPageUriParameters() {
@@ -190,7 +184,6 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
"/auth/admin/master/console/#/server-info");
jsDriverTestRealmLoginPage.form().login("admin", "admin");
WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
Pattern pattern = Pattern.compile("<td [^>]+>Server Version</td>" +
"\\s+<td [^>]+>([^<]+)</td>");
Matcher matcher = pattern.matcher(DroneUtils.getCurrentDriver().getPageSource());
@@ -201,9 +194,4 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
return null;
}
@AfterClass
public static void afterCorsTest() {
System.setProperty("auth.server.host", hostBackup);
}
}

View File

@@ -40,6 +40,7 @@ import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.adapter.page.HawtioPage;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -79,6 +80,7 @@ public class EAP6Fuse6HawtioAdapterTest extends AbstractExampleAdapterTest imple
@BeforeClass
public static void enabled() {
Assume.assumeFalse(System.getProperty("os.name").startsWith("Windows"));
ContainerAssume.assumeNotAppServerSSL();
}
@Before

View File

@@ -76,6 +76,7 @@ import org.keycloak.testsuite.adapter.page.TokenMinTTLPage;
import org.keycloak.testsuite.adapter.page.TokenRefreshPage;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.account.Applications;
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
@@ -220,7 +221,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
@Deployment(name = CustomerPortalNoConf.DEPLOYMENT_NAME)
protected static WebArchive customerPortalNoConf() {
return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class);
return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class, ServletTestUtils.class);
}
@Deployment(name = SecurePortal.DEPLOYMENT_NAME)
@@ -799,7 +800,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
BasicCookieStore cookieStore = new BasicCookieStore();
BasicClientCookie jsessionid = new BasicClientCookie("JSESSIONID", driver.manage().getCookieNamed("JSESSIONID").getValue());
jsessionid.setDomain("localhost");
jsessionid.setDomain(ServerURLs.APP_SERVER_HOST);
jsessionid.setPath("/");
cookieStore.addCookie(jsessionid);
@@ -1113,13 +1114,6 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
serverLogPath = System.getProperty("app.server.home") + "/standalone-test/log/server.log";
}
String appServerUrl;
if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/";
} else {
appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/";
}
if (serverLogPath != null) {
log.info("Checking app server log at: " + serverLogPath);
File serverLog = new File(serverLogPath);
@@ -1127,7 +1121,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
UserRepresentation bburke = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com");
//the expected log message has DEBUG level
assertThat(serverLogContent, containsString("User '" + bburke.getId() + "' invoking '" + appServerUrl + "customer-db/' on client 'customer-db'"));
assertThat(serverLogContent, containsString("User '" + bburke.getId() + "' invoking '" + ServerURLs.getAppServerContextRoot() + "/customer-db/' on client 'customer-db'"));
} else {
log.info("Checking app server log on app-server: \"" + System.getProperty("app.server") + "\" is not supported.");
}

View File

@@ -1,5 +1,6 @@
package org.keycloak.testsuite.adapter.servlet;
import org.jboss.arquillian.test.spi.execution.SkippedTestExecutionException;
import org.junit.After;
import org.junit.Assume;
import org.junit.Before;
@@ -7,6 +8,8 @@ import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.annotation.UseServletFilter;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
@@ -27,6 +30,10 @@ public class SAMLFilterServletAdapterTest extends SAMLServletAdapterTest {
public static void enabled() {
String appServerJavaHome = System.getProperty("app.server.java.home", "");
Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70"));
// SAMLServletAdapterTest has too many deployments, with so many deployments (with filter dependency in each
// of them) it is impossible to reload container after TLS is enabled, GC time limit exceeds
ContainerAssume.assumeNotAppServerSSL();
}
@Before

View File

@@ -1,132 +0,0 @@
package org.keycloak.testsuite.adapter.servlet;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.adapters.rotation.PublicKeyLocator;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
import org.keycloak.testsuite.adapter.page.Employee2Servlet;
import org.keycloak.testsuite.adapter.page.EmployeeSigServlet;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.auth.page.login.Login;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.openqa.selenium.By;
import javax.ws.rs.core.UriBuilder;
import java.util.Collections;
import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLSERVLETDEMO;
import static org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2;
import static org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_SIG;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot;
/**
* @author mhajas
*/
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
// @AppServerContainer(ContainerConstants.APP_SERVER_EAP) // Should be added in: KEYCLOAK-14434
// @AppServerContainer(ContainerConstants.APP_SERVER_EAP6) // Should be added in: KEYCLOAK-14435
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
@AuthServerContainerExclude(AuthServerContainerExclude.AuthServer.REMOTE)
public class SAMLSameSiteTest extends AbstractSAMLServletAdapterTest {
// private static final String NIP_IO_URL = "app-saml-127-0-0-1.nip.io";
private static final String NIP_IO_EMPLOYEE2_URL = getAppServerContextRoot() + "/employee2/";
private static final String NIP_IO_EMPLOYEE_SIG_URL = getAppServerContextRoot() + "/employee-sig/";
@Deployment(name = Employee2Servlet.DEPLOYMENT_NAME)
protected static WebArchive employee2() {
return samlServletDeployment(Employee2Servlet.DEPLOYMENT_NAME, WEB_XML_WITH_ACTION_FILTER, SendUsernameServlet.class, AdapterActionsFilter.class, PublicKeyLocator.class)
.addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF);
}
@Deployment(name = EmployeeSigServlet.DEPLOYMENT_NAME)
protected static WebArchive employeeSig() {
return samlServletDeployment(EmployeeSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class)
.addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF);
}
@Page
protected Employee2Servlet employee2ServletPage;
@BeforeClass
public static void enabledOnlyWithSSL() {
ContainerAssume.assumeAuthServerSSL();
ContainerAssume.assumeAppServerSSL();
}
@Test
public void samlPostWorksWithSameSiteCookieTest() {
testLoginLogoutWithDifferentUrl(SAML_CLIENT_ID_EMPLOYEE_2, NIP_IO_EMPLOYEE2_URL, testRealmSAMLPostLoginPage);
}
@Test
public void samlRedirectWorksWithSameSiteCookieTest() {
testLoginLogoutWithDifferentUrl(SAML_CLIENT_ID_EMPLOYEE_SIG, NIP_IO_EMPLOYEE_SIG_URL, testRealmSAMLRedirectLoginPage);
}
@Test
public void testSSOPostRedirect() {
getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, SAML_CLIENT_ID_EMPLOYEE_SIG)
.setRedirectUris(Collections.singletonList(NIP_IO_EMPLOYEE_SIG_URL + "*"))
.setAdminUrl(NIP_IO_EMPLOYEE_SIG_URL + "saml")
.update());
getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, SAML_CLIENT_ID_EMPLOYEE_2)
.setRedirectUris(Collections.singletonList(NIP_IO_EMPLOYEE2_URL + "*"))
.setAdminUrl(NIP_IO_EMPLOYEE2_URL + "saml")
.update());
// Navigate to url with nip.io to trick browser the adapter lives on different domain
driver.navigate().to(NIP_IO_EMPLOYEE2_URL);
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
// Login and check the user is successfully logged in
testRealmSAMLPostLoginPage.form().login(bburkeUser);
waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
driver.navigate().to(NIP_IO_EMPLOYEE_SIG_URL);
waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
// Logout
driver.navigate().to(UriBuilder.fromUri(NIP_IO_EMPLOYEE_SIG_URL).queryParam("GLO", "true").build().toASCIIString());
waitForPageToLoad();
// Check logged out
driver.navigate().to(NIP_IO_EMPLOYEE2_URL);
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
}
private void testLoginLogoutWithDifferentUrl(String clientId, String newUrl, Login loginPage) {
getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, clientId)
.setRedirectUris(Collections.singletonList(newUrl + "*"))
.setAdminUrl(newUrl + "saml")
.update());
// Navigate to url with nip.io to trick browser the adapter lives on different domain
driver.navigate().to(newUrl);
assertCurrentUrlStartsWith(loginPage);
// Login and check the user is successfully logged in
loginPage.form().login(bburkeUser);
waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
// Logout
driver.navigate().to(UriBuilder.fromUri(newUrl).queryParam("GLO", "true").build().toASCIIString());
waitForPageToLoad();
// Check logged out
driver.navigate().to(newUrl);
assertCurrentUrlStartsWith(loginPage);
}
}

View File

@@ -143,6 +143,7 @@ import org.keycloak.testsuite.adapter.page.*;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.login.Login;
import org.keycloak.testsuite.auth.page.login.SAMLIDPInitiatedLogin;
@@ -785,14 +786,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
ClientRepresentation clientRep = testRealmResource().convertClientDescription(IOUtil.documentToString(doc));
String appServerUrl;
if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/";
} else {
appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/";
}
clientRep.setAdminUrl(appServerUrl + "sales-metadata/saml");
clientRep.setAdminUrl(ServerURLs.getAppServerContextRoot() + "/sales-metadata/saml");
try (Response response = testRealmResource().clients().create(clientRep)) {
Assert.assertEquals(201, response.getStatus());
@@ -1363,8 +1357,13 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
@Test
public void idpMetadataValidation() throws Exception {
driver.navigate().to(authServerPage.toString() + "/realms/" + SAMLSERVLETDEMO + "/protocol/saml/descriptor");
validateXMLWithSchema(driver.getPageSource(), "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd");
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
HttpGet httpGet = new HttpGet(authServerPage.toString() + "/realms/" + SAMLSERVLETDEMO + "/protocol/saml/descriptor");
try (CloseableHttpResponse response = client.execute(httpGet)) {
String stringResponse = EntityUtils.toString(response.getEntity());
validateXMLWithSchema(stringResponse, "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd");
}
}
}
@Test
@@ -1673,7 +1672,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
Assert.assertThat(resourceResponse.readEntity(String.class), containsString("pedroigor"));
}
@AuthServerContainerExclude(value = AuthServerContainerExclude.AuthServer.QUARKUS, details =
@AuthServerContainerExclude(value = AuthServerContainerExclude.AuthServer.QUARKUS, details =
"Exclude Quarkus because when running on Java 9+ you get CNF exceptions due to the fact that javax.xml.soap was removed (as well as other JEE modules). Need to discuss how we are going to solve this for both main dist and Quarkus")
@Test
public void testInvalidCredentialsEcpFlow() throws Exception {

View File

@@ -21,11 +21,16 @@ package org.keycloak.testsuite.adapter.servlet;
import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.CURRENT_APP_SERVER;
import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.enableHTTPSForAppServer;
import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
import java.io.IOException;
import java.util.concurrent.TimeoutException;
import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
@@ -45,6 +50,9 @@ import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.operations.OperationException;
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY_DEPRECATED)
@@ -84,7 +92,7 @@ public class SecuredDeploymentsAdapterTest extends AbstractServletsAdapterTest i
@Before
@Override
public void startServer() {
public void startServer() throws InterruptedException, IOException, OperationException, TimeoutException, CommandFailedException, CliException {
try {
AppServerTestEnricher.prepareServerDir("standalone-secured-deployments");
} catch (IOException ex) {
@@ -92,6 +100,18 @@ public class SecuredDeploymentsAdapterTest extends AbstractServletsAdapterTest i
}
controller.start(testContext.getAppServerInfo().getQualifier());
if (!sslConfigured && super.shouldConfigureSSL()) {
enableHTTPSForAppServer();
sslConfigured = true;
}
}
// This is SelfManagedAppContainerLifecycle, we can't enable ssl in before in parent class, because it will fail as
// the container is not started yet
@Override
public boolean shouldConfigureSSL() {
return false;
}
@After

View File

@@ -26,6 +26,8 @@ import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import java.net.URI;
import java.net.URL;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
@@ -38,11 +40,13 @@ import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.Retry;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.AbstractAdapterClusteredTest;
import org.keycloak.testsuite.adapter.page.SessionPortalDistributable;
import org.keycloak.testsuite.adapter.servlet.SessionServlet;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.AuthRealm;
@@ -85,6 +89,25 @@ public class OIDCAdapterClusterTest extends AbstractAdapterClusteredTest {
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
addAdapterTestRealms(testRealms);
if (!"localhost".equals(ServerURLs.APP_SERVER_HOST)) {
for (RealmRepresentation realm : testRealms) {
Optional<ClientRepresentation> clientRepresentation = realm.getClients().stream()
.filter(c -> c.getClientId().equals("session-portal-distributable"))
.findFirst();
clientRepresentation.ifPresent(cr -> {
cr.setAdminUrl(cr.getAdminUrl().replace("localhost", ServerURLs.APP_SERVER_HOST));
cr.setBaseUrl(cr.getBaseUrl().replace("localhost", ServerURLs.APP_SERVER_HOST));
cr.setRedirectUris(cr.getRedirectUris()
.stream()
.map(url -> url.replace("localhost", ServerURLs.APP_SERVER_HOST))
.collect(Collectors.toList())
);
});
}
}
}
@Override

View File

@@ -94,11 +94,12 @@
<auth.server.feature/>
<auth.server.host2>${auth.server.host}</auth.server.host2> <!-- for broker and JS adapter tests; defaults to auth.server.host -->
<app.server.host>localhost</app.server.host>
<app.server.skip.unpack>true</app.server.skip.unpack>
<app.server.artifactId>integration-arquillian-servers-app-server-${app.server}</app.server.artifactId>
<app.server.home>${containers.home}/app-server-${app.server}</app.server.home>
<app.server.config.dir>${app.server.home}/standalone/configuration</app.server.config.dir>
<app.server.keystore.dir>${app.server.home}/standalone/configuration</app.server.keystore.dir>
<app.server.port.offset>200</app.server.port.offset>
<app.server.http.port>8280</app.server.http.port>
<app.server.https.port>8643</app.server.https.port>
@@ -117,11 +118,12 @@
<app.server.memory.Xmx>512m</app.server.memory.Xmx>
<app.server.memory.settings>-Xms${app.server.memory.Xms} -Xmx${app.server.memory.Xmx} -XX:MetaspaceSize=${surefire.memory.metaspace} -XX:MaxMetaspaceSize=${surefire.memory.metaspace.max}</app.server.memory.settings>
<app.server.ssl.required>false</app.server.ssl.required>
<app.server.truststore>${app.server.config.dir}/keycloak.truststore</app.server.truststore>
<app.server.truststore>${app.server.keystore.dir}/keycloak.truststore</app.server.truststore>
<app.server.truststore.password>secret</app.server.truststore.password>
<app.server.keystore>${app.server.config.dir}/adapter.jks</app.server.keystore>
<app.server.keystore>${app.server.keystore.dir}/adapter.jks</app.server.keystore>
<app.server.keystore.password>secret</app.server.keystore.password>
<app.server.jvm.args.extra/>
<tomcat.javax.net.ssl.properties/>
<cache.server>undefined</cache.server>
<cache.server.container>cache-server-${cache.server}</cache.server.container>
@@ -162,6 +164,11 @@
-Dapp.server.ssl.required=${app.server.ssl.required}
-Dauth.server.ssl.base.url=https://localhost:${auth.server.https.port}
-Dauth.server.ssl.required=${auth.server.ssl.required}
-Dauth.server.host=${auth.server.host}
-Dauth.server.host2=${auth.server.host2}
-Dapp.server.host=${app.server.host}
-Dapp.server.http.port=${app.server.http.port}
-Dapp.server.https.port=${app.server.https.port}
-Dmy.host.name=localhost
-Djava.security.krb5.conf=${project.build.directory}/dependency/kerberos/test-krb5.conf
</adapter.test.props>
@@ -516,7 +523,7 @@
<app.server>${app.server}</app.server>
<app.server.home>${app.server.home}</app.server.home>
<app.server.config.dir>${app.server.config.dir}</app.server.config.dir>
<app.server.keystore.dir>${app.server.keystore.dir}</app.server.keystore.dir>
<app.server.java.home>${app.server.java.home}</app.server.java.home>
<app.server.memory.settings>${app.server.memory.settings}</app.server.memory.settings>
<app.server.port.offset>${app.server.port.offset}</app.server.port.offset>
@@ -536,6 +543,7 @@
<app.server.keystore>${app.server.keystore}</app.server.keystore>
<app.server.keystore.password>${app.server.keystore.password}</app.server.keystore.password>
<app.server.jvm.args.extra>${app.server.jvm.args.extra}</app.server.jvm.args.extra>
<tomcat.javax.net.ssl.properties>${tomcat.javax.net.ssl.properties}</tomcat.javax.net.ssl.properties>
<frontend.console.output>${frontend.console.output}</frontend.console.output>
<backends.console.output>${backend.console.output}</backends.console.output>
@@ -1985,6 +1993,17 @@
</properties>
</profile>
<profile>
<id>set-javax.net.ssl-properties-for-tomcat</id>
<activation>
<property>
<name>app.server.ssl.required</name>
</property>
</activation>
<properties>
<tomcat.javax.net.ssl.properties>-Djavax.net.ssl.trustStore=${app.server.home}/lib/keycloak.truststore -Djavax.net.ssl.trustStorePassword=secret</tomcat.javax.net.ssl.properties>
</properties>
</profile>
</profiles>
</project>

View File

@@ -39,6 +39,7 @@ import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import sun.applet.AppletSecurity;
import static org.keycloak.testsuite.utils.io.IOUtil.modifyDocElementAttribute;
import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot;
@@ -58,6 +59,7 @@ public class DeploymentArchiveProcessorUtils {
private static final String APP_SERVER_SCHEMA = APP_SERVER_SSL_REQUIRED ? "https" : "http";
private static final String APP_SERVER_PORT_PROPERTY = "auth.server." + APP_SERVER_SCHEMA + ".port";
private static final String AUTH_SERVER_REPLACED_URL = "http://localhost:8080";
private static final String APP_SERVER_CONTAINER = System.getProperty("app.server", "");
public static final String WEBXML_PATH = "/WEB-INF/web.xml";
public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
@@ -216,9 +218,17 @@ public class DeploymentArchiveProcessorUtils {
}
adapterConfig.setTruststore(trustStorePathInDeployment);
adapterConfig.setTruststorePassword(TRUSTSTORE_PASSWORD);
File truststorePath = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile());
((WebArchive) archive).addAsResource(truststorePath);
log.debugf("Adding Truststore to the deployment, path %s, password %s, adapter path %s", truststorePath.getAbsolutePath(), TRUSTSTORE_PASSWORD, trustStorePathInDeployment);
String truststoreUrl = System.getProperty("dependency.keystore.root", "") + "/keycloak.truststore";
File truststore = new File(truststoreUrl);
if (!truststore.exists()) {
truststore = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile());
}
((WebArchive) archive).addAsResource(truststore);
log.debugf("Adding Truststore to the deployment, path %s, password %s, adapter path %s", truststore.getAbsolutePath(), TRUSTSTORE_PASSWORD, trustStorePathInDeployment);
}
archive.add(new StringAsset(JsonSerialization.writeValueAsPrettyString(adapterConfig)),
@@ -240,7 +250,14 @@ public class DeploymentArchiveProcessorUtils {
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
((WebArchive) archive).addAsResource(new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile()));
String truststoreUrl = System.getProperty("dependency.keystore.root", "") + "/keycloak.truststore";
File truststore = new File(truststoreUrl);
if (!truststore.exists()) {
truststore = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile());
}
((WebArchive) archive).addAsResource(truststore);
}
private static String getAuthServerUrl() {

View File

@@ -41,7 +41,8 @@ public class TomcatAppServerConfigurationUtils {
createChild(configuration, "pass", pass);
createChild(configuration, "javaVmArguments",
System.getProperty("adapter.test.props", " ") + " " +
System.getProperty("app.server.jboss.jvm.debug.args", " "));
System.getProperty("app.server.jboss.jvm.debug.args", " ") + " " +
System.getProperty("tomcat.javax.net.ssl.properties", " "));
createChild(configuration,"startupTimeoutInSeconds", startupTimeoutInSeconds);
return container;