This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git
commit 3c0acf8fe58acab9cd03cbdfb8b6a81adf9ad8d7 Author: Robert Munteanu <[email protected]> AuthorDate: Fri Feb 10 22:43:47 2023 +0100 oidc-rp: start properly configured keycloak container during tests --- org.apache.sling.servlets.oidc-rp/README.md | 2 +- .../servlets/oidc_rp/AuthorizationCodeFlowIT.java | 23 +++++++++++-------- .../resources/keycloak-import/sling-users-0.json | 26 ---------------------- .../{sling-realm.json => sling.json} | 23 +++++++++++++++++++ 4 files changed, 38 insertions(+), 36 deletions(-) diff --git a/org.apache.sling.servlets.oidc-rp/README.md b/org.apache.sling.servlets.oidc-rp/README.md index 9ad8688b..6e37ac21 100644 --- a/org.apache.sling.servlets.oidc-rp/README.md +++ b/org.apache.sling.servlets.oidc-rp/README.md @@ -140,7 +140,7 @@ scopes: openid #### Exporting the test realm ``` -$ docker run --rm --volume (pwd)/keycloak-data:/opt/keycloak/data -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.3 export --realm sling --dir /opt/keycloak/data/export +$ docker run --rm --volume (pwd)/keycloak-data:/opt/keycloak/data -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.3 export --realm sling --users realm_file --file /opt/keycloak/data/export/sling.json ``` ## Whiteboard graduation TODO diff --git a/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java b/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java index 4143155d..57f4b83e 100644 --- a/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java +++ b/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java @@ -40,6 +40,7 @@ import org.apache.http.message.BasicNameValuePair; import org.apache.sling.testing.clients.ClientException; import org.apache.sling.testing.clients.SlingClient; import org.apache.sling.testing.clients.SlingHttpResponse; +import org.apache.sling.testing.clients.osgi.OsgiConsoleClient; import org.junit.jupiter.api.Test; import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Testcontainers; @@ -55,32 +56,36 @@ class AuthorizationCodeFlowIT { @Container KeycloakContainer keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:20.0.3") - .withRealmImportFiles("keycloak-import/sling-realm.json", "keycloak-import/sling-users-0.json"); + .withRealmImportFile("keycloak-import/sling.json"); @Test void accessTokenIsPresentOnSuccessfulLogin() throws Exception { - -// int keycloakPort = 8081; int keycloakPort = keycloak.getHttpPort(); // two parts // - local app on port 8080 // - keycloak on port 8081 - // TODO - // 1. automatically start keycloak (test containers?) and import data - // 2. lookup external sling app from a env settting ( and start using maven infrastructure ) + // TODO - lookup external sling app from a env settting ( and start using maven infrastructure ) SlingClient sling = SlingClient.Builder.create(URI.create("http://localhost:8080";), "admin", "admin").disableRedirectHandling().build(); + + // configure connection to keycloak + sling.adaptTo(OsgiConsoleClient.class).editConfiguration("org.apache.sling.servlets.oidc_rp.impl.OidcConnectionImpl",null, + Map.of( + "name", "keycloak", + "baseUrl", "http://localhost:"; + keycloakPort+"/realms/sling", + "clientId", "oidc-test", + "clientSecret", "wM2XIbxBTLJAac2rJSuHyKaoP8IWvSwJ", + "scopes", "openid" + ) + ); // clean up any existing tokens String userPath = getUserPath(sling, sling.getUser()); sling.deletePath(userPath + "/oidc-tokens/keycloak", 200); sling.doGet(userPath + "/oidc-tokens/keycloak", 404); - // TODO - install OSGi config pointing to KeyCloak - - // kick off oidc auth SlingHttpResponse entryPointResponse = sling.doGet("/system/sling/oidc/entry-point", 302); Header locationHeader = entryPointResponse.getFirstHeader("location"); diff --git a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-users-0.json b/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-users-0.json deleted file mode 100644 index 50fc36a2..00000000 --- a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-users-0.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "realm" : "sling", - "users" : [ { - "id" : "968d808c-5923-41b9-b96c-ca72b1fe9339", - "createdTimestamp" : 1676046477062, - "username" : "test", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "", - "lastName" : "", - "credentials" : [ { - "id" : "1e4b9853-4b98-4f7d-aee0-ee1ce151bcf7", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1676046529270, - "secretData" : "{\"value\":\"H4t6rcOHTueKwCD27MrQ0hbGiODFgGE9KOOOwT+Zfo5Nco12lgsHdU/F5Ny0uK3WU728ijN5iufHKQnjSKnyjQ==\",\"salt\":\"QBpLiI1/SNdwxs/JfEw/CQ==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-sling" ], - "notBefore" : 0, - "groups" : [ ] - } ] -} \ No newline at end of file diff --git a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-realm.json b/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling.json similarity index 98% rename from org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-realm.json rename to org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling.json index 47b3cbf0..5297f47f 100644 --- a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-realm.json +++ b/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling.json @@ -372,6 +372,29 @@ "webAuthnPolicyPasswordlessCreateTimeout" : 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "968d808c-5923-41b9-b96c-ca72b1fe9339", + "createdTimestamp" : 1676046477062, + "username" : "test", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "", + "lastName" : "", + "credentials" : [ { + "id" : "1e4b9853-4b98-4f7d-aee0-ee1ce151bcf7", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1676046529270, + "secretData" : "{\"value\":\"H4t6rcOHTueKwCD27MrQ0hbGiODFgGE9KOOOwT+Zfo5Nco12lgsHdU/F5Ny0uK3WU728ijN5iufHKQnjSKnyjQ==\",\"salt\":\"QBpLiI1/SNdwxs/JfEw/CQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-sling" ], + "notBefore" : 0, + "groups" : [ ] + } ], "scopeMappings" : [ { "clientScope" : "offline_access", "roles" : [ "offline_access" ]
