(tomee) branch tomee-10.x updated: security-openid example add integration test for notifyProvider=true

Fri, 13 Mar 2026 00:59:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

jungm pushed a commit to branch tomee-10.x
in repository https://gitbox.apache.org/repos/asf/tomee.git


The following commit(s) were added to refs/heads/tomee-10.x by this push:
     new 9efdac831a security-openid example add integration test for 
notifyProvider=true
9efdac831a is described below

commit 9efdac831ae6a906664fd0c72b0ccd8410a528ce
Author: Markus Jung <[email protected]>
AuthorDate: Fri Mar 13 08:58:45 2026 +0100

    security-openid example add integration test for notifyProvider=true
---
 .../{SecuredServlet.java => LogoutServlet.java}    | 27 +++++-----------------
 .../java/org/superbiz/openid/SecuredServlet.java   |  4 +++-
 .../org/superbiz/openid/SecuredServletTest.java    | 23 +++++++++++++++++-
 3 files changed, 31 insertions(+), 23 deletions(-)

diff --git 
a/examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
 b/examples/security-openid/src/main/java/org/superbiz/openid/LogoutServlet.java
similarity index 52%
copy from 
examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
copy to 
examples/security-openid/src/main/java/org/superbiz/openid/LogoutServlet.java
index 9d1d869ea6..3d733521fa 100644
--- 
a/examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
+++ 
b/examples/security-openid/src/main/java/org/superbiz/openid/LogoutServlet.java
@@ -16,38 +16,23 @@
  */
 package org.superbiz.openid;
 
-import 
jakarta.security.enterprise.authentication.mechanism.http.OpenIdAuthenticationMechanismDefinition;
 import jakarta.servlet.ServletException;
-import jakarta.servlet.annotation.HttpConstraint;
-import jakarta.servlet.annotation.ServletSecurity;
 import jakarta.servlet.annotation.WebServlet;
 import jakarta.servlet.http.HttpServlet;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
 import java.io.IOException;
-import java.util.stream.Collectors;
 
-@OpenIdAuthenticationMechanismDefinition(
-        providerURI = "#{openIdConfig.providerUri}",
-        clientId = "#{openIdConfig.clientId}",
-        clientSecret = "#{openIdConfig.clientSecret}",
-        useSession = false,
-        redirectToOriginalResource = true)
-@ServletSecurity(@HttpConstraint(rolesAllowed = "user"))
-@WebServlet(name = "Secured Servlet", urlPatterns = "/secured")
-public class SecuredServlet extends HttpServlet {
+@WebServlet(name = "Logout Servlet", urlPatterns = "/logout")
+public class LogoutServlet extends HttpServlet {
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) 
throws ServletException, IOException {
-        resp.setContentType("text/plain");
-        resp.getWriter().print("Hello, " + req.getUserPrincipal().getName());
-
-        if (req.isUserInRole("admin")) {
-            resp.getWriter().print("\nYou're an admin!");
+        if (req.getUserPrincipal() != null) {
+            req.logout();
+            return;
         }
 
-        resp.getWriter().print("\nRequest parameters: " + 
req.getParameterMap().entrySet().stream()
-                .map(e -> e.getKey() + "=" + String.join(",", e.getValue()))
-                .collect(Collectors.joining(";")));
+        resp.getWriter().write("logged out");
     }
 }
diff --git 
a/examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
 
b/examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
index 9d1d869ea6..3f6a314f3a 100644
--- 
a/examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
+++ 
b/examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java
@@ -17,6 +17,7 @@
 package org.superbiz.openid;
 
 import 
jakarta.security.enterprise.authentication.mechanism.http.OpenIdAuthenticationMechanismDefinition;
+import 
jakarta.security.enterprise.authentication.mechanism.http.openid.LogoutDefinition;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.HttpConstraint;
 import jakarta.servlet.annotation.ServletSecurity;
@@ -33,7 +34,8 @@ import java.util.stream.Collectors;
         clientId = "#{openIdConfig.clientId}",
         clientSecret = "#{openIdConfig.clientSecret}",
         useSession = false,
-        redirectToOriginalResource = true)
+        redirectToOriginalResource = true,
+        logout = @LogoutDefinition(notifyProvider = true, redirectURI = 
"#{baseURL}/logout"))
 @ServletSecurity(@HttpConstraint(rolesAllowed = "user"))
 @WebServlet(name = "Secured Servlet", urlPatterns = "/secured")
 public class SecuredServlet extends HttpServlet {
diff --git 
a/examples/security-openid/src/test/java/org/superbiz/openid/SecuredServletTest.java
 
b/examples/security-openid/src/test/java/org/superbiz/openid/SecuredServletTest.java
index 7dd3e96ac7..57e9edabad 100644
--- 
a/examples/security-openid/src/test/java/org/superbiz/openid/SecuredServletTest.java
+++ 
b/examples/security-openid/src/test/java/org/superbiz/openid/SecuredServletTest.java
@@ -52,7 +52,7 @@ public class SecuredServletTest {
                 + "openid.client-secret = tomee-client-secret\n";
 
         return ShrinkWrap.create(WebArchive.class, "ROOT.war")
-                .addClasses(SecuredServlet.class, OpenIdConfig.class)
+                .addClasses(SecuredServlet.class, LogoutServlet.class, 
OpenIdConfig.class)
                 .addAsResource("META-INF/beans.xml")
                 .addAsResource(new StringAsset(mpConfig), 
"META-INF/microprofile-config.properties");
     }
@@ -91,4 +91,25 @@ public class SecuredServletTest {
             assertEquals("Hello, tomee-admin\nYou're an admin!\nRequest 
parameters: ", securedServletPage.getContent());
         }
     }
+
+    @Test
+    @RunAsClient
+    public void testLogoutNotifyProvider() throws Exception {
+        try (WebClient webClient = new WebClient()) {
+            // Login and logout again
+            HtmlPage htmlPage = webClient.getPage(url + "/secured");
+            
assertTrue(htmlPage.getUrl().toString().startsWith(KEYCLOAK_CONTAINER.getAuthServerUrl()
 + "/realms/tomee/protocol/openid-connect/auth"));
+
+            HtmlForm loginForm = htmlPage.getForms().get(0);
+            loginForm.getInputByName("username").setValue("tomee-user");
+            loginForm.getInputByName("password").setValue("tomee");
+            loginForm.getButtonByName("login").click();
+
+            webClient.getPage(url + "/logout");
+
+            // Try to log in again, assert that the keycloak login is showing 
(= provider has been notified of logout)
+            HtmlPage securedAgain = webClient.getPage(url + "/secured");
+            
assertTrue(securedAgain.getUrl().toString().startsWith(KEYCLOAK_CONTAINER.getAuthServerUrl()
 + "/realms/tomee/protocol/openid-connect/auth"));
+        }
+    }
 }

Reply via email to