oidc-rp: start properly configured keycloak container during tests
diff --git a/org.apache.sling.servlets.oidc-rp/README.md b/org.apache.sling.servlets.oidc-rp/README.md
index 9ad8688..6e37ac2 100644
--- a/org.apache.sling.servlets.oidc-rp/README.md
+++ b/org.apache.sling.servlets.oidc-rp/README.md
@@ -140,7 +140,7 @@
#### Exporting the test realm
```
-$ docker run --rm --volume (pwd)/keycloak-data:/opt/keycloak/data -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.3 export --realm sling --dir /opt/keycloak/data/export
+$ docker run --rm --volume (pwd)/keycloak-data:/opt/keycloak/data -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.3 export --realm sling --users realm_file --file /opt/keycloak/data/export/sling.json
```
## Whiteboard graduation TODO
diff --git a/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java b/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java
index 4143155..57f4b83 100644
--- a/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java
+++ b/org.apache.sling.servlets.oidc-rp/src/test/java/org/apache/sling/servlets/oidc_rp/AuthorizationCodeFlowIT.java
@@ -40,6 +40,7 @@
import org.apache.sling.testing.clients.ClientException;
import org.apache.sling.testing.clients.SlingClient;
import org.apache.sling.testing.clients.SlingHttpResponse;
+import org.apache.sling.testing.clients.osgi.OsgiConsoleClient;
import org.junit.jupiter.api.Test;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
@@ -55,32 +56,36 @@
@Container
KeycloakContainer keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:20.0.3")
- .withRealmImportFiles("keycloak-import/sling-realm.json", "keycloak-import/sling-users-0.json");
+ .withRealmImportFile("keycloak-import/sling.json");
@Test
void accessTokenIsPresentOnSuccessfulLogin() throws Exception {
-
-// int keycloakPort = 8081;
int keycloakPort = keycloak.getHttpPort();
// two parts
// - local app on port 8080
// - keycloak on port 8081
- // TODO
- // 1. automatically start keycloak (test containers?) and import data
- // 2. lookup external sling app from a env settting ( and start using maven infrastructure )
+ // TODO - lookup external sling app from a env settting ( and start using maven infrastructure )
SlingClient sling = SlingClient.Builder.create(URI.create("http://localhost:8080"), "admin", "admin").disableRedirectHandling().build();
+
+ // configure connection to keycloak
+ sling.adaptTo(OsgiConsoleClient.class).editConfiguration("org.apache.sling.servlets.oidc_rp.impl.OidcConnectionImpl",null,
+ Map.of(
+ "name", "keycloak",
+ "baseUrl", "http://localhost:" + keycloakPort+"/realms/sling",
+ "clientId", "oidc-test",
+ "clientSecret", "wM2XIbxBTLJAac2rJSuHyKaoP8IWvSwJ",
+ "scopes", "openid"
+ )
+ );
// clean up any existing tokens
String userPath = getUserPath(sling, sling.getUser());
sling.deletePath(userPath + "/oidc-tokens/keycloak", 200);
sling.doGet(userPath + "/oidc-tokens/keycloak", 404);
- // TODO - install OSGi config pointing to KeyCloak
-
-
// kick off oidc auth
SlingHttpResponse entryPointResponse = sling.doGet("/system/sling/oidc/entry-point", 302);
Header locationHeader = entryPointResponse.getFirstHeader("location");
diff --git a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-users-0.json b/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-users-0.json
deleted file mode 100644
index 50fc36a..0000000
--- a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-users-0.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- "realm" : "sling",
- "users" : [ {
- "id" : "968d808c-5923-41b9-b96c-ca72b1fe9339",
- "createdTimestamp" : 1676046477062,
- "username" : "test",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "firstName" : "",
- "lastName" : "",
- "credentials" : [ {
- "id" : "1e4b9853-4b98-4f7d-aee0-ee1ce151bcf7",
- "type" : "password",
- "userLabel" : "My password",
- "createdDate" : 1676046529270,
- "secretData" : "{\"value\":\"H4t6rcOHTueKwCD27MrQ0hbGiODFgGE9KOOOwT+Zfo5Nco12lgsHdU/F5Ny0uK3WU728ijN5iufHKQnjSKnyjQ==\",\"salt\":\"QBpLiI1/SNdwxs/JfEw/CQ==\",\"additionalParameters\":{}}",
- "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
- } ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-sling" ],
- "notBefore" : 0,
- "groups" : [ ]
- } ]
-}
\ No newline at end of file
diff --git a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-realm.json b/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling.json
similarity index 98%
rename from org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-realm.json
rename to org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling.json
index 47b3cbf..5297f47 100644
--- a/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling-realm.json
+++ b/org.apache.sling.servlets.oidc-rp/src/test/resources/keycloak-import/sling.json
@@ -372,6 +372,29 @@
"webAuthnPolicyPasswordlessCreateTimeout" : 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "users" : [ {
+ "id" : "968d808c-5923-41b9-b96c-ca72b1fe9339",
+ "createdTimestamp" : 1676046477062,
+ "username" : "test",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "",
+ "lastName" : "",
+ "credentials" : [ {
+ "id" : "1e4b9853-4b98-4f7d-aee0-ee1ce151bcf7",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1676046529270,
+ "secretData" : "{\"value\":\"H4t6rcOHTueKwCD27MrQ0hbGiODFgGE9KOOOwT+Zfo5Nco12lgsHdU/F5Ny0uK3WU728ijN5iufHKQnjSKnyjQ==\",\"salt\":\"QBpLiI1/SNdwxs/JfEw/CQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-sling" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
"scopeMappings" : [ {
"clientScope" : "offline_access",
"roles" : [ "offline_access" ]
