Skip to content

Commit

Permalink
[WFLY-17649] Adds integration tests and github action workflow for ej…
Browse files Browse the repository at this point in the history
…b-security-jwt quickstart
  • Loading branch information
gaol committed Dec 1, 2023
1 parent a94a457 commit 1bfa686
Show file tree
Hide file tree
Showing 7 changed files with 211 additions and 0 deletions.
18 changes: 18 additions & 0 deletions .github/workflows/quickstart_ejb-security-jwt_ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: WildFly EJB Security JWT Quickstart CI

on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- 'ejb-security-jwt/**'
- '.github/workflows/quickstart_ci.yml'

jobs:
call-quickstart_ci:
uses: ./.github/workflows/quickstart_ci.yml
with:
QUICKSTART_PATH: ejb-security-jwt
TEST_PROVISIONED_SERVER: true
TEST_OPENSHIFT: false
MATRIX_OS: '"ubuntu-latest"'
DEPLOYMENT_DIR: app-one/ear
10 changes: 10 additions & 0 deletions .github/workflows/quickstart_ejb-security-jwt_ci_before.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/sh
set -x

# Start keycloak with required configuration
docker run -d --rm --name "keycloak" \
-p 8180:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
-v ${GITHUB_WORKSPACE}/quickstarts/ejb-security-jwt/keycloak/realm:/opt/keycloak/data/import \
quay.io/keycloak/keycloak:21.0.0 start-dev --import-realm
3 changes: 3 additions & 0 deletions ejb-security-jwt/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,9 @@ We can see that the user `quickstartUser` has the `user` role, but does not have

We can also see that the invocation from EJBA to EJBB uses the same authentication context as what is used in remote client calls EJBA.

// Server Distribution Testing
include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]

== Undeploy the Archives

To undeploy the components from the {productName} servers:
Expand Down
44 changes: 44 additions & 0 deletions ejb-security-jwt/app-one/ear/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
<groupId>org.wildfly.quickstarts</groupId>
<artifactId>ejb-security-jwt-app-one</artifactId>
<version>31.0.0.Beta1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>ejb-security-jwt-app-one-ear</artifactId>
<packaging>ear</packaging>
Expand Down Expand Up @@ -77,4 +78,47 @@
</plugins>
</build>

<profiles>
<profile>
<id>provisioned-server</id>
<build>
<plugins>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<configuration>
<feature-packs>
<feature-pack>
<location>org.wildfly:wildfly-galleon-pack:${version.server}</location>
</feature-pack>
</feature-packs>
<layers>
<layer>cloud-server</layer>
<layer>ejb</layer>
</layers>
<name>${project.parent.artifactId}.ear</name>
<packaging-scripts>
<packaging-script>
<java-opts>-Dejb-outbound-port=${ejb-outbound-port}</java-opts>
<scripts>
<script>${basedir}/../../configure-elytron.cli</script>
<script>${basedir}/../../configure-ejb-outbound-connection.cli</script>
</scripts>
<resolve-expressions>true</resolve-expressions>
</packaging-script>
</packaging-scripts>
</configuration>
<executions>
<execution>
<goals>
<goal>package</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>

</project>
34 changes: 34 additions & 0 deletions ejb-security-jwt/client/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,13 @@
<artifactId>ejb-security-jwt-app-one-ejb</artifactId>
<type>ejb-client</type>
</dependency>

<!-- Test dependencies -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand All @@ -74,4 +81,31 @@
</plugins>
</build>

<profiles>
<profile>
<id>integration-testing</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<configuration>
<includes>
<include>**/*IT</include>
</includes>
</configuration>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>

</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
/*
* Copyright 2023 JBoss by Red Hat.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jboss.as.quickstarts.ejb.security.jwt;

import org.jboss.as.quickstarts.ejb.security.jwt.appone.JWTSecurityEJBRemoteA;
import org.jboss.as.quickstarts.ejb.security.jwt.client.RemoteEJBClient;
import org.junit.Assert;
import org.junit.Test;
import org.wildfly.security.auth.client.AuthenticationContext;

import javax.naming.NamingException;
import java.io.IOException;

/**
* Tests that
*
* @author <a href="mailto:[email protected]">Lin Gao</a>
*/
public class EJBSecurityJWTIT {
private static final String DEFAULT_SERVER_HOST = "http://localhost:8080";

private String getProviderURl() {
final String serverHost = System.getProperty("server.host");
return "remote+" + (serverHost != null ? serverHost : DEFAULT_SERVER_HOST);
}

@Test
public void testRegular() throws NamingException {
AuthenticationContext.getContextManager().setThreadDefault(null);
JWTSecurityEJBRemoteA remoteA = RemoteEJBClient.lookupEJBRemoteA(true, getProviderURl());
Assert.assertEquals("quickstartuser", remoteA.principal().toLowerCase());
Assert.assertTrue(remoteA.inRole("user"));
Assert.assertFalse(remoteA.inRole("admin"));
Assert.assertTrue(remoteA.inRoleFromB("user", true));
Assert.assertFalse(remoteA.inRoleFromB("admin", true));
}

@Test
public void testAdmin() throws IOException, NamingException {
RemoteEJBClient.switchToAdmin();
JWTSecurityEJBRemoteA remoteA = RemoteEJBClient.lookupEJBRemoteA(true, getProviderURl());
Assert.assertEquals("admin", remoteA.principal().toLowerCase());
Assert.assertTrue(remoteA.inRole("user"));
Assert.assertTrue(remoteA.inRole("admin"));
Assert.assertTrue(remoteA.inRoleFromB("user", true));
Assert.assertTrue(remoteA.inRoleFromB("admin", true));
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>

<!--
~ JBoss, Home of Professional Open Source.
~ Copyright 2023 Red Hat, Inc., and individual contributors
~ as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

<configuration>
<authentication-client xmlns="urn:elytron:client:1.7">
<authentication-rules>
<rule use-configuration="default" />
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<sasl-mechanism-selector selector="OAUTHBEARER" />
<credentials>
<oauth2-bearer-token token-endpoint-uri="http://localhost:8180/realms/jwt-realm/protocol/openid-connect/token">
<resource-owner-credentials name="quickstartUser">
<credential-store-reference clear-text="quickstartPwd1!" />
</resource-owner-credentials>
<client-credentials client-id="app" client-secret="secret"/>
</oauth2-bearer-token>
</credentials>
</configuration>
</authentication-configurations>
</authentication-client>
</configuration>

0 comments on commit 1bfa686

Please sign in to comment.