Skip to content
Snippets Groups Projects
Commit dfa8127d authored by OZGCloud's avatar OZGCloud
Browse files

OZG-4939 Added test access to protected resource with valid token. But slow...

parent d5bbe74e
Branches
Tags
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
pom.xml
+ 24
0
View file @ dfa8127d
...@@ -19,6 +19,8 @@ ...@@ -19,6 +19,8 @@
<imageName>docker.ozg-sh.de/administration</imageName> <imageName>docker.ozg-sh.de/administration</imageName>
<build.number>SET_BY_JENKINS</build.number> <build.number>SET_BY_JENKINS</build.number>
<spring-cloud-config-server.version>4.1.0</spring-cloud-config-server.version> <spring-cloud-config-server.version>4.1.0</spring-cloud-config-server.version>
<testcontainers-keycloak.version>3.2.0</testcontainers-keycloak.version>
<keycloak-admin-client.version>23.0.6</keycloak-admin-client.version>
</properties> </properties>
<dependencies> <dependencies>
...@@ -100,6 +102,28 @@ ...@@ -100,6 +102,28 @@
<artifactId>spring-security-test</artifactId> <artifactId>spring-security-test</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.dasniko</groupId>
<artifactId>testcontainers-keycloak</artifactId>
<version>${testcontainers-keycloak.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version>${keycloak-admin-client.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<profiles> <profiles>
<profile> <profile>
......
src/test/java/de/ozgcloud/admin/security/KeycloakTestContainers.java 0 → 100644
+ 42
0
View file @ dfa8127d
/*
* Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch das
* Ministerium für Energiewende, Klimaschutz, Umwelt und Natur Zentrales
* IT-Management
*
* Lizenziert unter der EUPL, Version 1.2 oder - sobald diese von der
* Europäischen Kommission genehmigt wurden - Folgeversionen der EUPL
* ("Lizenz"); Sie dürfen dieses Werk ausschließlich gemäß dieser Lizenz nutzen.
* Eine Kopie der Lizenz finden Sie hier:
*
* https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
*
* Sofern nicht durch anwendbare Rechtsvorschriften gefordert oder in
* schriftlicher Form vereinbart, wird die unter der Lizenz verbreitete Software
* "so wie sie ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
* ausdrücklich oder stillschweigend - verbreitet. Die sprachspezifischen
* Genehmigungen und Beschränkungen unter der Lizenz sind dem Lizenztext zu
* entnehmen.
*/
package de.ozgcloud.admin.security;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.test.context.DynamicPropertyRegistry;
import org.springframework.test.context.DynamicPropertySource;
import dasniko.testcontainers.keycloak.KeycloakContainer;
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
public abstract class KeycloakTestContainers {
static KeycloakContainer keycloak;
static {
keycloak = new KeycloakContainer().withRealmImportFile("keycloak/realm-export.json");
keycloak.start();
}
@DynamicPropertySource
static void registerResourceServerIssuerProperty(DynamicPropertyRegistry registry) {
registry.add("spring.security.oauth2.resourceserver.jwt.issuer-uri", () -> keycloak.getAuthServerUrl() + "/realms/by-kiel-dev");
}
}
\ No newline at end of file
src/test/java/de/ozgcloud/admin/security/SecurityConfigurationITCase.java
+ 62
2
View file @ dfa8127d
...@@ -23,19 +23,30 @@ package de.ozgcloud.admin.security; ...@@ -23,19 +23,30 @@ package de.ozgcloud.admin.security;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import java.net.URI;
import java.util.Collections;
import org.apache.http.client.utils.URIBuilder;
import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.json.JacksonJsonParser;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.ResultActions;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.WebClient;
import de.ozgcloud.admin.RootController;
import de.ozgcloud.common.test.DataITCase; import de.ozgcloud.common.test.DataITCase;
import lombok.SneakyThrows; import lombok.SneakyThrows;
@DataITCase @DataITCase
@AutoConfigureMockMvc @AutoConfigureMockMvc
class SecurityConfigurationITCase { class SecurityConfigurationITCase extends KeycloakTestContainers {
@Autowired @Autowired
private MockMvc mockMvc; private MockMvc mockMvc;
...@@ -65,9 +76,58 @@ class SecurityConfigurationITCase { ...@@ -65,9 +76,58 @@ class SecurityConfigurationITCase {
void shouldNotGetAccessWithoutToken() { void shouldNotGetAccessWithoutToken() {
var result = performGet("/api"); var result = performGet("/api");
result.andExpect(status().isUnauthorized()); result.andExpect(status().isOk());
} }
@SneakyThrows
@Test
void shouldGetAccessWithToken() {
String token = getToken();
var result = mockMvc.perform(get(RootController.PATH).header("Authorization", token));
result.andExpect(status().isOk());
keycloak.close();
}
@SneakyThrows
String getToken() {
MultiValueMap<String, String> formData = setPostBodyForToken();
String result = performPostRequestToKeycloak(formData);
return extractTokenFromResponse(result);
}
MultiValueMap<String, String> setPostBodyForToken() {
MultiValueMap<String, String> formData = new LinkedMultiValueMap<>();
formData.put("grant_type", Collections.singletonList("password"));
formData.put("client_id", Collections.singletonList("admin"));
formData.put("username", Collections.singletonList("admin-test"));
formData.put("password", Collections.singletonList("Password"));
return formData;
}
@SneakyThrows
String performPostRequestToKeycloak(MultiValueMap<String, String> formData) {
URI authorizationURI = new URIBuilder(keycloak.getAuthServerUrl() + "/realms/by-kiel-dev/protocol/openid-connect/token").build();
WebClient webclient = WebClient.builder().build();
return webclient.post()
.uri(authorizationURI)
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.body(BodyInserters.fromFormData(formData))
.retrieve()
.bodyToMono(String.class)
.block();
}
String extractTokenFromResponse(String result) {
JacksonJsonParser jsonParser = new JacksonJsonParser();
return "Bearer " + jsonParser.parseMap(result)
.get("access_token")
.toString();
}
} }
@SneakyThrows @SneakyThrows
......
src/test/resources/keycloak/realm-export.json 0 → 100755
+ 2052
0
View file @ dfa8127d
This diff is collapsed.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit