9:28 a.m.
Am Mittwoch, den 23.03.2016, 14:15 +0000 schrieb Lauer Markus:
Am Mittwoch, den 23.03.2016, 15:01 +0100 schrieb Marek Posolda:
> We have some example here :
>
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#j... .
>
> Then if there is possibility to somehow access JAAS Subject or
> Principal from the JAAS authentication inside EJB (which I hope it
> is), you can just cast the principal to KeycloakPrincipal and retrieve
> the accessToken from it.
>
> Marek
>
Hi Marek,
I think I understood the EJB part and it is working as expected:
@RolesAllowed methods are secured and I can access them after the normal
Keycloak browser login, if user has appropriate role.
My question was how to do the login for automated testing with
Arquillian, so that the test methods can access the secured EJB methods.
One solution is described here (@RunAs solution):
https://samaxes.com/2014/11/test-javaee-security-with-arquillian/
What I need instead is a user login, so that the current principal/user
has all his roles...
I'm looking for s/th like this:
https://developer.jboss.org/wiki/TestingSecuredEJBsOnWildFly81xWithArquil...
This could possibly be combined with:
https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#...
org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule
But I can not change the "keycloak" security-domain for testing...
> On 23/03/16 13:01, Lauer Markus wrote:
>
> > Hello,
> >
> > We'd like to access secured EJBs (@RolesAllowed) from Arquillian tests.
> >
> > While it is no problem to get a valid access token, we stuck at howto
> > "inject" the token into the session to actual access the secured
EJBs.
> >
> > Is it possible to use the JAAS LoginModule (LoginContext etc.) for this?
> >
> > Can someone provide an example?
> >
> > Please note: There is a solution with @RunAs. But this only allows to
> > specify one role at once.
> >
> >
> > Regards,
> >
> > Markus.
> >
> >
> > ________________________________
> >
> > Zum Lesen der rechtlichen Hinweise dieser Mail, kopieren Sie bitte die
aufgeführte URL in Ihren Browser oder folgen Sie dem Link.
> >
> > http://disclaimer.tec-saar.de/co-met.htm
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> +----------------------------------------------------------------------+
> | SecureMail Gateway |
> | Ein Dienst für EMail Signatur und Verschluesselung |
> | Zur Verfuegung gestellt von VVS-KONZERN |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+
>
+----------------------------------------------------------------------+
| SecureMail Gateway |
| Ein Dienst fr EMail Signatur und Verschluesselung |
| Zur Verfuegung gestellt von VVS-KONZERN |
+----------------------------------------------------------------------+
| - Die Nachricht war weder verschluesselt noch digital unterschrieben |
+----------------------------------------------------------------------+
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
+----------------------------------------------------------------------+
| SecureMail Gateway |
| Ein Dienst fr EMail Signatur und Verschluesselung |
| Zur Verfuegung gestellt von VVS-KONZERN |
+----------------------------------------------------------------------+
| - Die Nachricht war weder verschluesselt noch digital unterschrieben |
+----------------------------------------------------------------------+