[keycloak-user] Automated testing for keycloak secured applications
Stian Thorgersen
sthorger at redhat.com
Thu Dec 17 08:07:42 EST 2015
Personally I'd go for using a full Keycloak server. Arquillian can
start/stop it alongside your WildFly container (if that's what you're
deploying your apps to). Or you can also use MVN to unzip and start a KC
server.
On 15 December 2015 at 17:25, Orestis Tsakiridis <
orestis.tsakiridis at telestax.com> wrote:
> Thanks Bob, that might be the way to go.
>
> Will definitely try it.
>
>
>
> On Tue, Dec 15, 2015 at 6:15 PM, Bob McWhirter <bmcwhirt at redhat.com>
> wrote:
>
>> Let me suggest the WildFly Swarm Keycloak Server.
>>
>> We use it in testing secured Swarm apps.
>>
>> It’s an executable .jar with maven coordinates, and can be executed with
>> the maven-exec-plugin in your pre-integration-test phase, or you can use
>> the wildfly-swarm-plugin to start/stop it.
>>
>> See here for an example:
>>
>>
>> https://github.com/wildfly-swarm/wildfly-swarm-examples/blob/master/ribbon-secured/test/pom.xml#L117-L140
>>
>> We’ll document this better shortly.
>>
>> -Bob
>>
>> On Tue, Dec 15, 2015 at 11:11 AM, Orestis Tsakiridis <
>> orestis.tsakiridis at telestax.com> wrote:
>>
>>> I see.
>>>
>>> So, i'll need to have a separate working keycloak server available for
>>> testing. No workarounds. Did i got this right ?
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Dec 15, 2015 at 6:00 PM, Bill Burke <bburke at redhat.com> wrote:
>>>
>>>>
>>>>
>>>> On 12/15/2015 10:54 AM, Orestis Tsakiridis wrote:
>>>> > Hello,
>>>> >
>>>> > I try to build automated tests for a keycloak secured REST
>>>> application.
>>>> > I plan to use arquilian as a test platform.
>>>> >
>>>> > Do i need to have a working keycloak server to be used in the tests ?
>>>> > Or is it possible to embed keycloak in the temporary deployment
>>>> created
>>>> > by arquilian?
>>>> >
>>>>
>>>> That's a real good point. Not sure how we are tackling this.
>>>>
>>>> > Btw, my endpoints don't use web.xml based security rules. I instead
>>>> use
>>>> >
>>>> > RSATokenVerifier.verifyToken() to manually verify the token.
>>>> >
>>>> > Thus, i suppose that being able to manually create auth tokens from my
>>>> > test cases (and not relying on a keycloak server) would also work.
>>>> >
>>>>
>>>> FYI, Keycloak client adapters do have a filter implementations now that
>>>> you can use.
>>>>
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151217/9f8404f6/attachment.html
More information about the keycloak-user
mailing list