[keycloak-user] Arquillian Remote Container / Secured Webroot

Lauer Markus Markus.Lauer at co-met.info
Wed Mar 23 05:21:48 EDT 2016


Hello,

This problem is not really Keycloak-specific, but maybe someone else
using Keycloak stumbled over this:

A WAR deployment with context-root "/" has a security-constraint as
follows:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>Customers</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
</security-constraint>

Each access to application should be restricted.

Now Arquillian deploys it's testing deployment also to the same webroot
and as a result the tests can not be run. (Can not handle redirect to
Keycloak server.)

Error launching test at
http://0.0.0.0:8080/dd2ff55e-faa7-41fe-b092-8cc14d8ef4ae/ArquillianServletRunner?outputMode=serializedObject&className=some.example.TestClass&methodName=someTest. Got 302 (Found)


I do not want to blacklist all application paths/resources separately
(so that access to arquillian's UUID-named deployment would be
possible), because I'm afraid to forget one path.

Solution could be s/th like get a token via direct access grant and
inject it somehow into arquillian's requests...

How do you handle this?


Regards,

Markus.










________________________________

Zum Lesen der rechtlichen Hinweise dieser Mail, kopieren Sie bitte die aufgeführte URL in Ihren Browser oder folgen Sie dem Link.

http://disclaimer.tec-saar.de/co-met.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4628 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160323/82b698ae/attachment.bin 


More information about the keycloak-user mailing list