[keycloak-user] Arquillian / Remote Container / EJB Security

Lauer Markus Markus.Lauer at co-met.info
Wed Mar 23 10:15:12 EDT 2016 

Am Mittwoch, den 23.03.2016, 15:01 +0100 schrieb Marek Posolda:
> We have some example here :
> http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#jboss-adapter .
> 
> Then if there is possibility to somehow access JAAS Subject or
> Principal from the JAAS authentication inside EJB (which I hope it
> is), you can just cast the principal to KeycloakPrincipal and retrieve
> the accessToken from it.
> 
> Marek
> 


Hi Marek,

I think I understood the EJB part and it is working as expected:
@RolesAllowed methods are secured and I can access them after the normal
Keycloak browser login, if user has appropriate role. 

My question was how to do the login for automated testing with
Arquillian, so that the test methods can access the secured EJB methods.

One solution is described here (@RunAs solution):
https://samaxes.com/2014/11/test-javaee-security-with-arquillian/

What I need instead is a user login, so that the current principal/user
has all his roles... 



> On 23/03/16 13:01, Lauer Markus wrote:
> 
> > Hello,
> > 
> > We'd like to access secured EJBs (@RolesAllowed) from Arquillian tests.
> > 
> > While it is no problem to get a valid access token, we stuck at howto
> > "inject" the token into the session to actual access the secured EJBs.
> > 
> > Is it possible to use the JAAS LoginModule (LoginContext etc.) for this?
> > 
> > Can someone provide an example?
> > 
> > Please note: There is a solution with @RunAs. But this only allows to
> > specify one role at once.
> > 
> > 
> > Regards,
> > 
> > Markus.
> > 
> > 
> > ________________________________
> > 
> > Zum Lesen der rechtlichen Hinweise dieser Mail, kopieren Sie bitte die aufgeführte URL in Ihren Browser oder folgen Sie dem Link.
> > 
> > http://disclaimer.tec-saar.de/co-met.htm
> > 
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> +----------------------------------------------------------------------+
> | SecureMail Gateway                                                   |
> | Ein Dienst für EMail Signatur und Verschluesselung                   |
> | Zur Verfuegung gestellt von VVS-KONZERN                              |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4628 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160323/ad042834/attachment-0001.bin

More information about the keycloak-user mailing list