[keycloak-user] Arquillian / Remote Container / EJB Security
Lauer Markus
Markus.Lauer at co-met.info
Wed Mar 23 10:28:41 EDT 2016
Am Mittwoch, den 23.03.2016, 14:15 +0000 schrieb Lauer Markus:
> Am Mittwoch, den 23.03.2016, 15:01 +0100 schrieb Marek Posolda:
> > We have some example here :
>
> > http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#jboss-adapter .
>
> >
>
> > Then if there is possibility to somehow access JAAS Subject or
>
> > Principal from the JAAS authentication inside EJB (which I hope it
>
> > is), you can just cast the principal to KeycloakPrincipal and retrieve
>
> > the accessToken from it.
>
> >
>
> > Marek
>
> >
>
>
>
> Hi Marek,
>
> I think I understood the EJB part and it is working as expected:
> @RolesAllowed methods are secured and I can access them after the normal
> Keycloak browser login, if user has appropriate role.
>
> My question was how to do the login for automated testing with
> Arquillian, so that the test methods can access the secured EJB methods.
>
> One solution is described here (@RunAs solution):
> https://samaxes.com/2014/11/test-javaee-security-with-arquillian/
>
> What I need instead is a user login, so that the current principal/user
> has all his roles...
>
>
I'm looking for s/th like this:
https://developer.jboss.org/wiki/TestingSecuredEJBsOnWildFly81xWithArquillian
This could possibly be combined with:
https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#jaas-adapter
org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule
But I can not change the "keycloak" security-domain for testing...
>
> > On 23/03/16 13:01, Lauer Markus wrote:
>
> >
>
> > > Hello,
>
> > >
>
> > > We'd like to access secured EJBs (@RolesAllowed) from Arquillian tests.
>
> > >
>
> > > While it is no problem to get a valid access token, we stuck at howto
>
> > > "inject" the token into the session to actual access the secured EJBs.
>
> > >
>
> > > Is it possible to use the JAAS LoginModule (LoginContext etc.) for this?
>
> > >
>
> > > Can someone provide an example?
>
> > >
>
> > > Please note: There is a solution with @RunAs. But this only allows to
>
> > > specify one role at once.
>
> > >
>
> > >
>
> > > Regards,
>
> > >
>
> > > Markus.
>
> > >
>
> > >
>
> > > ________________________________
>
> > >
>
> > > Zum Lesen der rechtlichen Hinweise dieser Mail, kopieren Sie bitte die aufgeführte URL in Ihren Browser oder folgen Sie dem Link.
>
> > >
>
> > > http://disclaimer.tec-saar.de/co-met.htm
>
> > >
>
> > >
>
> > > _______________________________________________
>
> > > keycloak-user mailing list
>
> > > keycloak-user at lists.jboss.org
>
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> >
>
> >
>
> > +----------------------------------------------------------------------+
>
> > | SecureMail Gateway |
>
> > | Ein Dienst für EMail Signatur und Verschluesselung |
>
> > | Zur Verfuegung gestellt von VVS-KONZERN |
>
> > +----------------------------------------------------------------------+
>
> > | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
>
> > +----------------------------------------------------------------------+
>
> >
>
>
>
> +----------------------------------------------------------------------+
> | SecureMail Gateway |
> | Ein Dienst fr EMail Signatur und Verschluesselung |
> | Zur Verfuegung gestellt von VVS-KONZERN |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> +----------------------------------------------------------------------+
> | SecureMail Gateway |
> | Ein Dienst fr EMail Signatur und Verschluesselung |
> | Zur Verfuegung gestellt von VVS-KONZERN |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4628 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160323/20fa5bbb/attachment.bin
More information about the keycloak-user
mailing list