[keycloak-user] Arquillian / Remote Container / EJB Security

Wed Mar 23 10:28:41 EDT 2016

Am Mittwoch, den 23.03.2016, 14:15 +0000 schrieb Lauer Markus:
> Am Mittwoch, den 23.03.2016, 15:01 +0100 schrieb Marek Posolda:
> > We have some example here :
> 
> > http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#jboss-adapter .
> 
> > 
> 
> > Then if there is possibility to somehow access JAAS Subject or
> 
> > Principal from the JAAS authentication inside EJB (which I hope it
> 
> > is), you can just cast the principal to KeycloakPrincipal and retrieve
> 
> > the accessToken from it.
> 
> > 
> 
> > Marek
> 
> > 
> 
> 
> 
> Hi Marek,
> 
> I think I understood the EJB part and it is working as expected:
> @RolesAllowed methods are secured and I can access them after the normal
> Keycloak browser login, if user has appropriate role. 
> 
> My question was how to do the login for automated testing with
> Arquillian, so that the test methods can access the secured EJB methods.
> 
> One solution is described here (@RunAs solution):
> https://samaxes.com/2014/11/test-javaee-security-with-arquillian/
> 
> What I need instead is a user login, so that the current principal/user
> has all his roles... 
> 
> 

I'm looking for s/th like this: 
https://developer.jboss.org/wiki/TestingSecuredEJBsOnWildFly81xWithArquillian

This could possibly be combined with:
https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#jaas-adapter

org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule

But I can not change the "keycloak" security-domain for testing...

> 
> > On 23/03/16 13:01, Lauer Markus wrote:
> 
> > 
> 
> > > Hello,
> 
> > > 
> 
> > > We'd like to access secured EJBs (@RolesAllowed) from Arquillian tests.
> 
> > > 
> 
> > > While it is no problem to get a valid access token, we stuck at howto
> 
> > > "inject" the token into the session to actual access the secured EJBs.
> 
> > > 
> 
> > > Is it possible to use the JAAS LoginModule (LoginContext etc.) for this?
> 
> > > 
> 
> > > Can someone provide an example?
> 
> > > 
> 
> > > Please note: There is a solution with @RunAs. But this only allows to
> 
> > > specify one role at once.
> 
> > > 
> 
> > > 
> 
> > > Regards,
> 
> > > 
> 
> > > Markus.
> 
> > > 
> 
> > > 
> 
> > > ________________________________
> 
> > > 
> 
> > > Zum Lesen der rechtlichen Hinweise dieser Mail, kopieren Sie bitte die aufgeführte URL in Ihren Browser oder folgen Sie dem Link.
> 
> > > 
> 
> > > http://disclaimer.tec-saar.de/co-met.htm
> 
> > > 
> 
> > > 
> 
> > > _______________________________________________
> 
> > > keycloak-user mailing list
> 
> > > keycloak-user at lists.jboss.org
> 
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> > 
> 
> > 
> 
> > +----------------------------------------------------------------------+
> 
> > | SecureMail Gateway                                                   |
> 
> > | Ein Dienst für EMail Signatur und Verschluesselung                   |
> 
> > | Zur Verfuegung gestellt von VVS-KONZERN                              |
> 
> > +----------------------------------------------------------------------+
> 
> > | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> 
> > +----------------------------------------------------------------------+
> 
> > 
> 
> 
> 
> +----------------------------------------------------------------------+
> | SecureMail Gateway                                                   |
> | Ein Dienst fr EMail Signatur und Verschluesselung                   |
> | Zur Verfuegung gestellt von VVS-KONZERN                              |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> +----------------------------------------------------------------------+
> | SecureMail Gateway                                                   |
> | Ein Dienst fr EMail Signatur und Verschluesselung                   |
> | Zur Verfuegung gestellt von VVS-KONZERN                              |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4628 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160323/20fa5bbb/attachment.bin 