Skip to content

Commit

Permalink
Implement test for OIDC filtered client (quarkus-qe#1513)
Browse files Browse the repository at this point in the history
* Implement test for OIDC filtered client

Test for quarkusio/quarkus#36459 and quarkusio/quarkus#36501

* Resolve ambiguous accessTokenRequest

* Add OIDC FilteredToken test to reactive
  • Loading branch information
mocenas authored and michalvavrik committed Nov 21, 2023
1 parent e33a6a1 commit 262b1e2
Show file tree
Hide file tree
Showing 16 changed files with 247 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,14 @@
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;

import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.oidc.token.propagation.AccessToken;
import io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.model.Score;
import io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.filters.DefaultTokenRequestFilter;

@RegisterRestClient
@AccessToken
@RegisterProvider(DefaultTokenRequestFilter.class)
@Path("/rest-pong")
public interface TokenPropagationPongClient {

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.filters;

import io.quarkus.oidc.token.propagation.AccessTokenRequestFilter;

public class CustomTokenRequestFilter extends AccessTokenRequestFilter {
@Override
protected String getClientName() {
return "exchange-token";
}

@Override
protected boolean isExchangeToken() {
return true;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.filters;

import io.quarkus.oidc.token.propagation.AccessTokenRequestFilter;

/**
* This class is required for
* {@link io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.clients.TokenPropagationPongClient}
* It would not be required normally, but having {@link CustomTokenRequestFilter} causes AmbiguousResolutionException when
* getting a default filter.
* So this class is necessary to have unambiguous filter for TokenPropagatingPongClient.
* TODO: remove once issue is solved https://github.com/quarkusio/quarkus/issues/36994
*/
public class DefaultTokenRequestFilter extends AccessTokenRequestFilter {
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.principal;

import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import org.eclipse.microprofile.rest.client.inject.RestClient;

import io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.principal.clients.TokenPropagationFilteredClient;

@Path("/token-propagation-filter")
public class FilteredTokenResource {

@Inject
@RestClient
TokenPropagationFilteredClient tokenPropagationFilterClient;

@GET
public String getUserName() {
return tokenPropagationFilterClient.getUserName();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.principal;

import java.security.Principal;

import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import io.quarkus.security.Authenticated;

@Path("/principal")
@Authenticated
public class PrincipalResource {

@Inject
Principal principal;

@GET
public String principalName() {
return principal.getName();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.principal.clients;

import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.filters.CustomTokenRequestFilter;

@RegisterRestClient
@RegisterClientHeaders
@Path("/principal")
@RegisterProvider(CustomTokenRequestFilter.class)
public interface TokenPropagationFilteredClient {

@GET
String getUserName();
}
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,13 @@ quarkus.oidc-client.test-user.grant.type=password
quarkus.oidc-client.test-user.grant-options.password.username=test-user
quarkus.oidc-client.test-user.grant-options.password.password=test-user


## Exchange token client
quarkus.oidc-client.exchange-token.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.exchange-token.client-id=test-application-client
quarkus.oidc-client.exchange-token.credentials.secret=test-application-client-secret
quarkus.oidc-client.exchange-token.grant.type=exchange

# RestClient
io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.clients.PongClient/mp-rest/url=http://localhost:${quarkus.http.port}
io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.clients.PongClient/mp-rest/scope=jakarta.inject.Singleton
Expand All @@ -38,5 +45,7 @@ io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.clients.Auto

io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.ping.clients.TokenPropagationPongClient/mp-rest/url=http://localhost:${quarkus.http.port}

io.quarkus.ts.security.keycloak.oidcclient.extended.restclient.principal.clients.TokenPropagationFilteredClient/mp-rest/url=http://localhost:${quarkus.http.port}

#OpenAPI
quarkus.smallrye-openapi.store-schema-directory=target/generated/jakarta-rest/
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.quarkus.ts.security.keycloak.oidcclient.extended.restclient;

import static io.restassured.RestAssured.given;
import static org.hamcrest.CoreMatchers.containsString;

import org.apache.http.HttpStatus;
import org.junit.jupiter.api.Test;

import io.quarkus.test.scenarios.QuarkusScenario;

@QuarkusScenario
public class TokenPropagationFilterIT extends BaseOidcIT {

@Test
public void usernameTest() {
given()
.auth().oauth2(createToken())
.when().get("/token-propagation-filter")
.then().statusCode(HttpStatus.SC_OK)
.body(containsString(USER));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.oidc.token.propagation.reactive.AccessTokenRequestReactiveFilter;
import io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.model.Score;
import io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.filters.DefaultTokenRequestFilter;

@RegisterRestClient
@RegisterProvider(AccessTokenRequestReactiveFilter.class)
@RegisterProvider(DefaultTokenRequestFilter.class)
@Path("/rest-pong")
public interface TokenPropagationPongClient {

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.filters;

import io.quarkus.oidc.token.propagation.reactive.AccessTokenRequestReactiveFilter;

public class CustomTokenRequestFilter extends AccessTokenRequestReactiveFilter {
@Override
protected String getClientName() {
return "exchange-token";
}

@Override
protected boolean isExchangeToken() {
return true;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.filters;

import io.quarkus.oidc.token.propagation.reactive.AccessTokenRequestReactiveFilter;

/**
* TODO: remove once issue is solved https://github.com/quarkusio/quarkus/issues/36994
*/
public class DefaultTokenRequestFilter extends AccessTokenRequestReactiveFilter {
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.principal;

import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import org.eclipse.microprofile.rest.client.inject.RestClient;

import io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.principal.clients.TokenPropagationFilteredClient;

@Path("/token-propagation-filter")
public class FilteredTokenResource {

@Inject
@RestClient
TokenPropagationFilteredClient tokenPropagationFilterClient;

@GET
public String getUserName() {
return tokenPropagationFilterClient.getUserName();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.principal;

import java.security.Principal;

import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import io.quarkus.security.Authenticated;

@Path("/principal")
@Authenticated
public class PrincipalResource {

@Inject
Principal principal;

@GET
public String principalName() {
return principal.getName();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.principal.clients;

import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

import org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.filters.CustomTokenRequestFilter;

@RegisterRestClient
@RegisterClientHeaders
@Path("/principal")
@RegisterProvider(CustomTokenRequestFilter.class)
public interface TokenPropagationFilteredClient {

@GET
String getUserName();
}
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ quarkus.oidc-client.test-user.grant.type=password
quarkus.oidc-client.test-user.grant-options.password.username=test-user
quarkus.oidc-client.test-user.grant-options.password.password=test-user

## Exchange token client
quarkus.oidc-client.exchange-token.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.exchange-token.client-id=test-application-client
quarkus.oidc-client.exchange-token.credentials.secret=test-application-client-secret
quarkus.oidc-client.exchange-token.grant.type=exchange

# RestClient
io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.clients.PongClient/mp-rest/url=http://localhost:${quarkus.http.port}
io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.clients.PongClient/mp-rest/scope=jakarta.inject.Singleton
Expand All @@ -38,5 +44,7 @@ io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.clients.AutoAc

io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.ping.clients.TokenPropagationPongClient/mp-rest/url=http://localhost:${quarkus.http.port}

io.quarkus.ts.security.keycloak.oidcclient.reactive.extended.principal.clients.TokenPropagationFilteredClient/mp-rest/url=http://localhost:${quarkus.http.port}

#OpenAPI
quarkus.smallrye-openapi.store-schema-directory=target/generated/jakarta-rest/
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.quarkus.ts.security.keycloak.oidcclient.reactive.extended;

import static io.restassured.RestAssured.given;
import static org.hamcrest.CoreMatchers.containsString;

import org.apache.http.HttpStatus;
import org.junit.jupiter.api.Test;

import io.quarkus.test.scenarios.QuarkusScenario;

@QuarkusScenario
public class TokenPropagationFilterIT extends BaseOidcIT {

@Test
public void usernameTest() {
given()
.auth().oauth2(createToken())
.when().get("/token-propagation-filter")
.then().statusCode(HttpStatus.SC_OK)
.body(containsString(USER));
}
}

0 comments on commit 262b1e2

Please sign in to comment.