diff --git a/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/OidcActivationProcessor.java b/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/OidcActivationProcessor.java
index cc3fefcbad5a..9e1aa31f0a7c 100644
--- a/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/OidcActivationProcessor.java
+++ b/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/OidcActivationProcessor.java
@@ -37,7 +37,7 @@
*/
class OidcActivationProcessor implements DeploymentUnitProcessor {
- private static final String OIDC_AUTH_METHOD = "OIDC";
+ public static final String OIDC_AUTH_METHOD = "OIDC";
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
diff --git a/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/VirtualHttpServerMechanismFactoryNameProcessor.java b/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/VirtualHttpServerMechanismFactoryNameProcessor.java
index acd34829eb3c..9b0cf7570d11 100644
--- a/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/VirtualHttpServerMechanismFactoryNameProcessor.java
+++ b/elytron-oidc-client/src/main/java/org/wildfly/extension/elytron/oidc/VirtualHttpServerMechanismFactoryNameProcessor.java
@@ -18,6 +18,7 @@
import org.jboss.as.server.security.AdvancedSecurityMetaData;
import org.jboss.as.server.security.SecurityMetaData;
import org.jboss.as.web.common.WarMetaData;
+import org.jboss.metadata.web.spec.LoginConfigMetaData;
import org.jboss.msc.service.ServiceName;
/**
@@ -35,8 +36,12 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro
if (warMetaData == null) {
return;
}
+
+ LoginConfigMetaData loginConfig = warMetaData.getMergedJBossWebMetaData().getLoginConfig();
SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
- if (securityMetaData != null && isVirtualMechanismFactoryRequired(deploymentUnit)) {
+ if (securityMetaData != null
+ && (loginConfig != null && OidcActivationProcessor.OIDC_AUTH_METHOD.equals(loginConfig.getAuthMethod()))
+ && isVirtualMechanismFactoryRequired(deploymentUnit)) {
AdvancedSecurityMetaData advancedSecurityMetaData = new AdvancedSecurityMetaData();
advancedSecurityMetaData.setHttpServerAuthenticationMechanismFactory(virtualMechanismFactoryName(deploymentUnit));
ServiceName virtualDomainName = virtualDomainName(deploymentUnit);
diff --git a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/OidcBaseTest.java b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/OidcBaseTest.java
index d98885ec98db..d30a349dd830 100644
--- a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/OidcBaseTest.java
+++ b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/OidcBaseTest.java
@@ -18,16 +18,19 @@
import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2;
import static org.wildfly.test.integration.elytron.oidc.client.KeycloakConfiguration.ALLOWED_ORIGIN;
+import java.io.File;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
+import static org.apache.http.HttpStatus.SC_OK;
import org.apache.http.NameValuePair;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
@@ -43,6 +46,7 @@
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
+import org.apache.http.util.EntityUtils;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
@@ -52,6 +56,7 @@
import org.jboss.as.test.integration.management.ManagementOperations;
import org.jboss.as.test.integration.security.common.servlets.SimpleSecuredServlet;
import org.jboss.as.test.integration.security.common.servlets.SimpleServlet;
+import org.jboss.as.test.shared.ManagementServerSetupTask;
import org.jboss.as.test.shared.TestSuiteEnvironment;
import org.jboss.as.test.shared.util.AssumeTestGroupUtil;
import org.jboss.as.version.Stability;
@@ -64,6 +69,7 @@
import org.keycloak.representations.idm.RealmRepresentation;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.jose.util.JsonSerialization;
+import org.wildfly.test.integration.elytron.oidc.client.deployment.OidcWithDeploymentConfigTest;
import org.wildfly.test.integration.elytron.oidc.client.subsystem.SimpleServletWithScope;
import io.restassured.RestAssured;
@@ -87,6 +93,8 @@ public abstract class OidcBaseTest {
public static final String AUTH_SERVER_URL_APP = "AuthServerUrlOidcApp";
public static final String WRONG_PROVIDER_URL_APP = "WrongProviderUrlOidcApp";
public static final String WRONG_SECRET_APP = "WrongSecretOidcApp";
+ public static final String FORM_WITH_OIDC_EAR_APP = "FormWithOidcApp";
+ public static final String FORM_WITH_OIDC_OIDC_APP = "oidc";
public static final String DIRECT_ACCCESS_GRANT_ENABLED_CLIENT = "DirectAccessGrantEnabledClient";
public static final String BEARER_ONLY_AUTH_SERVER_URL_APP = "AuthServerUrlBearerOnlyApp";
public static final String BEARER_ONLY_PROVIDER_URL_APP = "ProviderUrlBearerOnlyApp";
@@ -117,6 +125,20 @@ public abstract class OidcBaseTest {
public static final String INVALID_SIGNATURE_ALGORITHM_APP = "InvalidSignatureAlgorithmApp";
public static final String PS_SIGNED_REQUEST_URI_APP = "PsSignedRequestUriApp";
public static final String MISSING_SECRET_APP = "MissingSecretApp";
+ public static final String FORM_USER="user1";
+ public static final String FORM_PASSWORD="password1";
+ protected static final String ERROR_PAGE_CONTENT = "Error!";
+
+ // Avoid problem on windows with path
+ public static final String USERS_PATH = new File(
+ OidcWithDeploymentConfigTest.class.getResource("users.properties").getFile()).getAbsolutePath()
+ .replace("\\", "/");
+ public static final String ROLES_PATH = new File(
+ OidcWithDeploymentConfigTest.class.getResource("roles.properties").getFile()).getAbsolutePath()
+ .replace("\\", "/");
+ public static final String ORIGINAL_USERS_PATH = "application-users.properties";
+ public static final String ORIGINAL_ROLES_PATH = "application-roles.properties";
+ public static final String RELATIVE_TO = "jboss.server.config.dir";
private final Stability desiredStability;
@@ -493,6 +515,71 @@ public void testOpenIDWithMissingSecretHmacSigningAlgorithm() throws Exception {
"/" + MISSING_SECRET_APP + SimpleSecuredServlet.SERVLET_PATH).toURI(), true);
}
+ @Test
+ @OperateOnDeployment(FORM_WITH_OIDC_EAR_APP)
+ public void testFormWithOidc() throws Exception {
+ // oidc login
+ // EAR declares context-root to be oidc
+ loginToApp(FORM_WITH_OIDC_OIDC_APP,
+ org.wildfly.test.integration.elytron.oidc.client.KeycloakConfiguration.ALICE,
+ org.wildfly.test.integration.elytron.oidc.client.KeycloakConfiguration.ALICE_PASSWORD,
+ HttpURLConnection.HTTP_OK, SimpleServlet.RESPONSE_BODY);
+
+ // login with Form wfly user acct
+ testFormCredentials();
+ }
+ private void testFormCredentials() throws Exception {
+ URI requestUri = new URI("http://"+CLIENT_HOST_NAME+":"+CLIENT_PORT
+ +"/form"+"/"+SimpleSecuredServlet.class.getSimpleName()
+ +"/j_security_check");
+ HttpClient httpClient = HttpClients.createDefault();
+ HttpPost getMethod = new HttpPost(requestUri);
+
+ List nvps = new ArrayList();
+ nvps.add(new BasicNameValuePair("j_username", FORM_USER));
+ nvps.add(new BasicNameValuePair("j_password", FORM_PASSWORD));
+
+ getMethod.setEntity(new UrlEncodedFormEntity(nvps, StandardCharsets.UTF_8));
+
+ HttpResponse response = httpClient.execute(getMethod);
+ int statusCode = response.getStatusLine().getStatusCode();
+ assertTrue("Expected code == OK but got " + statusCode +
+ " for request=" + requestUri, statusCode == HttpURLConnection.HTTP_MOVED_TEMP);
+ }
+
+ @Test
+ @OperateOnDeployment(FORM_WITH_OIDC_EAR_APP)
+ public void testInvalidFormWithOidcCredentials() throws Exception {
+ // login with Form wfly user acct
+ testInvalidFormCredentials();
+ // oidc login
+ // EAR declares context-root to be oidc
+ loginToApp(FORM_WITH_OIDC_OIDC_APP,
+ org.wildfly.test.integration.elytron.oidc.client.KeycloakConfiguration.ALICE,
+ "WRONG_PASSWORD", HttpURLConnection.HTTP_OK, "Invalid username or password");
+ }
+ public void testInvalidFormCredentials() throws Exception {
+ URI requestUri = new URI("http://"+CLIENT_HOST_NAME+":"+CLIENT_PORT
+ +"/form"+"/"+SimpleSecuredServlet.class.getSimpleName()
+ +"/j_security_check");
+ HttpClient httpClient = HttpClients.createDefault();
+ HttpPost getMethod = new HttpPost(requestUri);
+
+ List nvps = new ArrayList();
+ nvps.add(new BasicNameValuePair("j_username", "Not"+FORM_USER));
+ nvps.add(new BasicNameValuePair("j_password", "Not"+FORM_PASSWORD));
+
+ getMethod.setEntity(new UrlEncodedFormEntity(nvps, StandardCharsets.UTF_8));
+
+ HttpResponse response = httpClient.execute(getMethod);
+ int statusCode = response.getStatusLine().getStatusCode();
+ assertEquals("For request=" + requestUri +" Unexpected status code in HTTP response.",
+ SC_OK, statusCode );
+ String errorMsg = EntityUtils.toString(response.getEntity());
+ assertTrue("Expected HTTP response to contain " + ERROR_PAGE_CONTENT
+ + " response msg is: " + errorMsg, errorMsg.contains(ERROR_PAGE_CONTENT));
+ }
+
public static void loginToApp(String appName, String username, String password, int expectedStatusCode, String expectedText) throws Exception {
loginToApp(username, password, expectedStatusCode, expectedText, true,
new URL("http", TestSuiteEnvironment.getHttpAddress(), TestSuiteEnvironment.getHttpPort(),
@@ -886,4 +973,35 @@ protected static void addSystemProperty(ManagementClien
add.get(VALUE).set(clazz.getName());
ManagementOperations.executeOperation(client.getControllerClient(), add);
}
+
+ public static class WildFlyServerSetupTask extends ManagementServerSetupTask {
+ public WildFlyServerSetupTask() {
+ super(createContainerConfigurationBuilder()
+ .setupScript(createScriptBuilder()
+ .startBatch()
+ .add(String.format("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.path,value=\"%s\")",
+ USERS_PATH))
+ .add("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.plain-text,value=true)")
+ .add("/subsystem=elytron/properties-realm=ApplicationRealm:undefine-attribute(name=users-properties.relative-to)")
+ .add(String.format("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=groups-properties.path,value=\"%s\")",
+ ROLES_PATH))
+ .add("/subsystem=elytron/properties-realm=ApplicationRealm:undefine-attribute(name=groups-properties.relative-to)")
+ .endBatch()
+ .build())
+ .tearDownScript(createScriptBuilder()
+ .startBatch()
+ .add(String.format("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.path,value=\"%s\")",
+ ORIGINAL_USERS_PATH))
+ .add(String.format("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=users-properties.relative-to,value=\"%s\")",
+ RELATIVE_TO))
+ .add("/subsystem=elytron/properties-realm=ApplicationRealm:undefine-attribute(name=users-properties.plain-text)")
+ .add(String.format("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=groups-properties.path,value=\"%s\")",
+ ORIGINAL_ROLES_PATH))
+ .add(String.format("/subsystem=elytron/properties-realm=ApplicationRealm:write-attribute(name=groups-properties.relative-to,value=\"%s\")",
+ RELATIVE_TO))
+ .endBatch()
+ .build())
+ .build());
+ }
+ }
}
diff --git a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/OidcWithDeploymentConfigTest.java b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/OidcWithDeploymentConfigTest.java
index f2cc958f4485..2191f5c1606a 100644
--- a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/OidcWithDeploymentConfigTest.java
+++ b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/OidcWithDeploymentConfigTest.java
@@ -31,6 +31,8 @@
import org.jboss.dmr.ModelNode;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.shrinkwrap.api.spec.EnterpriseArchive;
+import org.jboss.shrinkwrap.api.Archive;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.test.integration.elytron.oidc.client.KeycloakConfiguration;
@@ -45,7 +47,9 @@
*/
@RunWith(Arquillian.class)
@RunAsClient
-@ServerSetup({ OidcWithDeploymentConfigTest.PreviewStabilitySetupTask.class, OidcWithDeploymentConfigTest.KeycloakAndSystemPropertySetup.class })
+@ServerSetup({ OidcWithDeploymentConfigTest.PreviewStabilitySetupTask.class,
+ OidcWithDeploymentConfigTest.KeycloakAndSystemPropertySetup.class,
+ OidcBaseTest.WildFlyServerSetupTask.class})
public class OidcWithDeploymentConfigTest extends OidcBaseTest {
private static final String OIDC_PROVIDER_URL = "oidc.provider.url";
@@ -115,6 +119,7 @@ public class OidcWithDeploymentConfigTest extends OidcBaseTest {
APP_NAMES.put(PS_SIGNED_REQUEST_URI_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
APP_NAMES.put(INVALID_SIGNATURE_ALGORITHM_FILE, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
APP_NAMES.put(MISSING_SECRET_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
+ APP_NAMES.put(FORM_WITH_OIDC_OIDC_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
}
public OidcWithDeploymentConfigTest() {
@@ -350,6 +355,39 @@ public static WebArchive createOpenIDWithMissingSecretHmacSigningAlgorithm() {
.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(), MISSING_SECRET_WITH_HMAC_ALGORITHM_FILE, "oidc.json");
}
+ @Deployment(name = FORM_WITH_OIDC_EAR_APP, managed = false, testable = false)
+ public static Archive> createFormWithOidcDeployment() {
+ final EnterpriseArchive ear = ShrinkWrap.create(EnterpriseArchive.class, FORM_WITH_OIDC_EAR_APP+".ear");
+ ear.addAsManifestResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_application.xml", "application.xml");
+
+ final WebArchive form = ShrinkWrap.create(WebArchive.class, "form.war");
+ form.addClasses(SimpleServlet.class);
+ form.addClasses(SimpleSecuredServlet.class);
+ form.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_form_web.xml", "web.xml");
+ form.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_form_jboss-web.xml", "jboss-web.xml");
+ form.addAsWebResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_login.jsp", "login.jsp");
+ form.addAsWebResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_error.jsp", "error.jsp");
+
+ ear.addAsModule(form);
+
+ final WebArchive oidc = ShrinkWrap.create(WebArchive.class, "oidc.war");
+ oidc.addClasses(SimpleServlet.class);
+ oidc.addClasses(SimpleSecuredServlet.class);
+ oidc.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_oidc_web.xml", "web.xml");
+ oidc.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_oidc_jboss-web.xml", "jboss-web.xml");
+ oidc.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_oidc_oidc.json", "oidc.json");
+ ear.addAsModule(oidc);
+ return ear;
+ }
+
@Test
@InSequence(1)
public void testWrongPasswordWithProviderUrl() throws Exception {
@@ -567,6 +605,28 @@ public void testCorsRequestWithEnableCorsWithInvalidOrigin() throws Exception {
}
}
+ @Test
+ @InSequence(27)
+ public void testFormWithOidc() throws Exception {
+ try {
+ deployer.deploy(FORM_WITH_OIDC_EAR_APP);
+ super.testFormWithOidc();
+ } finally {
+ deployer.undeploy(FORM_WITH_OIDC_EAR_APP);
+ }
+ }
+
+ @Test
+ @InSequence(28)
+ public void testInvalidFormWithOidcCredentials() throws Exception {
+ try {
+ deployer.deploy(FORM_WITH_OIDC_EAR_APP);
+ super.testInvalidFormWithOidcCredentials();
+ } finally {
+ deployer.undeploy(FORM_WITH_OIDC_EAR_APP);
+ }
+ }
+
@Test
public void testOpenIDScope() throws Exception {
try{
diff --git a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/roles.properties b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/roles.properties
new file mode 100644
index 000000000000..446d56d82fc9
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/roles.properties
@@ -0,0 +1,7 @@
+#
+# Copyright The WildFly Authors
+# SPDX-License-Identifier: Apache-2.0
+#
+
+## rls user1=role1
+user1=JBossAdmin
diff --git a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/users.properties b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/users.properties
new file mode 100644
index 000000000000..64718714147e
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/deployment/users.properties
@@ -0,0 +1,6 @@
+#
+# Copyright The WildFly Authors
+# SPDX-License-Identifier: Apache-2.0
+#
+
+user1=password1
\ No newline at end of file
diff --git a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/subsystem/OidcWithSubsystemConfigTest.java b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/subsystem/OidcWithSubsystemConfigTest.java
index 33ec949debce..93b50b507981 100644
--- a/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/subsystem/OidcWithSubsystemConfigTest.java
+++ b/testsuite/integration/elytron-oidc-client/src/test/java/org/wildfly/test/integration/elytron/oidc/client/subsystem/OidcWithSubsystemConfigTest.java
@@ -44,13 +44,16 @@
import org.jboss.as.test.shared.ServerReload;
import org.jboss.as.version.Stability;
import org.jboss.dmr.ModelNode;
+import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.EnterpriseArchive;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.extension.elytron.oidc.ElytronOidcExtension;
import org.wildfly.test.integration.elytron.oidc.client.KeycloakConfiguration;
import org.wildfly.test.integration.elytron.oidc.client.OidcBaseTest;
+import org.wildfly.test.integration.elytron.oidc.client.deployment.OidcWithDeploymentConfigTest;
import org.wildfly.test.stabilitylevel.StabilityServerSetupSnapshotRestoreTasks;
/**
@@ -60,7 +63,9 @@
*/
@RunWith(Arquillian.class)
@RunAsClient
-@ServerSetup({ OidcWithSubsystemConfigTest.PreviewStabilitySetupTask.class, OidcWithSubsystemConfigTest.KeycloakAndSubsystemSetup.class })
+@ServerSetup({ OidcWithSubsystemConfigTest.PreviewStabilitySetupTask.class,
+ OidcWithSubsystemConfigTest.KeycloakAndSubsystemSetup.class,
+ OidcBaseTest.WildFlyServerSetupTask.class})
public class OidcWithSubsystemConfigTest extends OidcBaseTest {
private static final String SUBSYSTEM_OVERRIDE_APP = "SubsystemOverrideOidcApp";
@@ -99,6 +104,7 @@ public class OidcWithSubsystemConfigTest extends OidcBaseTest {
APP_NAMES.put(PS_SIGNED_RSA_ENCRYPTED_REQUEST_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
APP_NAMES.put(PS_SIGNED_REQUEST_URI_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
APP_NAMES.put(INVALID_SIGNATURE_ALGORITHM_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
+ APP_NAMES.put(FORM_WITH_OIDC_OIDC_APP, KeycloakConfiguration.ClientAppType.OIDC_CLIENT);
}
public OidcWithSubsystemConfigTest() {
@@ -280,6 +286,37 @@ public static WebArchive createOpenIDWithMissingSecretHmacSigningAlgorithm() {
.addClasses(SimpleSecuredServlet.class);
}
+ @Deployment(name = FORM_WITH_OIDC_EAR_APP)
+ public static Archive> createFormWithOidcDeployment() {
+ final EnterpriseArchive ear = ShrinkWrap.create(EnterpriseArchive.class, FORM_WITH_OIDC_EAR_APP+".ear");
+ ear.addAsManifestResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_application.xml", "application.xml");
+
+ final WebArchive form = ShrinkWrap.create(WebArchive.class, "form.war");
+ form.addClasses(SimpleServlet.class);
+ form.addClasses(SimpleSecuredServlet.class);
+ form.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_form_web.xml", "web.xml");
+ form.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_form_jboss-web.xml", "jboss-web.xml");
+ form.addAsWebResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_login.jsp", "login.jsp");
+ form.addAsWebResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP + "_error.jsp", "error.jsp");
+
+ ear.addAsModule(form);
+
+ final WebArchive oidc = ShrinkWrap.create(WebArchive.class, "oidc.war");
+ oidc.addClasses(SimpleServlet.class);
+ oidc.addClasses(SimpleSecuredServlet.class);
+ oidc.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_oidc_web.xml", "web.xml");
+ oidc.addAsWebInfResource(OidcWithDeploymentConfigTest.class.getPackage(),
+ FORM_WITH_OIDC_EAR_APP+"_oidc_jboss-web.xml", "jboss-web.xml");
+ ear.addAsModule(oidc);
+ return ear;
+ }
+
@Test
@OperateOnDeployment(SUBSYSTEM_OVERRIDE_APP)
public void testSubsystemOverride() throws Exception {
@@ -647,6 +684,18 @@ public void setup(ManagementClient managementClient, String containerId) throws
operation.get("request-object-signing-algorithm").set(HMAC_SHA256);
Utils.applyUpdate(operation, client);
+ // only config the WAR that is in the EAR
+ operation = createOpNode(SECURE_DEPLOYMENT_ADDRESS + FORM_WITH_OIDC_OIDC_APP + ".war", ModelDescriptionConstants.ADD);
+ operation.get("client-id").set(FORM_WITH_OIDC_OIDC_APP);
+ operation.get("public-client").set(false);
+ operation.get("provider").set(KEYCLOAK_PROVIDER);
+ operation.get("ssl-required").set("EXTERNAL");
+ Utils.applyUpdate(operation, client);
+
+ operation = createOpNode(SECURE_DEPLOYMENT_ADDRESS + FORM_WITH_OIDC_OIDC_APP + ".war/credential=secret", ModelDescriptionConstants.ADD);
+ operation.get("secret").set(CLIENT_SECRET);
+ Utils.applyUpdate(operation, client);
+
ServerReload.executeReloadAndWaitForCompletion(managementClient);
}
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_application.xml b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_application.xml
new file mode 100644
index 000000000000..d342ab22bc14
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_application.xml
@@ -0,0 +1,21 @@
+
+
+
+ ear
+
+
+ form.war
+ /form
+
+
+
+
+ oidc.war
+ /oidc
+
+
+ lib
+
\ No newline at end of file
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_error.jsp b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_error.jsp
new file mode 100644
index 000000000000..4b44f6e303cb
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_error.jsp
@@ -0,0 +1,12 @@
+ Error!
+
+
+
+ The username and password you supplied are not valid.
+
+Click here
+to retry login
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_form_jboss-web.xml b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_form_jboss-web.xml
new file mode 100644
index 000000000000..a9d129a289ee
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_form_jboss-web.xml
@@ -0,0 +1,12 @@
+
+
+
+
+ other
+ /form
+
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_form_web.xml b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_form_web.xml
new file mode 100644
index 000000000000..fedf078f8edd
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_form_web.xml
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+ SimpleSecuredServlet
+ /SimpleSecuredServlet
+
+
+ *
+
+
+
+
+ FORM
+ other
+
+ /login.jsp
+ /error.jsp
+
+
+
+
+ *
+
+
+
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_login.jsp b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_login.jsp
new file mode 100644
index 000000000000..f5df0b07ae13
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_login.jsp
@@ -0,0 +1,16 @@
+Login Page
+
+Please Login
+
+
+
\ No newline at end of file
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_jboss-web.xml b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_jboss-web.xml
new file mode 100644
index 000000000000..c9cd5b74817e
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_jboss-web.xml
@@ -0,0 +1,13 @@
+
+
+
+
+
+ other
+ true
+
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_oidc.json b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_oidc.json
new file mode 100644
index 000000000000..c3fbce7504ee
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_oidc.json
@@ -0,0 +1,10 @@
+{
+ "client-id" : "oidc",
+ "provider-url" : "${oidc.provider.url}",
+ "public-client" : "false",
+ "ssl-required" : "EXTERNAL",
+ "credentials" : {
+ "secret" : "longerclientsecretthatisstleast256bitslong"
+}
+}
+
diff --git a/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_web.xml b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_web.xml
new file mode 100644
index 000000000000..85d7e29d5011
--- /dev/null
+++ b/testsuite/integration/elytron-oidc-client/src/test/resources/org/wildfly/test/integration/elytron/oidc/client/deployment/FormWithOidcApp_oidc_web.xml
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+ SimpleSecuredServlet
+ /SimpleSecuredServlet
+
+
+ *
+
+
+
+
+ OIDC
+
+
+
+ *
+
+
+
diff --git a/undertow/src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java b/undertow/src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java
index 846470d53f48..d94b70b7fff1 100644
--- a/undertow/src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java
+++ b/undertow/src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java
@@ -280,21 +280,24 @@ public void deploy(final DeploymentPhaseContext phaseContext) throws DeploymentU
}
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
- if (isVirtualDomainRequired(deploymentUnit) || isVirtualMechanismFactoryRequired(deploymentUnit)) {
- securityDomain = builder.requires(securityMetaData.getSecurityDomain());
- } else if(securityDomainName != null) {
+ if (securityDomainName != null) {
if (mappedSecurityDomain.test(securityDomainName)) {
applySecurityFunction = builder.requires(capabilitySupport.getCapabilityServiceName(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, securityDomainName));
} else {
throw ROOT_LOGGER.deploymentConfiguredForLegacySecurity();
}
}
- if (isVirtualMechanismFactoryRequired(deploymentUnit)) {
- if (securityMetaData instanceof AdvancedSecurityMetaData) {
- mechanismFactorySupplier = builder.requires(((AdvancedSecurityMetaData) securityMetaData).getHttpServerAuthenticationMechanismFactory());
+ else if (isVirtualDomainRequired(deploymentUnit) || isVirtualMechanismFactoryRequired(deploymentUnit)) {
+ securityDomain = builder.requires(securityMetaData.getSecurityDomain());
+
+ if (isVirtualMechanismFactoryRequired(deploymentUnit)) {
+ if (securityMetaData instanceof AdvancedSecurityMetaData) {
+ mechanismFactorySupplier = builder.requires(((AdvancedSecurityMetaData) securityMetaData).getHttpServerAuthenticationMechanismFactory());
+ }
}
}
+
Supplier controlPoint = RequestControllerActivationMarker.isRequestControllerEnabled(deploymentUnit) ? builder.requires(ControlPointService.serviceName(Optional.ofNullable(parentDeploymentUnit).orElse(deploymentUnit).getName(), UndertowExtension.SUBSYSTEM_NAME)) : null;
SharedSessionManagerConfig sharedSessionManagerConfig = parentDeploymentUnit != null ? parentDeploymentUnit.getAttachment(SharedSessionManagerConfig.ATTACHMENT_KEY) : null;