KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.…

…host including TLS configured

testsuite/integration-arquillian/HOW-TO-RUN.md

@@ -999,4 +999,11 @@ because this is not UI testing). For debugging purposes you can override the hea
     mvn clean install -f testsuite/integration-arquillian/tests/base \
                       -Pfirefox-strict-cookies \
                       -Dtest=**.javascript.** \
-                      -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
+                      -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
+                      
+**General adapter tests**
+
+    mvn clean install -f testsuite/integration-arquillian/tests/base \
+                       -Pfirefox-strict-cookies \
+                       -Dtest=**.adapter.** \
+                       -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]

testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli

@@ -3,7 +3,7 @@ embed-server --server-config=standalone.xml
 /subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \
     realm=demo, \
     resource=customer-portal-subsystem, \
-    auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
+    auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \
     ssl-required=EXTERNAL, \
     disable-trust-manager=true, \
     realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
@@ -13,7 +13,7 @@ embed-server --server-config=standalone.xml
 /subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \
     realm=demo, \
     resource=product-portal-subsystem, \
-    auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
+    auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \
     ssl-required=EXTERNAL, \
     disable-trust-manager=true, \
     realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \

testsuite/integration-arquillian/servers/app-server/jboss/eap6/src/main/resources/config/cli/add-secured-deployments.cli

@@ -1,7 +1,7 @@
 /subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \
     realm=demo, \
     resource=customer-portal-subsystem, \
-    auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.http.port:8543}/auth, \
+    auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.actual.http.port:8543}/auth, \
     ssl-required=EXTERNAL, \
     disable-trust-manager=true, \
     realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
@@ -11,7 +11,7 @@
 /subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \
     realm=demo, \
     resource=product-portal-subsystem, \
-    auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
+    auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.actual.https.port:8543}/auth, \
     ssl-required=EXTERNAL, \
     disable-trust-manager=true, \
     realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \

testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-add-connector.xsl

@@ -29,8 +29,8 @@
             <Connector port="8643" maxThreads="500"
                        server="Apache"
                        scheme="https" secure="true" SSLEnabled="true" acceptCount="500"
-                       keystoreFile="conf/adapter.jks" keystorePass="secret"
-                       truststoreFile="conf/keycloak.truststore" truststorePass="secret"/>
+                       keystoreFile="lib/adapter.jks" keystorePass="secret"
+                       truststoreFile="lib/keycloak.truststore" truststorePass="secret"/>
         </xsl:copy>
     </xsl:template>
 

testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml

@@ -363,7 +363,7 @@
                                     <goal>copy-resources</goal>
                                 </goals>
                                 <configuration>
-                                    <outputDirectory>${app.server.tomcat.home}/conf</outputDirectory>
+                                    <outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
                                     <resources>
                                         <resource>
                                             <directory>${common.resources}/keystore</directory>

testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java

@@ -26,6 +26,11 @@ public class ServerURLs {
     public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost");
     public static final String AUTH_SERVER_HOST2 = System.getProperty("auth.server.host2", AUTH_SERVER_HOST);
 
+    public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
+    public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280");
+    public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http";
+    public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost");
+
     public static String getAuthServerContextRoot() {
         return getAuthServerContextRoot(0);
     }
@@ -39,14 +44,7 @@ public static String getAppServerContextRoot() {
     }
 
     public static String getAppServerContextRoot(int clusterPortOffset) {
-        String host = System.getProperty("app.server.host", "localhost");
-
-        boolean sslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
-
-        int port = sslRequired ? parsePort("app.server.https.port") : parsePort("app.server.http.port");
-        String scheme = sslRequired ? "https" : "http";
-
-        return String.format("%s://%s:%s", scheme, host, port + clusterPortOffset);
+        return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT) + clusterPortOffset));
     }
 
     /**

testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js

@@ -18,7 +18,8 @@
 var module = angular.module('product', []);
 
 function getAuthServerUrl() {
-    var url = 'https://localhost-auth-127.0.0.1.nip.io:8543';
+    let authUrl = auth.authz.authServerUrl
+    var url = authUrl.substring(0, authUrl.length - 5);
 
     return url;
 }

testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp

@@ -11,7 +11,8 @@
     boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
     String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
     String authScheme = isTLSEnabled ? "https" : "http";
-    String authUri = authScheme + "://localhost:" + authPort + "/auth";
+    String authHost = System.getProperty("auth.server.host", "localhost");
+    String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth";
 %>
 <h2>Click here <a href="<%= KeycloakUriBuilder.fromUri(authUri).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
             .queryParam("redirect_uri", redirectUri).build("servlet-authz").toString()%>">Sign Out</a></h2>

testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp

@@ -11,7 +11,8 @@
     boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
     String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
     String authScheme = isTLSEnabled ? "https" : "http";
-    String authUri = authScheme + "://localhost:" + authPort + "/auth";
+    String authHost = System.getProperty("auth.server.host", "localhost");
+    String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth";
 %>
 <h2>Click here <a href="<%= KeycloakUriBuilder.fromUri(authUri).path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
             .queryParam("redirect_uri", redirectUri).build("servlet-policy-enforcer-authz").toString()%>">Sign Out</a></h2>

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java

@@ -18,7 +18,6 @@
 package org.keycloak.testsuite.adapter.servlet;
 
 import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.common.util.UriUtils;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
@@ -53,7 +52,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
 
             //Clear principal form database-service by calling logout
             StringBuilder result = new StringBuilder();
-            String urlBase = ServletTestUtils.getUrlBase(req);
+            String urlBase = ServletTestUtils.getUrlBase();
 
             URL url = new URL(urlBase + "/customer-db/");
             HttpURLConnection conn = (HttpURLConnection) url.openConnection();
@@ -74,7 +73,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
 
 
         //try {
-        String urlBase = ServletTestUtils.getUrlBase(req);
+        String urlBase = ServletTestUtils.getUrlBase();
 
         // Decide what to call based on the URL suffix
         String serviceUrl;
@@ -105,7 +104,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
 //        }
     }
 
-
     private String invokeService(String serviceUrl, KeycloakSecurityContext context) throws IOException {
         StringBuilder result = new StringBuilder();
 

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java

@@ -56,13 +56,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
 
         //try {
         StringBuilder result = new StringBuilder();
-        String urlBase;
-
-        if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
-            urlBase = System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
-        } else {
-            urlBase = System.getProperty("app.server.base.url", "http://localhost:8280");
-        }
+        String urlBase = ServletTestUtils.getUrlBase();
 
         URL url = new URL(urlBase + "/customer-db/");
         HttpURLConnection conn = (HttpURLConnection) url.openConnection();

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java

@@ -37,7 +37,7 @@ public class InputServlet extends HttpServlet {
 
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-        String appBase = ServletTestUtils.getUrlBase(req);
+        String appBase = ServletTestUtils.getUrlBase();
         String actionUrl = appBase + "/input-portal/secured/post";
 
         if (req.getRequestURI().endsWith("insecure")) {

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java

@@ -13,22 +13,18 @@
  */
 public class OfflineTokenServlet extends AbstractShowTokensServlet {
 
-    private static final String ADAPTER_ROOT_URL = (System.getProperty("auth.server.ssl.required", "false").equals("true")) ?
-            System.getProperty("auth.server.ssl.base.url", "https://localhost:8543") :
-            System.getProperty("auth.server.base.url", "http://localhost:8180");
-
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 
         if (req.getRequestURI().endsWith("logout")) {
 
-            UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase(req) + "/offline-client");
+            UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase() + "/offline-client");
             if (req.getParameter(OAuth2Constants.SCOPE) != null) {
                 redirectUriBuilder.queryParam(OAuth2Constants.SCOPE, req.getParameter(OAuth2Constants.SCOPE));
             }
             String redirectUri = redirectUriBuilder.build().toString();
 
-            String serverLogoutRedirect = UriBuilder.fromUri(ADAPTER_ROOT_URL + "/auth/realms/test/protocol/openid-connect/logout")
+            String serverLogoutRedirect = UriBuilder.fromUri(ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/test/protocol/openid-connect/logout")
                     .queryParam("redirect_uri", redirectUri)
                     .build().toString();
 

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java

@@ -99,7 +99,7 @@ private URI getSamlAuthnRequest(HttpServletRequest req) {
         try {
             BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
             SAML2Request samlReq = new SAML2Request();
-            String appServerUrl = ServletTestUtils.getUrlBase(req) + "/employee/";
+            String appServerUrl = ServletTestUtils.getUrlBase() + "/employee/";
             String authServerUrl = ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/demo/protocol/saml";
             AuthnRequestType loginReq;
             loginReq = samlReq.createAuthnRequestType(UUID.randomUUID().toString(), appServerUrl, authServerUrl, "http://localhost:8280/employee/");

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java

@@ -17,40 +17,32 @@
 
 package org.keycloak.testsuite.adapter.servlet;
 
-import javax.servlet.http.HttpServletRequest;
-
-import org.keycloak.common.util.UriUtils;
+import static java.lang.Integer.parseInt;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */
 public class ServletTestUtils {
 
-    // TODO: Couldn't just always read urlBase from req.getRequestURI() ?
-    public static String getUrlBase(HttpServletRequest req) {
-        if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
-            return System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
-        }
-
-        String urlBase = System.getProperty("app.server.base.url");
+    public static final boolean AUTH_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
+    public static final String AUTH_SERVER_PORT = AUTH_SERVER_SSL_REQUIRED ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
+    public static final String AUTH_SERVER_SCHEME = AUTH_SERVER_SSL_REQUIRED ? "https" : "http";
+    public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost");
 
-        if (urlBase == null) {
-            String authServer = System.getProperty("auth.server.container", "auth-server-undertow");
-            if (authServer.contains("undertow")) {
-                urlBase = UriUtils.getOrigin(req.getRequestURL().toString());
-            } else {
-                urlBase = "http://localhost:8280";
-            }
-        }
+    public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
+    public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280");
+    public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http";
+    public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost");
 
-        return urlBase;
+    public static String getUrlBase() {
+        return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT)));
     }
 
     public static String getAuthServerUrlBase() {
-        if (System.getProperty("auth.server.ssl.required", "false").equals("true")) {
-            return System.getProperty("auth.server.ssl.base.url", "https://localhost:8543");
-        }
+        return removeDefaultPorts(String.format("%s://%s:%s", AUTH_SERVER_SCHEME, AUTH_SERVER_HOST, parseInt(AUTH_SERVER_PORT)));
+    }
 
-        return System.getProperty("auth.server.base.url", "http://localhost:8180");
+    public static String removeDefaultPorts(String url) {
+        return url != null ? url.replaceFirst("(.*)(:80)(\\/.*)?$", "$1$3").replaceFirst("(.*)(:443)(\\/.*)?$", "$1$3") : null;
     }
 }