Add RestEasy Reactive and OidcSecurity test

(cherry picked from commit 6ddf2d2)
gsmet · Jun 13, 2022 · e3cb392 · e3cb392
1 parent 3aadc82
commit e3cb392
Show file tree

Hide file tree

Showing 4 changed files with 145 additions and 0 deletions.
diff --git a/integration-tests/oidc-token-propagation-reactive/pom.xml b/integration-tests/oidc-token-propagation-reactive/pom.xml
@@ -15,6 +15,15 @@
     <description>Module that contains OpenID Connect Token Propagation Reactive tests</description>
 
     <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy-reactive-jackson</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-test-security-oidc</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-junit5</artifactId>
@@ -34,6 +43,19 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-resteasy-reactive</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy-reactive-jackson-deployment</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-resteasy-reactive-deployment</artifactId>

diff --git a/...token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedJwtResource.java b/...token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedJwtResource.java
@@ -0,0 +1,52 @@
+package io.quarkus.it.keycloak;
+
+import javax.annotation.security.RolesAllowed;
+import javax.inject.Inject;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.SecurityContext;
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import io.quarkus.security.Authenticated;
+import io.quarkus.security.identity.SecurityIdentity;
+
+@Path("/web-app")
+@Authenticated
+public class ProtectedJwtResource {
+
+    @Inject
+    SecurityIdentity identity;
+
+    @Inject
+    JsonWebToken accessToken;
+
+    @Context
+    SecurityContext securityContext;
+
+    @GET
+    @Path("test-security")
+    @RolesAllowed("viewer")
+    public String testSecurity() {
+        return securityContext.getUserPrincipal().getName();
+    }
+
+    @POST
+    @Path("test-security")
+    @Consumes("application/json")
+    @RolesAllowed("viewer")
+    public String testSecurityJson(User user) {
+        return user.getName() + ":" + securityContext.getUserPrincipal().getName();
+    }
+
+    @GET
+    @Path("test-security-jwt")
+    @RolesAllowed("viewer")
+    public String testSecurityJwt() {
+        return accessToken.getName() + ":" + accessToken.getGroups().iterator().next()
+                + ":" + accessToken.getClaim("email");
+    }
+}
diff --git a/...tion-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/User.java b/...tion-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/User.java
@@ -0,0 +1,15 @@
+package io.quarkus.it.keycloak;
+
+public class User {
+
+    private String name;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+}
diff --git a/...n-propagation-reactive/src/test/java/io/quarkus/it/keycloak/TestSecurityLazyAuthTest.java b/...n-propagation-reactive/src/test/java/io/quarkus/it/keycloak/TestSecurityLazyAuthTest.java
@@ -0,0 +1,56 @@
+package io.quarkus.it.keycloak;
+
+import static org.hamcrest.Matchers.is;
+
+import org.junit.jupiter.api.Test;
+
+import io.quarkus.test.common.http.TestHTTPEndpoint;
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.security.TestSecurity;
+import io.quarkus.test.security.oidc.Claim;
+import io.quarkus.test.security.oidc.OidcSecurity;
+import io.restassured.RestAssured;
+import io.restassured.http.ContentType;
+
+@QuarkusTest
+@TestHTTPEndpoint(ProtectedJwtResource.class)
+public class TestSecurityLazyAuthTest {
+
+    @Test
+    @TestSecurity(user = "user1", roles = "viewer")
+    public void testWithDummyUser() {
+        RestAssured.when().get("test-security").then()
+                .body(is("user1"));
+    }
+
+    @Test
+    @TestSecurity(user = "user1", roles = "tester")
+    public void testWithDummyUserForbidden() {
+        RestAssured.when().get("test-security").then().statusCode(403);
+    }
+
+    @Test
+    @TestSecurity(user = "user1", roles = "viewer")
+    public void testPostWithDummyUser() {
+        RestAssured.given().contentType(ContentType.JSON).when().body("{\"name\":\"user1\"}").post("test-security").then()
+                .body(is("user1:user1"));
+    }
+
+    @Test
+    @TestSecurity(user = "user1", roles = "tester")
+    public void testPostWithDummyUserForbidden() {
+        RestAssured.given().contentType(ContentType.JSON).when().body("{\"name\":\"user1\"}").post("test-security").then()
+                .statusCode(403);
+    }
+
+    @Test
+    @TestSecurity(user = "userJwt", roles = "viewer")
+    @OidcSecurity(claims = {
+            @Claim(key = "email", value = "user@gmail.com")
+    })
+    public void testJwtGetWithDummyUser() {
+        RestAssured.when().get("test-security-jwt").then()
+                .body(is("userJwt:viewer:user@gmail.com"));
+    }
+
+}