LDAP testing improvements. Support for embedded Kerberos server in te…

…stsuite
keycloak · Feb 16, 2015 · 5da05aa · 5da05aa
1 parent 6097ecb
commit 5da05aa
Show file tree

Hide file tree

Showing 18 changed files with 976 additions and 169 deletions.
diff --git a/pom.xml b/pom.xml
@@ -13,6 +13,8 @@
 
     <properties>
         <aesh.version>0.33.12</aesh.version>
+        <apacheds.version>2.0.0-M17</apacheds.version>
+        <apacheds.codec.version>1.0.0-M23</apacheds.codec.version>
         <base64.version>2.3.8</base64.version>
         <bouncycastle.crypto.version>1.50</bouncycastle.crypto.version>
         <bouncycastle.mail.version>1.50</bouncycastle.mail.version>
@@ -23,7 +25,6 @@
         <!-- <undertow.version>1.1.0.Final</undertow.version> -->
         <undertow.version>1.1.1.Final</undertow.version>
         <picketlink.version>2.7.0.CR3</picketlink.version>
-        <picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>
         <mongo.driver.version>2.11.3</mongo.driver.version>
         <jboss.logging.version>3.1.4.GA</jboss.logging.version>
         <syslog4j.version>0.9.30</syslog4j.version>
@@ -307,17 +308,6 @@
                 <artifactId>picketlink-impl</artifactId>
                 <version>${picketlink.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.picketbox</groupId>
-                <artifactId>picketbox-ldap</artifactId>
-                <version>${picketbox.ldap.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.picketbox</groupId>
-                <artifactId>picketbox-ldap</artifactId>
-                <version>${picketbox.ldap.version}</version>
-                <type>test-jar</type>
-            </dependency>
             <dependency>
                 <groupId>org.jboss.logging</groupId>
                 <artifactId>jboss-logging</artifactId>
@@ -422,6 +412,28 @@
                 <version>${winzipaes.version}</version>
             </dependency>
 
+            <!-- Apache DS -->
+            <dependency>
+                <groupId>org.apache.directory.server</groupId>
+                <artifactId>apacheds-core-annotations</artifactId>
+                <version>${apacheds.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.directory.server</groupId>
+                <artifactId>apacheds-interceptor-kerberos</artifactId>
+                <version>${apacheds.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.directory.server</groupId>
+                <artifactId>apacheds-server-annotations</artifactId>
+                <version>${apacheds.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.directory.api</groupId>
+                <artifactId>api-ldap-codec-standalone</artifactId>
+                <version>${apacheds.codec.version}</version>
+            </dependency>
+
             <!-- Selenium -->
             <dependency>
                 <groupId>org.seleniumhq.selenium</groupId>

diff --git a/services/src/main/java/org/keycloak/services/managers/LDAPConnectionTestManager.java b/services/src/main/java/org/keycloak/services/managers/LDAPConnectionTestManager.java
@@ -27,11 +27,10 @@ public boolean testLDAP(String action, String connectionUrl, String bindDn, Stri
         try {
             Hashtable<String, Object> env = new Hashtable<String, Object>();
             env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-            env.put(Context.SECURITY_AUTHENTICATION, "simple");
-
             env.put(Context.PROVIDER_URL, connectionUrl);
 
             if (TEST_AUTHENTICATION.equals(action)) {
+                env.put(Context.SECURITY_AUTHENTICATION, "simple");
                 env.put(Context.SECURITY_PRINCIPAL, bindDn);
 
                 char[] bindCredentialChar = null;

diff --git a/testsuite/integration/README.md b/testsuite/integration/README.md
@@ -90,4 +90,34 @@ To configure Keycloak to use the above server add the following system propertie
 For example if using the test utils Keycloak server start it with:
 
     mvn exec:java -Pkeycloak-server -Dkeycloak.mail.smtp.from=auto@keycloak.org -Dkeycloak.mail.smtp.host=localhost -Dkeycloak.mail.smtp.port=3025
+
+LDAP server
+-----------
+
+To start a ApacheDS based LDAP server for testing LDAP sending run:
+
+    mvn exec:java -Pldap
+
+There are additional system properties you can use to configure (See EmbeddedServersFactory class for details). Once done, you can create LDAP Federation provider
+in Keycloak admin console with the settings like:
+Vendor: Other
+Connection URL: ldap://localhost:10389
+Base DN: dc=keycloak,dc=org
+User DN Suffix: ou=People,dc=keycloak,dc=org
+Bind DN: uid=admin,ou=system
+Bind credential: secret
+
+Kerberos server
+---------------
+
+To start a ApacheDS based Kerberos server for testing Kerberos + LDAP sending run:
+
+    mvn exec:java -Pkerberos
+
+There are additional system properties you can use to configure (See EmbeddedServersFactory class for details). Once done, you can create LDAP Federation provider
+in Keycloak admin console with same settings like mentioned in previous LDAP section. And you can enable Kerberos with the settings like:
+
+Server Principal: HTTP/localhost@KEYCLOAK.ORG
+KeyTab: $KEYCLOAK_SOURCES/testsuite/integration/src/main/resources/kerberos/http.keytab
+
 
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
@@ -113,10 +113,6 @@
             <groupId>com.google.zxing</groupId>
             <artifactId>javase</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
@@ -212,15 +208,31 @@
             <groupId>org.seleniumhq.selenium</groupId>
             <artifactId>selenium-chrome-driver</artifactId>
         </dependency>
+
+        <!-- Apache DS -->
         <dependency>
-            <groupId>org.picketbox</groupId>
-            <artifactId>picketbox-ldap</artifactId>
-            <type>test-jar</type>
+            <groupId>org.apache.directory.server</groupId>
+            <artifactId>apacheds-core-annotations</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.picketbox</groupId>
-            <artifactId>picketbox-ldap</artifactId>
+            <groupId>org.apache.directory.server</groupId>
+            <artifactId>apacheds-interceptor-kerberos</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.directory.server</groupId>
+            <artifactId>apacheds-server-annotations</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.directory.api</groupId>
+            <artifactId>api-ldap-codec-standalone</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.picketlink</groupId>
             <artifactId>picketlink-wildfly-common</artifactId>
@@ -270,6 +282,12 @@
                     <workingDirectory>${project.basedir}</workingDirectory>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <inherited>true</inherited>
+                <extensions>true</extensions>
+            </plugin>
         </plugins>
     </build>
 
@@ -316,6 +334,34 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>ldap</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <configuration>
+                            <mainClass>org.keycloak.testutils.ldap.LDAPEmbeddedServer</mainClass>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>kerberos</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <configuration>
+                            <mainClass>org.keycloak.testutils.ldap.KerberosEmbeddedServer</mainClass>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
 
         <profile>
             <id>jpa</id>

diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
@@ -104,27 +104,8 @@ public static <T> T loadJson(InputStream is, Class<T> type) {
     }
 
     public static void main(String[] args) throws Throwable {
-        //bootstrapLdap();  Can't seem to get this to work.
         bootstrapKeycloakServer(args);
     }
-    /*private static LDAPEmbeddedServer embeddedServer;
-    public static void bootstrapLdap() throws Exception {
-        embeddedServer = new LDAPEmbeddedServer();
-        embeddedServer.setup();
-        embeddedServer.importLDIF("ldap/users.ldif");
-        Runtime.getRuntime().addShutdownHook(new Thread() {
-            @Override
-            public void run() {
-                try {
-                    embeddedServer.tearDown();
-                } catch (Exception e) {
-                    throw new RuntimeException(e);
-                }
-            }
-        });
-
-
-    } */
 
     public static KeycloakServer bootstrapKeycloakServer(String[] args) throws Throwable {
         KeycloakServerConfig config = new KeycloakServerConfig();

diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
@@ -0,0 +1,82 @@
+package org.keycloak.testutils.ldap;
+
+/**
+ * Factory for ApacheDS based LDAP and Kerberos servers
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class EmbeddedServersFactory {
+
+    private static final String DEFAULT_BASE_DN = "dc=keycloak,dc=org";
+    private static final String DEFAULT_BIND_HOST = "localhost";
+    private static final int DEFAULT_BIND_PORT = 10389;
+    private static final String DEFAULT_LDIF_FILE = "ldap/users.ldif";
+
+    private static final String DEFAULT_KERBEROS_LDIF_FILE = "kerberos/users-kerberos.ldif";
+
+    private static final String DEFAULT_KERBEROS_REALM = "KEYCLOAK.ORG";
+    private static final int DEFAULT_KDC_PORT = 6088;
+
+    private String baseDN;
+    private String bindHost;
+    private int bindPort;
+    private String ldifFile;
+    private String kerberosRealm;
+    private int kdcPort;
+
+
+    public static EmbeddedServersFactory readConfiguration() {
+        EmbeddedServersFactory factory = new EmbeddedServersFactory();
+        factory.readProperties();
+        return factory;
+    }
+
+
+    protected void readProperties() {
+        this.baseDN = System.getProperty("ldap.baseDN");
+        this.bindHost = System.getProperty("ldap.host");
+        String bindPort = System.getProperty("ldap.port");
+        this.ldifFile = System.getProperty("ldap.ldif");
+
+        this.kerberosRealm = System.getProperty("kerberos.realm");
+        String kdcPort = System.getProperty("kerberos.port");
+
+        if (baseDN == null || baseDN.isEmpty()) {
+            baseDN = DEFAULT_BASE_DN;
+        }
+        if (bindHost == null || bindHost.isEmpty()) {
+            bindHost = DEFAULT_BIND_HOST;
+        }
+        this.bindPort = (bindPort == null || bindPort.isEmpty()) ? DEFAULT_BIND_PORT : Integer.parseInt(bindPort);
+        if (ldifFile == null || ldifFile.isEmpty()) {
+            ldifFile = DEFAULT_LDIF_FILE;
+        }
+
+        if (kerberosRealm == null || kerberosRealm.isEmpty()) {
+            kerberosRealm = DEFAULT_KERBEROS_REALM;
+        }
+        this.kdcPort = (kdcPort == null || kdcPort.isEmpty()) ? DEFAULT_KDC_PORT : Integer.parseInt(kdcPort);
+    }
+
+
+    public LDAPEmbeddedServer createLdapServer() {
+
+        // Override LDIF file with default for embedded LDAP
+        if (ldifFile.equals(DEFAULT_KERBEROS_LDIF_FILE)) {
+            ldifFile = DEFAULT_LDIF_FILE;
+        }
+
+        return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile);
+    }
+
+
+    public KerberosEmbeddedServer createKerberosServer() {
+
+        // Override LDIF file with default for embedded Kerberos
+        if (ldifFile.equals(DEFAULT_LDIF_FILE)) {
+            ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
+        }
+
+        return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort);
+    }
+}