-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #44546 from michalvavrik/feature/quarkus-oidc-redi…
…s-token-state-manager Add OIDC Redis Token State Manager extension
- Loading branch information
Showing
20 changed files
with
680 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
98 changes: 98 additions & 0 deletions
98
extensions/oidc-redis-token-state-manager/deployment/pom.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<parent> | ||
<artifactId>quarkus-oidc-redis-token-state-manager-parent</artifactId> | ||
<groupId>io.quarkus</groupId> | ||
<version>999-SNAPSHOT</version> | ||
</parent> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<artifactId>quarkus-oidc-redis-token-state-manager-deployment</artifactId> | ||
<name>Quarkus - OpenID Connect Redis Token State Manager - Deployment</name> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-oidc-redis-token-state-manager</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-oidc-deployment</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-redis-client-deployment</artifactId> | ||
</dependency> | ||
<!-- Test dependencies --> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-rest-deployment</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-junit5-internal</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.rest-assured</groupId> | ||
<artifactId>rest-assured</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.htmlunit</groupId> | ||
<artifactId>htmlunit</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<executions> | ||
<execution> | ||
<id>default-compile</id> | ||
<configuration> | ||
<annotationProcessorPaths> | ||
<path> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-extension-processor</artifactId> | ||
<version>${project.version}</version> | ||
</path> | ||
</annotationProcessorPaths> | ||
</configuration> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-surefire-plugin</artifactId> | ||
<configuration> | ||
<skip>true</skip> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
<profiles> | ||
<profile> | ||
<id>test-containers</id> | ||
<activation> | ||
<property> | ||
<name>test-containers</name> | ||
</property> | ||
</activation> | ||
<build> | ||
<plugins> | ||
<plugin> | ||
<artifactId>maven-surefire-plugin</artifactId> | ||
<configuration> | ||
<skip>false</skip> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
</profile> | ||
</profiles> | ||
</project> |
31 changes: 31 additions & 0 deletions
31
...rkus/oidc/redis/token/state/manager/deployment/OidcRedisTokenStateManagerBuildConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package io.quarkus.oidc.redis.token.state.manager.deployment; | ||
|
||
import io.quarkus.redis.runtime.client.config.RedisConfig; | ||
import io.quarkus.runtime.annotations.ConfigRoot; | ||
import io.smallrye.config.ConfigMapping; | ||
import io.smallrye.config.WithDefault; | ||
|
||
/** | ||
* OIDC Redis Token State Manager build-time configuration. | ||
*/ | ||
@ConfigRoot | ||
@ConfigMapping(prefix = "quarkus.oidc.redis-token-state-manager") | ||
public interface OidcRedisTokenStateManagerBuildConfig { | ||
|
||
/** | ||
* Enables this extension. | ||
* Set to 'false' if this extension should be disabled. | ||
*/ | ||
@WithDefault("true") | ||
boolean enabled(); | ||
|
||
/** | ||
* Selects Redis client used to store the OIDC token state. | ||
* The default Redis client is used if this property is not configured. | ||
* Used Redis datasource must only be accessible by trusted parties, | ||
* because Quarkus will not encrypt tokens before storing them. | ||
*/ | ||
@WithDefault(RedisConfig.DEFAULT_CLIENT_NAME) | ||
String redisClientName(); | ||
|
||
} |
67 changes: 67 additions & 0 deletions
67
...uarkus/oidc/redis/token/state/manager/deployment/OidcRedisTokenStateManagerProcessor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package io.quarkus.oidc.redis.token.state.manager.deployment; | ||
|
||
import java.util.function.BooleanSupplier; | ||
|
||
import jakarta.enterprise.context.ApplicationScoped; | ||
|
||
import org.jboss.jandex.AnnotationInstance; | ||
import org.jboss.jandex.Type; | ||
|
||
import io.quarkus.arc.deployment.SyntheticBeanBuildItem; | ||
import io.quarkus.deployment.annotations.BuildStep; | ||
import io.quarkus.deployment.annotations.BuildSteps; | ||
import io.quarkus.deployment.annotations.ExecutionTime; | ||
import io.quarkus.deployment.annotations.Record; | ||
import io.quarkus.oidc.TokenStateManager; | ||
import io.quarkus.oidc.redis.token.state.manager.runtime.OidcRedisTokenStateManagerRecorder; | ||
import io.quarkus.redis.client.RedisClientName; | ||
import io.quarkus.redis.datasource.ReactiveRedisDataSource; | ||
import io.quarkus.redis.deployment.client.RequestedRedisClientBuildItem; | ||
import io.quarkus.redis.runtime.client.config.RedisConfig; | ||
|
||
@BuildSteps(onlyIf = OidcRedisTokenStateManagerProcessor.IsEnabled.class) | ||
public class OidcRedisTokenStateManagerProcessor { | ||
|
||
@BuildStep | ||
RequestedRedisClientBuildItem requestRedisClient(OidcRedisTokenStateManagerBuildConfig buildConfig) { | ||
return new RequestedRedisClientBuildItem(buildConfig.redisClientName()); | ||
} | ||
|
||
@Record(ExecutionTime.STATIC_INIT) | ||
@BuildStep | ||
SyntheticBeanBuildItem createTokenStateManager(OidcRedisTokenStateManagerRecorder recorder, | ||
OidcRedisTokenStateManagerBuildConfig buildConfig) { | ||
var redisClientName = buildConfig.redisClientName(); | ||
var beanConfigurator = SyntheticBeanBuildItem.configure(TokenStateManager.class) | ||
.priority(1) | ||
.alternative(true) | ||
.unremovable() | ||
.scope(ApplicationScoped.class); | ||
if (RedisConfig.isDefaultClient(redisClientName)) { | ||
beanConfigurator | ||
.createWith(recorder.createTokenStateManager(null)) | ||
.addInjectionPoint(Type.create(ReactiveRedisDataSource.class)); | ||
} else { | ||
beanConfigurator | ||
.createWith(recorder.createTokenStateManager(redisClientName)) | ||
.addInjectionPoint(Type.create(ReactiveRedisDataSource.class), | ||
AnnotationInstance.builder(RedisClientName.class).value(redisClientName).build()); | ||
} | ||
return beanConfigurator.done(); | ||
} | ||
|
||
static final class IsEnabled implements BooleanSupplier { | ||
|
||
private final boolean enabled; | ||
|
||
IsEnabled(OidcRedisTokenStateManagerBuildConfig buildConfig) { | ||
this.enabled = buildConfig.enabled(); | ||
} | ||
|
||
@Override | ||
public boolean getAsBoolean() { | ||
return enabled; | ||
} | ||
} | ||
|
||
} |
93 changes: 93 additions & 0 deletions
93
...quarkus/oidc/redis/token/state/manager/deployment/AbstractRedisTokenStateManagerTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
package io.quarkus.oidc.redis.token.state.manager.deployment; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.junit.jupiter.api.Assertions.assertNull; | ||
|
||
import java.io.IOException; | ||
import java.net.URI; | ||
import java.net.URL; | ||
|
||
import org.hamcrest.Matchers; | ||
import org.htmlunit.SilentCssErrorHandler; | ||
import org.htmlunit.TextPage; | ||
import org.htmlunit.WebClient; | ||
import org.htmlunit.WebRequest; | ||
import org.htmlunit.WebResponse; | ||
import org.htmlunit.html.HtmlForm; | ||
import org.htmlunit.html.HtmlPage; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.Test; | ||
|
||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.quarkus.test.common.http.TestHTTPResource; | ||
import io.restassured.RestAssured; | ||
|
||
public abstract class AbstractRedisTokenStateManagerTest { | ||
|
||
protected static QuarkusUnitTest createQuarkusUnitTest(String... extraProps) { | ||
return new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addClasses(ProtectedResource.class, UnprotectedResource.class, PublicResource.class) | ||
.addAsResource(new StringAsset(""" | ||
quarkus.oidc.client-id=quarkus-web-app | ||
quarkus.oidc.application-type=web-app | ||
quarkus.oidc.logout.path=/protected/logout | ||
quarkus.log.category."org.htmlunit.javascript.host.css.CSSStyleSheet".level=FATAL | ||
quarkus.log.category."org.htmlunit.css".level=FATAL | ||
""" + String.join(System.lineSeparator(), extraProps)), "application.properties")); | ||
} | ||
|
||
@TestHTTPResource | ||
URL url; | ||
|
||
@Test | ||
public void testCodeFlow() throws IOException { | ||
try (final WebClient webClient = createWebClient()) { | ||
|
||
TextPage textPage = webClient.getPage(url.toString() + "unprotected"); | ||
assertEquals("unprotected", textPage.getContent()); | ||
|
||
HtmlPage page; | ||
page = webClient.getPage(url.toString() + "protected"); | ||
|
||
assertEquals("Sign in to quarkus", page.getTitleText()); | ||
|
||
HtmlForm loginForm = page.getForms().get(0); | ||
|
||
loginForm.getInputByName("username").setValueAttribute("alice"); | ||
loginForm.getInputByName("password").setValueAttribute("alice"); | ||
|
||
textPage = loginForm.getInputByName("login").click(); | ||
|
||
assertEquals("alice", textPage.getContent()); | ||
|
||
assertTokenStateCount(1); | ||
|
||
webClient.getOptions().setRedirectEnabled(false); | ||
WebResponse webResponse = webClient | ||
.loadWebResponse(new WebRequest(URI.create(url.toString() + "protected/logout").toURL())); | ||
assertEquals(302, webResponse.getStatusCode()); | ||
assertNull(webClient.getCookieManager().getCookie("q_session")); | ||
|
||
webClient.getCookieManager().clearCookies(); | ||
|
||
assertTokenStateCount(0); | ||
} | ||
} | ||
|
||
protected static void assertTokenStateCount(Integer tokenStateCount) { | ||
RestAssured | ||
.given() | ||
.get("public/oidc-token-states-count") | ||
.then() | ||
.statusCode(200) | ||
.body(Matchers.is(tokenStateCount.toString())); | ||
} | ||
|
||
protected static WebClient createWebClient() { | ||
WebClient webClient = new WebClient(); | ||
webClient.setCssErrorHandler(new SilentCssErrorHandler()); | ||
return webClient; | ||
} | ||
|
||
} |
Oops, something went wrong.