[WFLY-17649] Adds integration tests and github action workflow for ejb-security-jwt quickstart

Author: gaol

.github/workflows/quickstart_ejb-security-jwt_ci.yml

@@ -0,0 +1,18 @@
+name: WildFly EJB Security JWT Quickstart CI
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths:
+      - 'ejb-security-jwt/**'
+      - '.github/workflows/quickstart_ci.yml'
+
+jobs:
+  call-quickstart_ci:
+    uses: ./.github/workflows/quickstart_ci.yml
+    with:
+      QUICKSTART_PATH: ejb-security-jwt
+      TEST_PROVISIONED_SERVER: true
+      TEST_OPENSHIFT: false
+      MATRIX_OS: '"ubuntu-latest"'
+      DEPLOYMENT_DIR: app-one/ear

.github/workflows/quickstart_ejb-security-jwt_ci_before.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+set -x
+
+# Start keycloak with required configuration
+docker run -d --rm --name "keycloak" \
+  -p 8180:8080 \
+  -e KEYCLOAK_ADMIN=admin \
+  -e KEYCLOAK_ADMIN_PASSWORD=admin \
+  -v ${GITHUB_WORKSPACE}/quickstarts/ejb-security-jwt/keycloak/realm:/opt/keycloak/data/import \
+  quay.io/keycloak/keycloak:21.0.0 start-dev --import-realm

ejb-security-jwt/README.adoc

@@ -312,6 +312,9 @@ We can see that the user `quickstartUser` has the `user` role, but does not have
 
 We can also see that the invocation from EJBA to EJBB uses the same authentication context as what is used in remote client calls EJBA.
 
+// Server Distribution Testing
+include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]
+
 == Undeploy the Archives
 
 To undeploy the components from the {productName} servers:

ejb-security-jwt/app-one/ear/pom.xml

@@ -22,6 +22,7 @@
         <groupId>org.wildfly.quickstarts</groupId>
         <artifactId>ejb-security-jwt-app-one</artifactId>
         <version>31.0.0.Beta1-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>ejb-security-jwt-app-one-ear</artifactId>
     <packaging>ear</packaging>
@@ -77,4 +78,47 @@
         </plugins>
     </build>
 
+    <profiles>
+        <profile>
+            <id>provisioned-server</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.wildfly.plugins</groupId>
+                        <artifactId>wildfly-maven-plugin</artifactId>
+                        <configuration>
+                            <feature-packs>
+                                <feature-pack>
+                                    <location>org.wildfly:wildfly-galleon-pack:${version.server}</location>
+                                </feature-pack>
+                            </feature-packs>
+                            <layers>
+                                <layer>cloud-server</layer>
+                                <layer>ejb</layer>
+                            </layers>
+                            <name>${project.parent.artifactId}.ear</name>
+                            <packaging-scripts>
+                                <packaging-script>
+                                    <java-opts>-Dejb-outbound-port=${ejb-outbound-port}</java-opts>
+                                    <scripts>
+                                        <script>${basedir}/../../configure-elytron.cli</script>
+                                        <script>${basedir}/../../configure-ejb-outbound-connection.cli</script>
+                                    </scripts>
+                                    <resolve-expressions>true</resolve-expressions>
+                                </packaging-script>
+                            </packaging-scripts>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>package</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
 </project>

ejb-security-jwt/client/pom.xml

@@ -53,6 +53,13 @@
             <artifactId>ejb-security-jwt-app-one-ejb</artifactId>
             <type>ejb-client</type>
         </dependency>
+
+        <!-- Test dependencies -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -74,4 +81,31 @@
         </plugins>
     </build>
 
+    <profiles>
+        <profile>
+            <id>integration-testing</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-failsafe-plugin</artifactId>
+                        <configuration>
+                            <includes>
+                                <include>**/*IT</include>
+                            </includes>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>integration-test</goal>
+                                    <goal>verify</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
 </project>

ejb-security-jwt/client/src/test/java/org/jboss/as/quickstarts/ejb/security/jwt/EJBSecurityJWTIT.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2023 JBoss by Red Hat.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.as.quickstarts.ejb.security.jwt;
+
+import org.jboss.as.quickstarts.ejb.security.jwt.appone.JWTSecurityEJBRemoteA;
+import org.jboss.as.quickstarts.ejb.security.jwt.client.RemoteEJBClient;
+import org.junit.Assert;
+import org.junit.Test;
+import org.wildfly.security.auth.client.AuthenticationContext;
+
+import javax.naming.NamingException;
+import java.io.IOException;
+
+/**
+ * Tests that
+ *
+ * @author <a href="mailto:[email protected]">Lin Gao</a>
+ */
+public class EJBSecurityJWTIT {
+    private static final String DEFAULT_SERVER_HOST = "http://localhost:8080";
+
+    private String getProviderURl() {
+        final String serverHost = System.getProperty("server.host");
+        return "remote+" + (serverHost != null ? serverHost : DEFAULT_SERVER_HOST);
+    }
+
+    @Test
+    public void testRegular() throws NamingException {
+        AuthenticationContext.getContextManager().setThreadDefault(null);
+        JWTSecurityEJBRemoteA remoteA = RemoteEJBClient.lookupEJBRemoteA(true, getProviderURl());
+        Assert.assertEquals("quickstartuser", remoteA.principal().toLowerCase());
+        Assert.assertTrue(remoteA.inRole("user"));
+        Assert.assertFalse(remoteA.inRole("admin"));
+        Assert.assertTrue(remoteA.inRoleFromB("user", true));
+        Assert.assertFalse(remoteA.inRoleFromB("admin", true));
+    }
+
+    @Test
+    public void testAdmin() throws IOException, NamingException {
+        RemoteEJBClient.switchToAdmin();
+        JWTSecurityEJBRemoteA remoteA = RemoteEJBClient.lookupEJBRemoteA(true, getProviderURl());
+        Assert.assertEquals("admin", remoteA.principal().toLowerCase());
+        Assert.assertTrue(remoteA.inRole("user"));
+        Assert.assertTrue(remoteA.inRole("admin"));
+        Assert.assertTrue(remoteA.inRoleFromB("user", true));
+        Assert.assertTrue(remoteA.inRoleFromB("admin", true));
+    }
+
+}

ejb-security-jwt/client/src/test/resources/META-INF/wildfly-config.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2023 Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<configuration>
+    <authentication-client xmlns="urn:elytron:client:1.7">
+        <authentication-rules>
+                    <rule use-configuration="default" />
+        </authentication-rules>
+        <authentication-configurations>
+            <configuration name="default">
+                <sasl-mechanism-selector selector="OAUTHBEARER" />
+                <credentials>
+                    <oauth2-bearer-token token-endpoint-uri="http://localhost:8180/realms/jwt-realm/protocol/openid-connect/token">
+                        <resource-owner-credentials name="quickstartUser">
+                            <credential-store-reference clear-text="quickstartPwd1!" />
+                        </resource-owner-credentials>
+                        <client-credentials client-id="app" client-secret="secret"/>
+                    </oauth2-bearer-token>
+                </credentials>
+             </configuration>
+        </authentication-configurations>
+    </authentication-client>
+</configuration>