2

My SpringBoot application has following keycloak dependency to connect to the Keycloak server. I used this tutorial for the setup.

<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>

The application works fine, the problem is however with e2e Tests. I use following code for e2e tests

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ActiveProfiles("test")
class ServerIntegrationTests {
    @Autowired
    TestRestTemplate restTemplate;

    // ...
}

For authorization-server mocking I use following lib:

<dependency>
    <groupId>com.c4-soft.springaddons</groupId>
    <artifactId>spring-addons-keycloak</artifactId>
    <version>${springaddons.version}</version>
    <scope>test</scope>
</dependency>

This lib however seems to work only with @MockMvc, but not with real HTTP-Calls, i.e. @TestRestTemplate.

So my questions are:

  1. Does com.c4-soft.springaddons only support @MockMvc context?
  2. If so, what are the other possibilities to test whole application (without mocking servlet container) with mocked authorization-server (keycloak)?

I have tried following lib, but it does not work with keycloak-spring-boot-starter:

<dependency>
    <groupId>no.nav.security</groupId>
    <artifactId>mock-oauth2-server</artifactId>
    <version>0.5.1</version>
    <scope>test</scope>
</dependency>
Vytautas Arminas
  • 387
  • 5
  • 16

1 Answers1

0

Does com.c4-soft.springaddons only support @MockMvc context?

No it works without MockMvc. It supports WebTestClient too or just testing secured @Component outside of any HTTP request (@Repository and @Service for instance).

But its usage is limited to unit-testing only. Here is why

I'm not sure you can mock authorization-server: spring-security validates the JWT bearer against its issuer and for that the token must be valid and signing key accessible from configured issuer (unless you modify security filters, but then your test wont cover production security anymore).

You might have to use a dockerised Keycloak or something. After all, aren't you writing end-to-end test for a system which includes an authorization-server?

Your tests will first issue a POST request to Keycloak to be delivered a valid access-token and then add it as authorization header to the test requests sent to your resource-server(s).

P.S.

keycloak-spring-boot-starter is deprecated: https://github.com/keycloak/keycloak/discussions/10187

You can have a look at those tutorials for an alternative

ch4mp
  • 6,622
  • 6
  • 29
  • 49