REPO-4915 - Keycloak upgrade to 9.0.3 (#962)

.travis.settings.xml

@@ -6,5 +6,10 @@
             <username>${env.MAVEN_USERNAME}</username>
             <password>${env.MAVEN_PASSWORD}</password>
         </server>
+        <server>
+            <id>quay.io</id>
+            <username>${env.QUAY_USERNAME}</username>
+            <password>${env.QUAY_PASSWORD}</password>
+        </server>
     </servers>
 </settings>

.travis.yml

@@ -64,7 +64,13 @@ jobs:
       before_install:
         - docker run -d -p 5433:5432 -e POSTGRES_PASSWORD=alfresco -e POSTGRES_USER=alfresco -e POSTGRES_DB=alfresco postgres:11.4 postgres -c 'max_connections=300'
         - docker run -d -p 61616:61616 -p 5672:5672 alfresco/alfresco-activemq:5.15.8
-      script: travis_wait 20 mvn test -B -Dtest=AppContext05TestSuite -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+        - "mkdir -p $HOME/tmp"
+        - "cp src/test/resources/realms/alfresco-realm.json $HOME/tmp"
+        - docker login quay.io -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+        - "export HOST_IP=$(ip address show | grep -E \"([0-9]{1,3}\\.){3}[0-9]{1,3}\" | grep -v 127.0.0.1 | awk '{ print $2 }' | head -n 1 )"
+        - "export HOST_IP=$(echo ${HOST_IP%/*})"
+        - docker run -d -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_VENDOR=h2 -p 8999:8080 -e KEYCLOAK_IMPORT=/tmp/alfresco-realm.json -v $HOME/tmp/alfresco-realm.json:/tmp/alfresco-realm.json quay.io/alfresco/alfresco-identity-service:1.2
+      script: travis_wait 20 mvn test -B -Dtest=AppContext05TestSuite -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco "-Didentity-service.auth-server-url=http://${HOST_IP}:8999/auth"
     - name: "AppContext06TestSuite"
       before_install:
         - docker run -d -p 5433:5432 -e POSTGRES_PASSWORD=alfresco -e POSTGRES_USER=alfresco -e POSTGRES_DB=alfresco postgres:11.4 postgres -c 'max_connections=300'

pom.xml

@@ -59,7 +59,7 @@
         <dependency.mysql.version>8.0.19</dependency.mysql.version>
         <dependency.mariadb.version>2.6.0</dependency.mariadb.version>
         <dependency.antlr.version>3.5.2</dependency.antlr.version>
-        <dependency.keycloak.version>6.0.1</dependency.keycloak.version>
+        <dependency.keycloak.version>9.0.3</dependency.keycloak.version>
         <dependency.jboss.logging.version>3.4.1.Final</dependency.jboss.logging.version>
         <dependency.camel.version>2.24.2</dependency.camel.version>
         <dependency.activemq.version>5.15.11</dependency.activemq.version>

src/test/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceRemoteUserMapperTest.java

@@ -30,11 +30,16 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 import java.io.ByteArrayInputStream;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.PublicKey;
+import java.util.Enumeration;
 import java.util.Map;
 import java.util.Vector;
+import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -123,21 +128,44 @@ public class IdentityServiceRemoteUserMapperTest extends AbstractChainedSubsyste
 
     public void testKeycloakConfig() throws Exception
     {
+        //Get the host of the IDS test server
+        String ip = "localhost";
+        try {
+            Enumeration<NetworkInterface> interfaces = NetworkInterface.getNetworkInterfaces();
+            while (interfaces.hasMoreElements()) {
+                NetworkInterface iface = interfaces.nextElement();
+                // filters out 127.0.0.1 and inactive interfaces
+                if (iface.isLoopback() || !iface.isUp())
+                    continue;
+
+                Enumeration<InetAddress> addresses = iface.getInetAddresses();
+                while(addresses.hasMoreElements()) {
+                    InetAddress addr = addresses.nextElement();
+                    if(Pattern.matches("([0-9]{1,3}\\.){3}[0-9]{1,3}", addr.getHostAddress())){
+                        ip = addr.getHostAddress();
+                        break;
+                    }
+                }
+            }
+        } catch (SocketException e) {
+            throw new RuntimeException(e);
+        }
+
         // check string overrides
-        assertEquals("identity-service.auth-server-url", "http://192.168.0.1:8180/auth", 
+        assertEquals("identity-service.auth-server-url", "http://"+ip+":8999/auth",
                     this.identityServiceConfig.getAuthServerUrl());
         
-        assertEquals("identity-service.realm", "test", 
+        assertEquals("identity-service.realm", "alfresco",
                     this.identityServiceConfig.getRealm());
-        
-        assertEquals("identity-service.realm-public-key", 
+
+        assertEquals("identity-service.realm-public-key",
                     "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWLQxipXNe6cLnVPGy7l" +
                     "BgyR51bDiK7Jso8Rmh2TB+bmO4fNaMY1ETsxECSM0f6NTV0QHks9+gBe+pB6JNeM" +
                     "uPmaE/M/MsE9KUif9L2ChFq3zor6s2foFv2DTiTkij+1aQF9fuIjDNH4FC6L252W" +
                     "ydZzh+f73Xuy5evdPj+wrPYqWyP7sKd+4Q9EIILWAuTDvKEjwyZmIyfM/nUn6ltD" +
                     "P6W8xMP0PoEJNAAp79anz2jk2HP2PvC2qdjVsphdTk3JG5qQMB0WJUh4Kjgabd4j" +
                     "QJ77U8gTRswKgNHRRPWhruiIcmmkP+zI0ozNW6rxH3PF4L7M9rXmfcmUcBcKf+Yx" +
-                    "jwIDAQAB", 
+                    "jwIDAQAB",
                     this.identityServiceConfig.getRealmKey());
         
         assertEquals("identity-service.ssl-required", "external", 

src/test/resources/alfresco-global.properties

@@ -1,6 +1,6 @@
 # Test identity service authentication overrides
-identity-service.auth-server-url=http://192.168.0.1:8180/auth
-identity-service.realm=test
+#identity-service.auth-server-url=http://192.168.0.1:8180/auth
+identity-service.realm=alfresco
 identity-service.realm-public-key=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWLQxipXNe6cLnVPGy7l\
 BgyR51bDiK7Jso8Rmh2TB+bmO4fNaMY1ETsxECSM0f6NTV0QHks9+gBe+pB6JNeM\
 uPmaE/M/MsE9KUif9L2ChFq3zor6s2foFv2DTiTkij+1aQF9fuIjDNH4FC6L252W\