Java Code Examples for org.keycloak.representations.idm.RealmRepresentation#setAccessTokenLifespan()
The following examples show how to use
org.keycloak.representations.idm.RealmRepresentation#setAccessTokenLifespan() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KeycloakDevModeRealmResourceManager.java From quarkus with Apache License 2.0 | 8 votes |
private static RealmRepresentation createRealm(String name) { RealmRepresentation realm = new RealmRepresentation(); realm.setRealm(name); realm.setEnabled(true); realm.setUsers(new ArrayList<>()); realm.setClients(new ArrayList<>()); realm.setSsoSessionMaxLifespan(2); // sec realm.setAccessTokenLifespan(3); // 3 seconds RolesRepresentation roles = new RolesRepresentation(); List<RoleRepresentation> realmRoles = new ArrayList<>(); roles.setRealm(realmRoles); realm.setRoles(roles); realm.getRoles().getRealm().add(new RoleRepresentation("user", null, false)); return realm; }
Example 2
Source File: KeycloakRealmResourceManager.java From quarkus with Apache License 2.0 | 6 votes |
private static RealmRepresentation createRealm(String name) { RealmRepresentation realm = new RealmRepresentation(); realm.setRealm(name); realm.setEnabled(true); realm.setUsers(new ArrayList<>()); realm.setClients(new ArrayList<>()); realm.setAccessTokenLifespan(3); RolesRepresentation roles = new RolesRepresentation(); List<RoleRepresentation> realmRoles = new ArrayList<>(); roles.setRealm(realmRoles); realm.setRoles(roles); realm.getRoles().getRealm().add(new RoleRepresentation("user", null, false)); realm.getRoles().getRealm().add(new RoleRepresentation("admin", null, false)); realm.getRoles().getRealm().add(new RoleRepresentation("confidential", null, false)); return realm; }
Example 3
Source File: KeycloakRealmResourceManager.java From quarkus with Apache License 2.0 | 6 votes |
@Override public Map<String, String> start() { try { RealmRepresentation realm = createRealm(KEYCLOAK_REALM); createRealmInKeycloak(realm); realms.add(realm); RealmRepresentation logoutRealm = createRealm("logout-realm"); // revoke refresh tokens so that they can only be used once logoutRealm.setRevokeRefreshToken(true); logoutRealm.setRefreshTokenMaxReuse(0); logoutRealm.setSsoSessionMaxLifespan(15); logoutRealm.setAccessTokenLifespan(5); createRealmInKeycloak(logoutRealm); realms.add(logoutRealm); } catch (IOException e) { throw new RuntimeException(e); } return Collections.emptyMap(); }
Example 4
Source File: AbstractAdvancedBrokerTest.java From keycloak with Apache License 2.0 | 6 votes |
/** * Refers to in old testsuite: org.keycloak.testsuite.broker.OIDCKeyCloakServerBrokerBasicTest#testLogoutWorksWithTokenTimeout() */ @Test public void testLogoutWorksWithTokenTimeout() { try { updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin); RealmRepresentation realm = adminClient.realm(bc.providerRealmName()).toRepresentation(); assertNotNull(realm); realm.setAccessTokenLifespan(1); adminClient.realm(bc.providerRealmName()).update(realm); IdentityProviderRepresentation idp = adminClient.realm(bc.consumerRealmName()).identityProviders().get(bc.getIDPAlias()).toRepresentation(); idp.getConfig().put("backchannelSupported", "false"); adminClient.realm(bc.consumerRealmName()).identityProviders().get(bc.getIDPAlias()).update(idp); Time.setOffset(2); driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName())); logInWithBroker(bc); waitForPage(driver, "update account information", false); updateAccountInformationPage.assertCurrent(); updateAccountInformationPage.updateAccountInformation("FirstName", "LastName"); accountPage.logOut(); waitForPage(driver, "log in to", true); log.debug("Logging in"); assertTrue(this.driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/protocol/openid-connect/auth")); } finally { Time.setOffset(0); } }
Example 5
Source File: KeycloakRealmResourceManager.java From quarkus with Apache License 2.0 | 5 votes |
private static RealmRepresentation createRealm(String name) { RealmRepresentation realm = new RealmRepresentation(); realm.setRealm(name); realm.setEnabled(true); realm.setUsers(new ArrayList<>()); realm.setClients(new ArrayList<>()); realm.setSsoSessionMaxLifespan(3); // sec realm.setAccessTokenLifespan(4); // 3 seconds RolesRepresentation roles = new RolesRepresentation(); List<RoleRepresentation> realmRoles = new ArrayList<>(); roles.setRealm(realmRoles); realm.setRoles(roles); realm.getRoles().getRealm().add(new RoleRepresentation("user", null, false)); realm.getRoles().getRealm().add(new RoleRepresentation("admin", null, false)); realm.getRoles().getRealm().add(new RoleRepresentation("confidential", null, false)); realm.getClients().add(createClient("quarkus-app")); realm.getClients().add(createClientJwt("quarkus-app-jwt")); realm.getUsers().add(createUser("alice", "user")); realm.getUsers().add(createUser("admin", "user", "admin")); realm.getUsers().add(createUser("jdoe", "user", "confidential")); return realm; }
Example 6
Source File: AbstractBasePhotozExampleAdapterTest.java From keycloak with Apache License 2.0 | 5 votes |
@Override public void addAdapterTestRealms(List<RealmRepresentation> testRealms) { RealmRepresentation realm = loadRealm(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-realm.json")); realm.setAccessTokenLifespan(30 + TOKEN_LIFESPAN_LEEWAY); // seconds testRealms.add(realm); }
Example 7
Source File: OIDCPublicKeyRotationAdapterTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void testPublicKeyCacheTtl() { // increase accessTokenLifespan to 1200 RealmRepresentation demoRealm = adminClient.realm(DEMO).toRepresentation(); demoRealm.setAccessTokenLifespan(1200); adminClient.realm(DEMO).update(demoRealm); // authenticate in tokenMinTTL app loginToTokenMinTtlApp(); String accessTokenString = tokenMinTTLPage.getAccessTokenString(); // Send REST request to customer-db app. I should be successfully authenticated int status = invokeRESTEndpoint(accessTokenString); Assert.assertEquals(200, status); // Re-generate realm public key and remove the old key String oldActiveKeyProviderId = getActiveKeyProvider(); generateNewRealmKey(); adminClient.realm(DEMO).components().component(oldActiveKeyProviderId).remove(); // Send REST request to the customer-db app. Should be still succcessfully authenticated as the JWKPublicKeyLocator cache is still valid status = invokeRESTEndpoint(accessTokenString); Assert.assertEquals(200, status); // TimeOffset to 900 on the REST app side. Token is still valid (1200) but JWKPublicKeyLocator should try to download new key (public-key-cache-ttl=600) setAdapterAndServerTimeOffset(900, customerDb.toString() + "/unsecured/foo"); // Send REST request. New request to the publicKey cache should be sent, and key is no longer returned as token contains the old kid status = invokeRESTEndpoint(accessTokenString); Assert.assertEquals(401, status); // Revert public keys change and time offset resetKeycloakDeploymentForAdapter(customerDb.toString() + "/unsecured/foo"); resetKeycloakDeploymentForAdapter(tokenMinTTLPage.toString() + "/unsecured/foo"); }
Example 8
Source File: SessionTest.java From keycloak with Apache License 2.0 | 5 votes |
@Override public void addTestRealms(List<RealmRepresentation> testRealms) { super.addTestRealms(testRealms); RealmRepresentation realm = testRealms.get(0); // in seconds realm.setSsoSessionIdleTimeout(1); realm.setAccessTokenLifespan(10); }
Example 9
Source File: DemoServletsAdapterTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void testTokenInCookieRefresh() { log.debug("Set token timeout 10 sec"); RealmRepresentation demo = adminClient.realm("demo").toRepresentation(); int originalTokenTimeout = demo.getAccessTokenLifespan(); demo.setAccessTokenLifespan(10); adminClient.realm("demo").update(demo); try { log.debug("login to customer-cookie-portal"); String tokenCookie1 = loginToCustomerCookiePortal(); log.debug("Simulate waiting 12 seconds"); setAdapterAndServerTimeOffset(12, customerCookiePortal.toString()); log.debug("assert cookie was refreshed"); customerCookiePortal.navigateTo(); assertCurrentUrlEquals(customerCookiePortal); assertLogged(); String tokenCookie2 = driver.manage().getCookieNamed(AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE).getValue(); assertNotEquals(tokenCookie1, tokenCookie2); log.debug("login to 2nd app and logout from it"); customerPortal.navigateTo(); assertCurrentUrlEquals(customerPortal); assertLogged(); driver.navigate().to(customerPortal.logout().toASCIIString()); WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present(); customerPortal.navigateTo(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); log.debug("Simulate another 12 seconds"); setAdapterAndServerTimeOffset(24, customerCookiePortal.toString()); log.debug("assert not logged in customer-cookie-portal"); customerCookiePortal.navigateTo(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); } finally { log.debug("Set token timeout to original"); demo.setAccessTokenLifespan(originalTokenTimeout); adminClient.realm("demo").update(demo); log.debug("reset time offset"); setAdapterAndServerTimeOffset(0, customerCookiePortal.toString().concat("/unsecured")); } }
Example 10
Source File: DemoServletsAdapterTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void testTokenConcurrentRefresh() { RealmResource demoRealm = adminClient.realm("demo"); RealmRepresentation demo = demoRealm.toRepresentation(); demo.setAccessTokenLifespan(2); demo.setRevokeRefreshToken(true); demo.setRefreshTokenMaxReuse(0); demoRealm.update(demo); // Login tokenRefreshPage.navigateTo(); assertTrue(testRealmLoginPage.form().isUsernamePresent()); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); testRealmLoginPage.form().login("bburke@redhat.com", "password"); assertCurrentUrlEquals(tokenRefreshPage); setAdapterAndServerTimeOffset(5, tokenRefreshPage.toString()); BasicCookieStore cookieStore = new BasicCookieStore(); BasicClientCookie jsessionid = new BasicClientCookie("JSESSIONID", driver.manage().getCookieNamed("JSESSIONID").getValue()); jsessionid.setDomain("localhost"); jsessionid.setPath("/"); cookieStore.addCookie(jsessionid); ExecutorService executor = Executors.newWorkStealingPool(); CompletableFuture future = CompletableFuture.completedFuture(null); try { for (int i = 0; i < 5; i++) { future = CompletableFuture.allOf(future, CompletableFuture.runAsync(() -> { try (CloseableHttpClient client = HttpClientBuilder.create().setDefaultCookieStore(cookieStore) .build()) { HttpUriRequest request = new HttpGet(tokenRefreshPage.getInjectedUrl().toString()); try (CloseableHttpResponse httpResponse = client.execute(request)) { assertTrue("Token not refreshed", EntityUtils.toString(httpResponse.getEntity()).contains("accessToken")); } } catch (Exception e) { throw new RuntimeException(e); } }, executor)); } future.join(); } finally { executor.shutdownNow(); } // Revert times setAdapterAndServerTimeOffset(0, tokenRefreshPage.toString()); }
Example 11
Source File: OIDCPublicKeyRotationAdapterTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void testPublicKeyCacheInvalidatedWhenPushedNotBefore() { driver.manage().timeouts().pageLoadTimeout(1000, TimeUnit.SECONDS); String customerDBUnsecuredUrl = customerDb.getUriBuilder().clone().path("unsecured").path("foo").build().toASCIIString(); String customerDBUrlNoTrailSlash = customerDb.getUriBuilder().build().toASCIIString(); customerDBUrlNoTrailSlash = customerDBUrlNoTrailSlash.substring(0, customerDBUrlNoTrailSlash.length() - 1); String tokenMinTTLUnsecuredUrl = tokenMinTTLPage.getUriBuilder().clone().path("unsecured").path("foo").build().toASCIIString(); // increase accessTokenLifespan to 1200 RealmRepresentation demoRealm = adminClient.realm(DEMO).toRepresentation(); demoRealm.setAccessTokenLifespan(1200); adminClient.realm(DEMO).update(demoRealm); // authenticate in tokenMinTTL app loginToTokenMinTtlApp(); String accessTokenString = tokenMinTTLPage.getAccessTokenString(); // Generate new realm public key String oldActiveKeyProviderId = getActiveKeyProvider(); generateNewRealmKey(); // Send REST request to customer-db app. It should be successfully authenticated even that token is signed by the old key int status = invokeRESTEndpoint(accessTokenString); Assert.assertEquals(200, status); // Remove the old realm key now adminClient.realm(DEMO).components().component(oldActiveKeyProviderId).remove(); // Set some offset to ensure pushing notBefore will pass setAdapterAndServerTimeOffset(130, customerDBUnsecuredUrl, tokenMinTTLUnsecuredUrl); // Send notBefore policy from the realm demoRealm.setNotBefore(Time.currentTime() - 1); adminClient.realm(DEMO).update(demoRealm); GlobalRequestResult result = adminClient.realm(DEMO).pushRevocation(); Assert.assertTrue(result.getSuccessRequests().contains(customerDBUrlNoTrailSlash)); // Send REST request. New request to the publicKey cache should be sent, and key is no longer returned as token contains the old kid status = invokeRESTEndpoint(accessTokenString); Assert.assertEquals(401, status); // Revert public keys change and time offset resetKeycloakDeploymentForAdapter(customerDBUnsecuredUrl); resetKeycloakDeploymentForAdapter(tokenMinTTLUnsecuredUrl); }