Skip to content
This repository has been archived by the owner on Sep 18, 2023. It is now read-only.

add security tests #11

Closed
6 of 7 tasks
Ladicek opened this issue Feb 21, 2020 · 1 comment
Closed
6 of 7 tasks

add security tests #11

Ladicek opened this issue Feb 21, 2020 · 1 comment
Assignees
@Ladicek

Comments

@Ladicek
Copy link
Contributor

Ladicek commented Feb 21, 2020
edited
Loading

We need at least these common scenarios covered:

  • HTTP Basic authn / RBAC authz with users/passwords/roles embedded in application.properties
  • token-based authn / RBAC authz with MP JWT (token issued programmatically)
  • token-based authn / RBAC authz with Keycloak (Keycloak only issues and verifies tokens)
  • token-based authn / URL-based authz with Keycloak (Keycloak handles everything)

We should also have tests for HTTPS:

  • 1way TLS
  • 2way TLS: client cert presence
  • 2way TLS: client cert authn and RBAC authz

The HTTPS tests are a bit harder to run on OpenShift, so we can leave them as local for now.
@Ladicek Ladicek self-assigned this Mar 18, 2020
@Ladicek Ladicek mentioned this issue Apr 14, 2020
Open
@Ladicek
Copy link
Contributor Author

Ladicek commented Apr 14, 2020

The remaining test, 2way TLS: client cert authn and RBAC authz, is blocked on quarkusio/quarkus#8508. I filed #16 for it. The major part of security-related tests is done, so closing this.

@Ladicek Ladicek closed this as completed Apr 14, 2020
pjgg pushed a commit to pjgg/quarkus-openshift-test-suite that referenced this issue Jul 16, 2021
@kshpak
Merge pull request quarkus-qe#11 from pjgg/feat/quarkus_2_0_1
4b80e79 
Fix quarkus-workshop-super-heroes non-application paths
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Ladicek Ladicek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ladicek