security-openid example add integration test for notifyProvider=true

Author: jungm

examples/security-openid/src/main/java/org/superbiz/openid/LogoutServlet.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.superbiz.openid;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+
+@WebServlet(name = "Logout Servlet", urlPatterns = "/logout")
+public class LogoutServlet extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        if (req.getUserPrincipal() != null) {
+            req.logout();
+            return;
+        }
+
+        resp.getWriter().write("logged out");
+    }
+}

examples/security-openid/src/main/java/org/superbiz/openid/SecuredServlet.java

@@ -17,6 +17,7 @@
 package org.superbiz.openid;
 
 import jakarta.security.enterprise.authentication.mechanism.http.OpenIdAuthenticationMechanismDefinition;
+import jakarta.security.enterprise.authentication.mechanism.http.openid.LogoutDefinition;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.HttpConstraint;
 import jakarta.servlet.annotation.ServletSecurity;
@@ -33,7 +34,8 @@
         clientId = "#{openIdConfig.clientId}",
         clientSecret = "#{openIdConfig.clientSecret}",
         useSession = false,
-        redirectToOriginalResource = true)
+        redirectToOriginalResource = true,
+        logout = @LogoutDefinition(notifyProvider = true, redirectURI = "#{baseURL}/logout"))
 @ServletSecurity(@HttpConstraint(rolesAllowed = "user"))
 @WebServlet(name = "Secured Servlet", urlPatterns = "/secured")
 public class SecuredServlet extends HttpServlet {

examples/security-openid/src/test/java/org/superbiz/openid/SecuredServletTest.java

@@ -52,7 +52,7 @@ public static WebArchive createDeployment() {
                 + "openid.client-secret = tomee-client-secret\n";
 
         return ShrinkWrap.create(WebArchive.class, "ROOT.war")
-                .addClasses(SecuredServlet.class, OpenIdConfig.class)
+                .addClasses(SecuredServlet.class, LogoutServlet.class, OpenIdConfig.class)
                 .addAsResource("META-INF/beans.xml")
                 .addAsResource(new StringAsset(mpConfig), "META-INF/microprofile-config.properties");
     }
@@ -91,4 +91,25 @@ public void adminRoleMapped() throws Exception {
             assertEquals("Hello, tomee-admin\nYou're an admin!\nRequest parameters: ", securedServletPage.getContent());
         }
     }
+
+    @Test
+    @RunAsClient
+    public void testLogoutNotifyProvider() throws Exception {
+        try (WebClient webClient = new WebClient()) {
+            // Login and logout again
+            HtmlPage htmlPage = webClient.getPage(url + "/secured");
+            assertTrue(htmlPage.getUrl().toString().startsWith(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/tomee/protocol/openid-connect/auth"));
+
+            HtmlForm loginForm = htmlPage.getForms().get(0);
+            loginForm.getInputByName("username").setValue("tomee-user");
+            loginForm.getInputByName("password").setValue("tomee");
+            loginForm.getButtonByName("login").click();
+
+            webClient.getPage(url + "/logout");
+
+            // Try to log in again, assert that the keycloak login is showing (= provider has been notified of logout)
+            HtmlPage securedAgain = webClient.getPage(url + "/secured");
+            assertTrue(securedAgain.getUrl().toString().startsWith(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/tomee/protocol/openid-connect/auth"));
+        }
+    }
 }