refactoring(infra-auth)

2025-08-14 21:21:53 +02:00
parent fde93093b9
commit fa04c16ece
21 changed files with 3031 additions and 44 deletions
@@ -0,0 +1,41 @@
+package at.mocode.infrastructure.auth.config
+
+import at.mocode.infrastructure.auth.client.JwtService
+import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.boot.context.properties.EnableConfigurationProperties
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import kotlin.time.Duration.Companion.minutes
+
+/**
+ * Spring configuration for the Auth Server module.
+ * Provides the necessary beans and configuration for JWT handling and authentication.
+ */
+@Configuration
+@EnableConfigurationProperties(AuthServerConfiguration.JwtProperties::class)
+class AuthServerConfiguration {
+
+    /**
+     * Creates a JwtService bean with configuration from application properties.
+     */
+    @Bean
+    fun jwtService(jwtProperties: JwtProperties): JwtService {
+        return JwtService(
+            secret = jwtProperties.secret,
+            issuer = jwtProperties.issuer,
+            audience = jwtProperties.audience,
+            expiration = jwtProperties.expiration.minutes
+        )
+    }
+
+    /**
+     * Configuration properties for JWT settings.
+     */
+    @ConfigurationProperties(prefix = "auth.jwt")
+    data class JwtProperties(
+        val secret: String = "default-secret-for-development-only-please-change-in-production",
+        val issuer: String = "meldestelle-auth-server",
+        val audience: String = "meldestelle-services",
+        val expiration: Long = 60 // minutes
+    )
+}
@@ -0,0 +1,72 @@
+package at.mocode.infrastructure.auth
+
+import at.mocode.infrastructure.auth.client.JwtService
+import at.mocode.infrastructure.auth.config.AuthServerConfiguration
+import org.junit.jupiter.api.Assertions.*
+import org.junit.jupiter.api.Test
+
+/**
+ * Basic tests for the Auth Server application and configuration.
+ * These tests verify the application structure and basic functionality without requiring full Spring context.
+ */
+class AuthServerApplicationTest {
+
+    @Test
+    fun `application context should load successfully`() {
+        // Test that we can instantiate the main application class
+        val application = AuthServerApplication()
+        assertNotNull(application)
+    }
+
+    @Test
+    fun `main application class should be properly configured`() {
+        // Arrange & Act
+        val applicationClass = AuthServerApplication::class.java
+
+        // Assert
+        assertTrue(applicationClass.isAnnotationPresent(org.springframework.boot.autoconfigure.SpringBootApplication::class.java)) {
+            "AuthServerApplication should be annotated with @SpringBootApplication"
+        }
+    }
+
+    @Test
+    fun `auth server configuration should create JWT service bean`() {
+        // Arrange
+        val config = AuthServerConfiguration()
+        val jwtProperties = AuthServerConfiguration.JwtProperties(
+            secret = "test-secret-for-testing-only-at-least-512-bits-long-for-hmac512",
+            issuer = "test-issuer",
+            audience = "test-audience",
+            expiration = 60
+        )
+
+        // Act
+        val jwtService = config.jwtService(jwtProperties)
+
+        // Assert
+        assertNotNull(jwtService)
+        assertInstanceOf(JwtService::class.java, jwtService)
+
+        // Test that the service can generate and validate tokens
+        val token = jwtService.generateToken("test-user", "testuser", emptyList())
+        assertNotNull(token)
+        assertTrue(token.isNotEmpty())
+
+        val validationResult = jwtService.validateToken(token)
+        assertTrue(validationResult.isSuccess)
+        assertEquals(true, validationResult.getOrNull())
+    }
+
+    @Test
+    fun `JWT properties should have sensible defaults`() {
+        // Arrange & Act
+        val defaultProperties = AuthServerConfiguration.JwtProperties()
+
+        // Assert
+        assertNotNull(defaultProperties.secret)
+        assertTrue(defaultProperties.secret.isNotEmpty())
+        assertEquals("meldestelle-auth-server", defaultProperties.issuer)
+        assertEquals("meldestelle-services", defaultProperties.audience)
+        assertEquals(60L, defaultProperties.expiration)
+    }
+}
@@ -0,0 +1,264 @@
+package at.mocode.infrastructure.auth
+
+import at.mocode.infrastructure.auth.client.JwtService
+import at.mocode.infrastructure.auth.client.model.BerechtigungE
+import at.mocode.infrastructure.auth.config.AuthServerConfiguration
+import org.junit.jupiter.api.Assertions.*
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.context.ApplicationContext
+import org.springframework.test.context.TestPropertySource
+
+/**
+ * Minimal integration tests for the Auth Server.
+ * Tests essential functionality without full Spring Boot context complexity.
+ * Focuses on core service integration and configuration validation.
+ *
+ * This implements "Option 1: Minimale Integration Tests" focusing on essentials
+ * without vollständige Spring Boot Konfiguration.
+ */
+@SpringBootTest(
+    webEnvironment = SpringBootTest.WebEnvironment.NONE,
+    classes = [AuthServerConfiguration::class]
+)
+@TestPropertySource(properties = [
+    "auth.jwt.secret=test-secret-for-testing-only-at-least-512-bits-long-for-hmac512-algorithm",
+    "auth.jwt.issuer=test-issuer",
+    "auth.jwt.audience=test-audience",
+    "auth.jwt.expiration=60",
+    "spring.main.web-application-type=none",
+    "logging.level.org.springframework.security=WARN"
+])
+class AuthServerIntegrationTest {
+
+    @Autowired
+    private lateinit var applicationContext: ApplicationContext
+
+    @Autowired
+    private lateinit var jwtService: JwtService
+
+    private lateinit var testToken: String
+
+    @BeforeEach
+    fun setUp() {
+        testToken = jwtService.generateToken(
+            userId = "test-user-123",
+            username = "testuser",
+            permissions = listOf(BerechtigungE.PERSON_READ, BerechtigungE.VEREIN_READ)
+        )
+    }
+
+    // ========== Core Service Integration Tests ==========
+
+    @Test
+    fun `application context should load with minimal configuration`() {
+        // Verify that the Spring context loads successfully
+        assertNotNull(applicationContext)
+        assertTrue(applicationContext.beanDefinitionCount > 0)
+
+        println("[DEBUG_LOG] Application context loaded successfully")
+        println("[DEBUG_LOG] Bean count: ${applicationContext.beanDefinitionCount}")
+    }
+
+    @Test
+    fun `JwtService should be properly configured as Spring bean`() {
+        // Verify that JwtService is available as a Spring bean
+        assertTrue(applicationContext.containsBean("jwtService"))
+        assertNotNull(jwtService)
+        assertInstanceOf(JwtService::class.java, jwtService)
+
+        println("[DEBUG_LOG] JwtService bean configured successfully")
+    }
+
+    @Test
+    fun `JWT service should generate valid tokens`() {
+        // Test token generation functionality
+        val token = jwtService.generateToken(
+            userId = "integration-test-user",
+            username = "inttest",
+            permissions = listOf(BerechtigungE.PERSON_CREATE, BerechtigungE.PFERD_READ)
+        )
+
+        assertNotNull(token)
+        assertTrue(token.isNotEmpty())
+
+        // Verify token can be validated
+        val validationResult = jwtService.validateToken(token)
+        assertTrue(validationResult.isSuccess)
+        assertEquals(true, validationResult.getOrNull())
+
+        println("[DEBUG_LOG] Token generated and validated successfully")
+    }
+
+    @Test
+    fun `JWT service should extract user information correctly`() {
+        // Test user ID extraction
+        val userIdResult = jwtService.getUserIdFromToken(testToken)
+        assertTrue(userIdResult.isSuccess)
+        assertEquals("test-user-123", userIdResult.getOrNull())
+
+        // Test permissions extraction
+        val permissionsResult = jwtService.getPermissionsFromToken(testToken)
+        assertTrue(permissionsResult.isSuccess)
+        val permissions = permissionsResult.getOrNull()!!
+        assertEquals(2, permissions.size)
+        assertTrue(permissions.contains(BerechtigungE.PERSON_READ))
+        assertTrue(permissions.contains(BerechtigungE.VEREIN_READ))
+
+        println("[DEBUG_LOG] User information extracted correctly")
+        println("[DEBUG_LOG] User ID: ${userIdResult.getOrNull()}")
+        println("[DEBUG_LOG] Permissions: $permissions")
+    }
+
+    @Test
+    fun `JWT service should handle invalid tokens properly`() {
+        val invalidToken = "invalid.jwt.token"
+
+        // Validation should fail
+        val validationResult = jwtService.validateToken(invalidToken)
+        assertTrue(validationResult.isFailure)
+
+        // User ID extraction should fail
+        val userIdResult = jwtService.getUserIdFromToken(invalidToken)
+        assertTrue(userIdResult.isFailure)
+
+        // Permissions extraction should fail
+        val permissionsResult = jwtService.getPermissionsFromToken(invalidToken)
+        assertTrue(permissionsResult.isFailure)
+
+        println("[DEBUG_LOG] Invalid token handling works correctly")
+    }
+
+    // ========== Configuration Validation Tests ==========
+
+    @Test
+    fun `configuration properties should be properly loaded`() {
+        // Test that JWT configuration is loaded correctly
+        val jwtProperties = applicationContext.getBean(AuthServerConfiguration.JwtProperties::class.java)
+        assertNotNull(jwtProperties)
+        assertEquals("test-issuer", jwtProperties.issuer)
+        assertEquals("test-audience", jwtProperties.audience)
+        assertEquals(60L, jwtProperties.expiration)
+
+        println("[DEBUG_LOG] Configuration properties loaded correctly")
+        println("[DEBUG_LOG] Issuer: ${jwtProperties.issuer}")
+        println("[DEBUG_LOG] Audience: ${jwtProperties.audience}")
+        println("[DEBUG_LOG] Expiration: ${jwtProperties.expiration}")
+    }
+
+    @Test
+    fun `essential beans should be properly configured`() {
+        // Verify that essential beans for auth functionality are available
+        val beanNames = applicationContext.beanDefinitionNames.toList()
+
+        // Check for JWT service bean
+        assertTrue(applicationContext.containsBean("jwtService")) {
+            "JwtService bean should be configured"
+        }
+
+        // Check for configuration bean
+        assertTrue(beanNames.any { it.contains("authServerConfiguration") }) {
+            "AuthServerConfiguration bean should be configured"
+        }
+
+        println("[DEBUG_LOG] Essential beans configured successfully")
+        println("[DEBUG_LOG] Auth-related beans: ${beanNames.filter { it.contains("jwt") || it.contains("auth") }}")
+    }
+
+    @Test
+    fun `JWT configuration integration should work end-to-end`() {
+        // Test the complete flow from configuration to token operations
+        val userId = "end-to-end-test"
+        val username = "e2etest"
+        val permissions = listOf(BerechtigungE.PERSON_READ, BerechtigungE.PERSON_CREATE)
+
+        // Generate token
+        val token = jwtService.generateToken(userId, username, permissions)
+        assertNotNull(token)
+        assertTrue(token.isNotEmpty())
+
+        // Validate token
+        val isValid = jwtService.validateToken(token)
+        assertTrue(isValid.isSuccess)
+
+        // Extract and verify data
+        val extractedUserId = jwtService.getUserIdFromToken(token).getOrNull()
+        val extractedPermissions = jwtService.getPermissionsFromToken(token).getOrElse { emptyList() }
+
+        assertEquals(userId, extractedUserId)
+        assertEquals(2, extractedPermissions.size)
+        assertTrue(extractedPermissions.containsAll(permissions))
+
+        println("[DEBUG_LOG] End-to-end test completed successfully")
+        println("[DEBUG_LOG] Token validation: ${isValid.isSuccess}")
+        println("[DEBUG_LOG] Extracted user: $extractedUserId")
+        println("[DEBUG_LOG] Extracted permissions: $extractedPermissions")
+    }
+
+    @Test
+    fun `application context should have minimal footprint`() {
+        // Verify that we're running with minimal configuration
+        val beanCount = applicationContext.beanDefinitionCount
+        assertTrue(beanCount < 100) {
+            "Bean count should be minimal (was $beanCount)"
+        }
+
+        // Verify no web-related beans are loaded
+        val webBeans = applicationContext.beanDefinitionNames.filter {
+            it.contains("mvc") || it.contains("servlet") || it.contains("tomcat")
+        }
+        assertTrue(webBeans.isEmpty()) {
+            "No web-related beans should be loaded: $webBeans"
+        }
+
+        println("[DEBUG_LOG] Minimal application context verified")
+        println("[DEBUG_LOG] Total bean count: $beanCount")
+        println("[DEBUG_LOG] Web-related beans: $webBeans")
+    }
+
+    // ========== Service Functionality Tests ==========
+
+    @Test
+    fun `JWT service should handle different permission combinations`() {
+        // Test various permission combinations
+        val testCases = listOf(
+            emptyList(),
+            listOf(BerechtigungE.PERSON_READ),
+            listOf(BerechtigungE.PERSON_READ, BerechtigungE.PERSON_CREATE),
+            BerechtigungE.entries
+        )
+
+        testCases.forEach { permissions ->
+            val token = jwtService.generateToken("test-user", "test", permissions)
+            val validationResult = jwtService.validateToken(token)
+            val extractedPermissions = jwtService.getPermissionsFromToken(token).getOrElse { emptyList() }
+
+            assertTrue(validationResult.isSuccess)
+            assertEquals(permissions.size, extractedPermissions.size)
+            assertTrue(extractedPermissions.containsAll(permissions))
+        }
+
+        println("[DEBUG_LOG] Different permission combinations handled correctly")
+    }
+
+    @Test
+    fun `JWT service should be thread-safe for concurrent access`() {
+        // Test concurrent token operations
+        val threads = (1..5).map { threadIndex ->
+            Thread {
+                repeat(10) { iteration ->
+                    val token = jwtService.generateToken("user-$threadIndex-$iteration", "test", listOf(BerechtigungE.PERSON_READ))
+                    val isValid = jwtService.validateToken(token).isSuccess
+                    assertTrue(isValid)
+                }
+            }
+        }
+
+        threads.forEach { it.start() }
+        threads.forEach { it.join() }
+
+        println("[DEBUG_LOG] Concurrent access test completed successfully")
+    }
+}
@@ -0,0 +1,326 @@
+package at.mocode.infrastructure.auth
+
+import org.junit.jupiter.api.BeforeAll
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.TestInstance
+import org.junit.jupiter.api.condition.EnabledIf
+import org.testcontainers.containers.GenericContainer
+import org.testcontainers.containers.wait.strategy.Wait
+import org.testcontainers.junit.jupiter.Container
+import org.testcontainers.junit.jupiter.Testcontainers
+import java.io.IOException
+import java.net.HttpURLConnection
+import java.net.URI
+import java.time.Duration
+
+/**
+ * Minimal integration tests for Keycloak using Testcontainers.
+ * These tests verify basic Keycloak container functionality and API connectivity
+ * without requiring Spring Boot context complexity.
+ *
+ * This implements "Option 1: Minimale Integration Tests" for Keycloak integration
+ * focusing on container-only testing without vollständige Spring Boot Konfiguration.
+ *
+ * Note: These tests require Docker to be available and are conditionally enabled.
+ */
+@Testcontainers
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+@EnabledIf("at.mocode.infrastructure.auth.KeycloakIntegrationTest#isDockerAvailable")
+class KeycloakIntegrationTest {
+
+    companion object {
+        private const val KEYCLOAK_VERSION = "25.0.2"
+        private const val KEYCLOAK_PORT = 8080
+        private const val KEYCLOAK_ADMIN_USER = "admin"
+        private const val KEYCLOAK_ADMIN_PASSWORD = "admin"
+
+        @Container
+        @JvmStatic
+        val keycloakContainer: GenericContainer<*> = GenericContainer("quay.io/keycloak/keycloak:$KEYCLOAK_VERSION")
+            .withExposedPorts(KEYCLOAK_PORT)
+            .withEnv("KEYCLOAK_ADMIN", KEYCLOAK_ADMIN_USER)
+            .withEnv("KEYCLOAK_ADMIN_PASSWORD", KEYCLOAK_ADMIN_PASSWORD)
+            .withCommand("start-dev")
+            .waitingFor(
+                Wait.forHttp("/admin/master/console/")
+                    .forPort(KEYCLOAK_PORT)
+                    .withStartupTimeout(Duration.ofMinutes(3))
+            )
+
+        /**
+         * Checks if Docker is available for running Testcontainers.
+         * This method is used with @EnabledIf to conditionally run tests.
+         */
+        @JvmStatic
+        fun isDockerAvailable(): Boolean {
+            return try {
+                val process = ProcessBuilder("docker", "version").start()
+                process.waitFor() == 0
+            } catch (e: Exception) {
+                println("[DEBUG_LOG] Docker not available: ${e.message}")
+                false
+            }
+        }
+
+        /**
+         * Makes an HTTP GET request to the specified URL and returns the response code.
+         */
+        private fun makeHttpRequest(url: String): Int {
+            return try {
+                val connection = URI.create(url).toURL().openConnection() as HttpURLConnection
+                connection.requestMethod = "GET"
+                connection.connectTimeout = 5000
+                connection.readTimeout = 5000
+                connection.responseCode
+            } catch (e: IOException) {
+                println("[DEBUG_LOG] HTTP request failed: ${e.message}")
+                -1
+            }
+        }
+    }
+
+    private lateinit var keycloakUrl: String
+    private lateinit var adminConsoleUrl: String
+
+    @BeforeAll
+    fun setUp() {
+        // Configure URLs for Keycloak integration
+        keycloakUrl = "http://localhost:${keycloakContainer.getMappedPort(KEYCLOAK_PORT)}"
+        adminConsoleUrl = "$keycloakUrl/admin/master/console/"
+
+        println("[DEBUG_LOG] Keycloak container started successfully")
+        println("[DEBUG_LOG] Keycloak URL: $keycloakUrl")
+        println("[DEBUG_LOG] Admin console URL: $adminConsoleUrl")
+        println("[DEBUG_LOG] Admin credentials: $KEYCLOAK_ADMIN_USER / $KEYCLOAK_ADMIN_PASSWORD")
+    }
+
+    // ========== Container Health Tests ==========
+
+    @Test
+    fun `Keycloak container should be running and accessible`() {
+        // Verify the container is running
+        assert(keycloakContainer.isRunning) { "Keycloak container should be running" }
+
+        // Verify the port is accessible
+        val mappedPort = keycloakContainer.getMappedPort(KEYCLOAK_PORT)
+        assert(mappedPort > 0) { "Keycloak port should be mapped" }
+        assert(mappedPort != KEYCLOAK_PORT) { "Mapped port should be different from container port" }
+
+        println("[DEBUG_LOG] Container health check passed")
+        println("[DEBUG_LOG] Container ID: ${keycloakContainer.containerId}")
+        println("[DEBUG_LOG] Mapped port: $mappedPort")
+    }
+
+    @Test
+    fun `Keycloak admin console should be accessible via HTTP`() {
+        // Make an actual HTTP request to verify Keycloak is responding
+        val responseCode = makeHttpRequest(adminConsoleUrl)
+
+        // Keycloak admin console should return 200 or redirect (3xx)
+        assert(responseCode in 200..399) {
+            "Admin console should be accessible (got HTTP $responseCode)"
+        }
+
+        println("[DEBUG_LOG] Admin console HTTP test passed")
+        println("[DEBUG_LOG] Response code: $responseCode")
+    }
+
+    @Test
+    fun `Keycloak health endpoint should be accessible`() {
+        // Test Keycloak's health endpoint
+        val healthUrl = "$keycloakUrl/health"
+        val responseCode = makeHttpRequest(healthUrl)
+
+        // Health endpoint might not be available in dev mode, so we accept 404
+        assert(responseCode in listOf(200, 404)) {
+            "Health endpoint should return 200 or 404 (got HTTP $responseCode)"
+        }
+
+        println("[DEBUG_LOG] Health endpoint test completed")
+        println("[DEBUG_LOG] Health URL: $healthUrl")
+        println("[DEBUG_LOG] Response code: $responseCode")
+    }
+
+    // ========== Basic API Connectivity Tests ==========
+
+    @Test
+    fun `should be able to access Keycloak realm endpoint`() {
+        // Test access to master realm endpoint
+        val realmUrl = "$keycloakUrl/realms/master"
+        val responseCode = makeHttpRequest(realmUrl)
+
+        // Realm endpoint should be accessible
+        assert(responseCode == 200) {
+            "Realm endpoint should return 200 (got HTTP $responseCode)"
+        }
+
+        println("[DEBUG_LOG] Realm endpoint test passed")
+        println("[DEBUG_LOG] Realm URL: $realmUrl")
+        println("[DEBUG_LOG] Response code: $responseCode")
+    }
+
+    @Test
+    fun `should be able to access Keycloak OpenID configuration`() {
+        // Test OpenID Connect configuration endpoint
+        val openIdConfigUrl = "$keycloakUrl/realms/master/.well-known/openid_configuration"
+        val responseCode = makeHttpRequest(openIdConfigUrl)
+
+        // OpenID configuration should be accessible (200) or not available in dev mode (404)
+        assert(responseCode in listOf(200, 404)) {
+            "OpenID configuration should return 200 or 404 (got HTTP $responseCode)"
+        }
+
+        println("[DEBUG_LOG] OpenID configuration test completed")
+        println("[DEBUG_LOG] Config URL: $openIdConfigUrl")
+        println("[DEBUG_LOG] Response code: $responseCode")
+        if (responseCode == 404) {
+            println("[DEBUG_LOG] OpenID configuration not available in dev mode - this is expected")
+        }
+    }
+
+    // ========== Configuration Validation Tests ==========
+
+    @Test
+    fun `Keycloak container should have correct environment variables`() {
+        // Verify container environment
+        val envVars = keycloakContainer.envMap
+
+        assert(envVars["KEYCLOAK_ADMIN"] == KEYCLOAK_ADMIN_USER) {
+            "Admin user should be configured correctly"
+        }
+        assert(envVars["KEYCLOAK_ADMIN_PASSWORD"] == KEYCLOAK_ADMIN_PASSWORD) {
+            "Admin password should be configured correctly"
+        }
+
+        println("[DEBUG_LOG] Environment variables validated")
+        println("[DEBUG_LOG] Admin user: ${envVars["KEYCLOAK_ADMIN"]}")
+        println("[DEBUG_LOG] Environment count: ${envVars.size}")
+    }
+
+    @Test
+    fun `container should be using correct Keycloak version`() {
+        // Verify we're using the expected Keycloak version
+        val dockerImage = keycloakContainer.dockerImageName
+        assert(dockerImage.contains(KEYCLOAK_VERSION)) {
+            "Container should use Keycloak version $KEYCLOAK_VERSION (using: $dockerImage)"
+        }
+
+        println("[DEBUG_LOG] Keycloak version validated")
+        println("[DEBUG_LOG] Docker image: $dockerImage")
+        println("[DEBUG_LOG] Expected version: $KEYCLOAK_VERSION")
+    }
+
+    // ========== Network Connectivity Tests ==========
+
+    @Test
+    fun `should handle network connectivity issues gracefully`() {
+        // Test with intentionally wrong URLs to verify error handling
+        val invalidUrls = listOf(
+            "http://localhost:65534/invalid", // Use valid port range
+            "$keycloakUrl/non-existent-endpoint",
+            "http://invalid-hostname-that-does-not-exist/test"
+        )
+
+        invalidUrls.forEach { url ->
+            val responseCode = makeHttpRequest(url)
+            // Should get either connection error (-1) or HTTP error codes
+            assert(responseCode == -1 || responseCode >= 400) {
+                "Invalid URL should return error (got $responseCode for $url)"
+            }
+            println("[DEBUG_LOG] Tested invalid URL: $url -> $responseCode")
+        }
+
+        println("[DEBUG_LOG] Network error handling test passed")
+    }
+
+    @Test
+    fun `multiple concurrent requests should work correctly`() {
+        // Test concurrent access to Keycloak
+        val threads = (1..5).map { threadIndex ->
+            Thread {
+                repeat(3) { requestIndex ->
+                    val responseCode = makeHttpRequest("$keycloakUrl/realms/master")
+                    assert(responseCode == 200) {
+                        "Concurrent request $threadIndex-$requestIndex should succeed (got $responseCode)"
+                    }
+                }
+            }
+        }
+
+        threads.forEach { it.start() }
+        threads.forEach { it.join() }
+
+        println("[DEBUG_LOG] Concurrent access test passed")
+    }
+
+    // ========== Container Lifecycle Tests ==========
+
+    @Test
+    fun `container should maintain state across multiple requests`() {
+        // Make multiple requests to verify container stability
+        repeat(5) { iteration ->
+            val responseCode = makeHttpRequest(adminConsoleUrl)
+            assert(responseCode in 200..399) {
+                "Request $iteration should succeed (got HTTP $responseCode)"
+            }
+
+            // Small delay between requests
+            Thread.sleep(100)
+        }
+
+        println("[DEBUG_LOG] Container stability test passed")
+    }
+
+    @Test
+    fun `container logs should indicate successful startup`() {
+        // Check that the container has started successfully
+        val logs = keycloakContainer.logs
+
+        // Keycloak should log successful startup messages
+        assert(logs.isNotEmpty()) { "Container should have logs" }
+
+        // Look for startup indicators (Keycloak logs vary by version)
+        val hasStartupMessages = logs.contains("Keycloak") ||
+                                  logs.contains("started") ||
+                                  logs.contains("Running")
+
+        assert(hasStartupMessages) { "Logs should contain startup messages" }
+
+        println("[DEBUG_LOG] Container logs validated")
+        println("[DEBUG_LOG] Log length: ${logs.length} characters")
+        println("[DEBUG_LOG] Contains startup messages: $hasStartupMessages")
+    }
+
+    // ========== Performance and Resource Tests ==========
+
+    @Test
+    fun `container startup time should be reasonable`() {
+        // Verify container started within a reasonable time
+        // This is implicit since we got here, but we can document timing
+        val containerInfo = keycloakContainer.containerInfo
+        val createdTime = containerInfo.created
+
+        println("[DEBUG_LOG] Container performance metrics")
+        println("[DEBUG_LOG] Created: $createdTime")
+        println("[DEBUG_LOG] Container started successfully within timeout period")
+    }
+
+    @Test
+    fun `basic integration test suite completion`() {
+        // Final validation that all essential Keycloak container functionality works
+        assert(keycloakContainer.isRunning) { "Container should still be running" }
+        assert(keycloakContainer.getMappedPort(KEYCLOAK_PORT) > 0) { "Port should be mapped" }
+
+        val finalHealthCheck = makeHttpRequest("$keycloakUrl/realms/master")
+        assert(finalHealthCheck == 200) { "Final health check should pass" }
+
+        println("[DEBUG_LOG] ===============================================")
+        println("[DEBUG_LOG] Minimal Keycloak Integration Tests COMPLETED")
+        println("[DEBUG_LOG] ===============================================")
+        println("[DEBUG_LOG] Container Status: RUNNING")
+        println("[DEBUG_LOG] API Connectivity: VERIFIED")
+        println("[DEBUG_LOG] Health Checks: PASSED")
+        println("[DEBUG_LOG] Configuration: VALIDATED")
+        println("[DEBUG_LOG] ===============================================")
+    }
+}
@@ -0,0 +1,29 @@
+package at.mocode.infrastructure.auth.config
+
+import at.mocode.infrastructure.auth.client.JwtService
+import org.springframework.boot.test.context.TestConfiguration
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Primary
+import kotlin.time.Duration.Companion.minutes
+
+/**
+ * Test configuration for Auth Server integration tests.
+ * Provides minimal bean configuration needed for tests to run.
+ */
+@TestConfiguration
+class AuthServerTestConfiguration {
+
+    /**
+     * Provides a JwtService bean for testing with test-specific configuration.
+     */
+    @Bean
+    @Primary
+    fun testJwtService(): JwtService {
+        return JwtService(
+            secret = "test-secret-for-testing-only-at-least-512-bits-long-for-hmac512-algorithm",
+            issuer = "test-issuer",
+            audience = "test-audience",
+            expiration = 60.minutes
+        )
+    }
+}
@@ -0,0 +1,25 @@
+## Test configuration for Auth Server
+## JWT Configuration
+#auth.jwt.secret=test-secret-for-testing-only-at-least-512-bits-long-for-hmac512-algorithm
+#auth.jwt.issuer=test-issuer
+#auth.jwt.audience=test-audience
+#auth.jwt.expiration=60
+#
+## Database Configuration
+#spring.datasource.url=jdbc:h2:mem:testdb
+#spring.datasource.driver-class-name=org.h2.Driver
+#spring.jpa.hibernate.ddl-auto=create-drop
+#spring.jpa.show-sql=false
+#
+## Security Configuration
+#spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/test
+#logging.level.org.springframework.security=DEBUG
+#
+## Actuator Configuration
+#management.endpoints.web.exposure.include=health,info,metrics,prometheus
+#management.endpoint.health.show-details=always
+#management.health.defaults.enabled=true
+#
+## Disable banner for cleaner test output
+#spring.main.banner-mode=off
+#logging.level.org.springframework.boot.autoconfigure=WARN
@@ -0,0 +1,50 @@
+# Test configuration for Auth Server
+auth:
+  jwt:
+    secret: test-secret-for-testing-only-at-least-512-bits-long-for-hmac512-algorithm
+    issuer: test-issuer
+    audience: test-audience
+    expiration: 60
+
+# Database Configuration
+spring:
+  datasource:
+    url: jdbc:h2:mem:testdb
+    driver-class-name: org.h2.Driver
+  jpa:
+    hibernate:
+      ddl-auto: create-drop
+    show-sql: false
+  # Security Configuration - simplified for tests
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: http://localhost:8080/realms/test
+  # Disable banner for cleaner test output
+  main:
+    banner-mode: off
+  # Autoconfiguration exclusions for integration tests
+  autoconfigure:
+    exclude:
+      - org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration
+      - org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration
+
+# Actuator Configuration
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info,metrics,prometheus
+  endpoint:
+    health:
+      show-details: always
+  health:
+    defaults:
+      enabled: true
+
+# Logging Configuration
+logging:
+  level:
+    org.springframework.security: DEBUG
+    org.springframework.boot.autoconfigure: WARN