Merge pull request #386 from patriot1burke/master

check ssl required in adapter

integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java

@@ -32,6 +32,10 @@ public abstract class RequestAuthenticator {
 
     public AuthOutcome authenticate() {
         log.info("--> authenticate()");
+        if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
+            log.warn("SSL is required to authenticate");
+            return AuthOutcome.FAILED;
+        }
         BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
         log.info("try bearer");
         AuthOutcome outcome = bearer.authenticate(facade);
@@ -65,6 +69,7 @@ public abstract class RequestAuthenticator {
             return AuthOutcome.NOT_ATTEMPTED;
 
         }
+
         completeAuthentication(oauth);
 
         // redirect to strip out access code and state query parameters

testsuite/integration/src/test/resources/adapter-test/customer-db-keycloak.json

@@ -2,6 +2,7 @@
   "realm" : "demo",
   "resource" : "customer-db",
   "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "ssl-not-required" : true,
   "bearer-only" : true,
   "enable-cors" : true