minor improvements

This commit is contained in:
Bill Burke 2014-02-18 15:30:32 -05:00
parent e28e1d8b00
commit 0f9d0368fe
13 changed files with 117 additions and 10 deletions

View file

@ -3,6 +3,9 @@
<sect1> <sect1>
<title>Migrating from 1.0 Alpha 1 to 1.0 Alpha 2</title> <title>Migrating from 1.0 Alpha 1 to 1.0 Alpha 2</title>
<itemizedlist> <itemizedlist>
<listitem>
DB Schema has changed. We don't have any data migration utilities yet as of Alpha 2.
</listitem>
<listitem> <listitem>
JBoss and Wildfly adapters are now installed via a JBoss/Wildfly subsystem. Please review the adapter JBoss and Wildfly adapters are now installed via a JBoss/Wildfly subsystem. Please review the adapter
installation documentation. Edits to standalone.xml are now required. installation documentation. Edits to standalone.xml are now required.

View file

@ -23,7 +23,19 @@ public class CustomerDatabaseClient {
static class TypedList extends ArrayList<String> { static class TypedList extends ArrayList<String> {
} }
public static List<String> getCustomers(HttpServletRequest req) { public static class Failure extends Exception {
private int status;
public Failure(int status) {
this.status = status;
}
public int getStatus() {
return status;
}
}
public static List<String> getCustomers(HttpServletRequest req) throws Failure {
SkeletonKeySession session = (SkeletonKeySession) req.getAttribute(SkeletonKeySession.class.getName()); SkeletonKeySession session = (SkeletonKeySession) req.getAttribute(SkeletonKeySession.class.getName());
HttpClient client = new HttpClientBuilder() HttpClient client = new HttpClientBuilder()
@ -34,6 +46,9 @@ public class CustomerDatabaseClient {
get.addHeader("Authorization", "Bearer " + session.getTokenString()); get.addHeader("Authorization", "Bearer " + session.getTokenString());
try { try {
HttpResponse response = client.execute(get); HttpResponse response = client.execute(get);
if (response.getStatusLine().getStatusCode() != 200) {
throw new Failure(response.getStatusLine().getStatusCode());
}
HttpEntity entity = response.getEntity(); HttpEntity entity = response.getEntity();
InputStream is = entity.getContent(); InputStream is = entity.getContent();
try { try {

View file

@ -18,7 +18,15 @@ User <b><%=request.getUserPrincipal().getName()%>
</b> made this request. </b> made this request.
<h2>Customer Listing</h2> <h2>Customer Listing</h2>
<% <%
java.util.List<String> list = CustomerDatabaseClient.getCustomers(request); java.util.List<String> list = null;
try {
list = CustomerDatabaseClient.getCustomers(request);
} catch (CustomerDatabaseClient.Failure failure) {
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
"you just forgot to secure the database service?");
out.println("Status from database service invocation was: " + failure.getStatus());
return;
}
for (String cust : list) { for (String cust : list) {
out.print("<p>"); out.print("<p>");
out.print(cust); out.print(cust);

View file

@ -22,7 +22,19 @@ public class ProductDatabaseClient
{ {
static class TypedList extends ArrayList<String> {} static class TypedList extends ArrayList<String> {}
public static List<String> getProducts(HttpServletRequest req) { public static class Failure extends Exception {
private int status;
public Failure(int status) {
this.status = status;
}
public int getStatus() {
return status;
}
}
public static List<String> getProducts(HttpServletRequest req) throws Failure {
SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName()); SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
HttpClient client = new HttpClientBuilder() HttpClient client = new HttpClientBuilder()
.trustStore(session.getMetadata().getTruststore()) .trustStore(session.getMetadata().getTruststore())
@ -32,6 +44,9 @@ public class ProductDatabaseClient
get.addHeader("Authorization", "Bearer " + session.getTokenString()); get.addHeader("Authorization", "Bearer " + session.getTokenString());
try { try {
HttpResponse response = client.execute(get); HttpResponse response = client.execute(get);
if (response.getStatusLine().getStatusCode() != 200) {
throw new Failure(response.getStatusLine().getStatusCode());
}
HttpEntity entity = response.getEntity(); HttpEntity entity = response.getEntity();
InputStream is = entity.getContent(); InputStream is = entity.getContent();
try { try {

View file

@ -17,7 +17,16 @@
User <b><%=request.getUserPrincipal().getName()%></b> made this request. User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Product Listing</h2> <h2>Product Listing</h2>
<% <%
java.util.List<String> list = ProductDatabaseClient.getProducts(request); java.util.List<String> list = null;
try {
list = ProductDatabaseClient.getProducts(request);
} catch (ProductDatabaseClient.Failure failure) {
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
"you just forgot to secure the database service?");
out.println("Status from database service invocation was: " + failure.getStatus());
return;
}
for (String cust : list) for (String cust : list)
{ {
out.print("<p>"); out.print("<p>");

View file

@ -20,6 +20,20 @@ import java.util.List;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class ProductDatabaseClient { public class ProductDatabaseClient {
public static class Failure extends Exception {
private int status;
public Failure(int status) {
this.status = status;
}
public int getStatus() {
return status;
}
}
public static void redirect(HttpServletRequest request, HttpServletResponse response) { public static void redirect(HttpServletRequest request, HttpServletResponse response) {
// The ServletOAuthClient is obtained by getting a context attribute // The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listener in this project. // that is set in the Bootstrap context listener in this project.
@ -36,7 +50,7 @@ public class ProductDatabaseClient {
static class TypedList extends ArrayList<String> {} static class TypedList extends ArrayList<String> {}
public static List<String> getProducts(HttpServletRequest request) { public static List<String> getProducts(HttpServletRequest request) throws Failure {
// The ServletOAuthClient is obtained by getting a context attribute // The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listener in this project. // that is set in the Bootstrap context listener in this project.
// You really should come up with a better way to initialize // You really should come up with a better way to initialize
@ -58,6 +72,9 @@ public class ProductDatabaseClient {
get.addHeader("Authorization", "Bearer " + token); get.addHeader("Authorization", "Bearer " + token);
try { try {
HttpResponse response = client.execute(get); HttpResponse response = client.execute(get);
if (response.getStatusLine().getStatusCode() != 200) {
throw new Failure(response.getStatusLine().getStatusCode());
}
HttpEntity entity = response.getEntity(); HttpEntity entity = response.getEntity();
InputStream is = entity.getContent(); InputStream is = entity.getContent();
try { try {

View file

@ -8,7 +8,15 @@
<body> <body>
<h2>Pulled Product Listing</h2> <h2>Pulled Product Listing</h2>
<% <%
java.util.List<String> list = ProductDatabaseClient.getProducts(request); java.util.List<String> list = null;
try {
list = ProductDatabaseClient.getProducts(request);
} catch (ProductDatabaseClient.Failure failure) {
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
"you just forgot to secure the database service?");
out.println("Status from database service invocation was: " + failure.getStatus());
return;
}
for (String prod : list) for (String prod : list)
{ {
out.print("<p>"); out.print("<p>");

View file

@ -31,6 +31,7 @@ import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.jboss.ValveMetaData; import org.jboss.metadata.web.jboss.ValveMetaData;
import org.jboss.metadata.web.spec.LoginConfigMetaData; import org.jboss.metadata.web.spec.LoginConfigMetaData;
import org.keycloak.adapters.as7.KeycloakAuthenticatorValve; import org.keycloak.adapters.as7.KeycloakAuthenticatorValve;
import org.keycloak.subsystem.logging.KeycloakLogger;
/** /**
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension. * Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
@ -93,6 +94,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
} }
loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName)); loginConfig.setRealmName(service.getRealmName(deploymentName));
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
} }
private void addValve(JBossWebMetaData webMetaData) { private void addValve(JBossWebMetaData webMetaData) {

View file

@ -17,9 +17,14 @@
package org.keycloak.subsystem.logging; package org.keycloak.subsystem.logging;
import org.jboss.logging.BasicLogger; import org.jboss.logging.BasicLogger;
import org.jboss.logging.LogMessage;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.logging.Message;
import org.jboss.logging.MessageLogger; import org.jboss.logging.MessageLogger;
import static org.jboss.logging.Logger.Level.INFO;
import static org.jboss.logging.Logger.Level.DEBUG;
/** /**
* This interface to be fleshed out later when error messages are fully externalized. * This interface to be fleshed out later when error messages are fully externalized.
* *
@ -33,4 +38,12 @@ public interface KeycloakLogger extends BasicLogger {
*/ */
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak"); KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
@LogMessage(level = INFO)
@Message(value = "Keycloak subsystem override for deployment %s")
void deploymentSecured(String deployment);
@LogMessage(level = DEBUG)
@Message(value = "Keycloak has overriden and secured deployment %s")
void warSecured(String deployment);
} }

View file

@ -94,7 +94,7 @@ public class OAuthAuthenticator {
protected String getRedirectUri(String state) { protected String getRedirectUri(String state) {
String url = getRequestUrl(); String url = getRequestUrl();
log.info("sending redirect uri: " + url); log.infof("sending redirect uri: %s", url);
if (!isRequestSecure() && realmInfo.isSslRequired()) { if (!isRequestSecure() && realmInfo.isSslRequired()) {
int port = sslRedirectPort(); int port = sslRedirectPort();
if (port < 0) { if (port < 0) {

View file

@ -29,6 +29,7 @@ import org.jboss.logging.Logger;
import org.jboss.metadata.javaee.spec.ParamValueMetaData; import org.jboss.metadata.javaee.spec.ParamValueMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData; import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.spec.LoginConfigMetaData; import org.jboss.metadata.web.spec.LoginConfigMetaData;
import org.keycloak.subsystem.logging.KeycloakLogger;
/** /**
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension. * Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
@ -58,6 +59,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
addKeycloakAuthData(phaseContext, deploymentName, service); addKeycloakAuthData(phaseContext, deploymentName, service);
} }
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
} }
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) { private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) {
@ -77,6 +80,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
} }
loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName)); loginConfig.setRealmName(service.getRealmName(deploymentName));
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
} }
private void addJSONData(String json, WarMetaData warMetaData) { private void addJSONData(String json, WarMetaData warMetaData) {

View file

@ -16,9 +16,17 @@
*/ */
package org.keycloak.subsystem.logging; package org.keycloak.subsystem.logging;
import java.util.List;
import org.jboss.logging.BasicLogger; import org.jboss.logging.BasicLogger;
import org.jboss.logging.annotations.LogMessage;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.logging.annotations.Message;
import org.jboss.logging.annotations.MessageLogger; import org.jboss.logging.annotations.MessageLogger;
import org.jboss.vfs.VirtualFile;
import static org.jboss.logging.Logger.Level.ERROR;
import static org.jboss.logging.Logger.Level.INFO;
import static org.jboss.logging.Logger.Level.WARN;
/** /**
* This interface to be fleshed out later when error messages are fully externalized. * This interface to be fleshed out later when error messages are fully externalized.
@ -33,4 +41,9 @@ public interface KeycloakLogger extends BasicLogger {
*/ */
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak"); KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
@LogMessage(level = INFO)
@Message(value = "Keycloak subsystem override for deployment %s")
void deploymentSecured(String deployment);
} }

View file

@ -24,7 +24,7 @@ import org.jboss.logging.Messages;
* *
* @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc. * @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc.
*/ */
@MessageBundle(projectCode = "TLIP") @MessageBundle(projectCode = "KEYCLOAK")
public interface KeycloakMessages { public interface KeycloakMessages {
/** /**