diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml index 2c701b0657..f94df455f7 100755 --- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml +++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml @@ -3,6 +3,9 @@ Migrating from 1.0 Alpha 1 to 1.0 Alpha 2 + + DB Schema has changed. We don't have any data migration utilities yet as of Alpha 2. + JBoss and Wildfly adapters are now installed via a JBoss/Wildfly subsystem. Please review the adapter installation documentation. Edits to standalone.xml are now required. diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java index abc5bf43a2..e4f2172f79 100755 --- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java +++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java @@ -23,7 +23,19 @@ public class CustomerDatabaseClient { static class TypedList extends ArrayList { } - public static List getCustomers(HttpServletRequest req) { + public static class Failure extends Exception { + private int status; + + public Failure(int status) { + this.status = status; + } + + public int getStatus() { + return status; + } + } + + public static List getCustomers(HttpServletRequest req) throws Failure { SkeletonKeySession session = (SkeletonKeySession) req.getAttribute(SkeletonKeySession.class.getName()); HttpClient client = new HttpClientBuilder() @@ -34,6 +46,9 @@ public class CustomerDatabaseClient { get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); + if (response.getStatusLine().getStatusCode() != 200) { + throw new Failure(response.getStatusLine().getStatusCode()); + } HttpEntity entity = response.getEntity(); InputStream is = entity.getContent(); try { diff --git a/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp b/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp index 7588db98b7..0e9ab0ed84 100755 --- a/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp +++ b/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp @@ -18,7 +18,15 @@ User <%=request.getUserPrincipal().getName()%> made this request.

Customer Listing

<% - java.util.List list = CustomerDatabaseClient.getCustomers(request); + java.util.List list = null; + try { + list = CustomerDatabaseClient.getCustomers(request); + } catch (CustomerDatabaseClient.Failure failure) { + out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" + + "you just forgot to secure the database service?"); + out.println("Status from database service invocation was: " + failure.getStatus()); + return; + } for (String cust : list) { out.print("

"); out.print(cust); diff --git a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java index e512597bed..0d529a3a88 100755 --- a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java +++ b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java @@ -22,7 +22,19 @@ public class ProductDatabaseClient { static class TypedList extends ArrayList {} - public static List getProducts(HttpServletRequest req) { + public static class Failure extends Exception { + private int status; + + public Failure(int status) { + this.status = status; + } + + public int getStatus() { + return status; + } + } + + public static List getProducts(HttpServletRequest req) throws Failure { SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName()); HttpClient client = new HttpClientBuilder() .trustStore(session.getMetadata().getTruststore()) @@ -32,6 +44,9 @@ public class ProductDatabaseClient get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); + if (response.getStatusLine().getStatusCode() != 200) { + throw new Failure(response.getStatusLine().getStatusCode()); + } HttpEntity entity = response.getEntity(); InputStream is = entity.getContent(); try { diff --git a/examples/demo-template/product-app/src/main/webapp/products/view.jsp b/examples/demo-template/product-app/src/main/webapp/products/view.jsp index f476872a99..8bb6281131 100755 --- a/examples/demo-template/product-app/src/main/webapp/products/view.jsp +++ b/examples/demo-template/product-app/src/main/webapp/products/view.jsp @@ -17,8 +17,17 @@ User <%=request.getUserPrincipal().getName()%> made this request.

Product Listing

<% -java.util.List list = ProductDatabaseClient.getProducts(request); -for (String cust : list) + java.util.List list = null; + try { + list = ProductDatabaseClient.getProducts(request); + } catch (ProductDatabaseClient.Failure failure) { + out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" + + "you just forgot to secure the database service?"); + out.println("Status from database service invocation was: " + failure.getStatus()); + return; + + } + for (String cust : list) { out.print("

"); out.print(cust); diff --git a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java index a1983dc81e..be32a3918b 100755 --- a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java +++ b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java @@ -20,6 +20,20 @@ import java.util.List; * @version $Revision: 1 $ */ public class ProductDatabaseClient { + + public static class Failure extends Exception { + private int status; + + public Failure(int status) { + this.status = status; + } + + public int getStatus() { + return status; + } + } + + public static void redirect(HttpServletRequest request, HttpServletResponse response) { // The ServletOAuthClient is obtained by getting a context attribute // that is set in the Bootstrap context listener in this project. @@ -36,7 +50,7 @@ public class ProductDatabaseClient { static class TypedList extends ArrayList {} - public static List getProducts(HttpServletRequest request) { + public static List getProducts(HttpServletRequest request) throws Failure { // The ServletOAuthClient is obtained by getting a context attribute // that is set in the Bootstrap context listener in this project. // You really should come up with a better way to initialize @@ -58,6 +72,9 @@ public class ProductDatabaseClient { get.addHeader("Authorization", "Bearer " + token); try { HttpResponse response = client.execute(get); + if (response.getStatusLine().getStatusCode() != 200) { + throw new Failure(response.getStatusLine().getStatusCode()); + } HttpEntity entity = response.getEntity(); InputStream is = entity.getContent(); try { diff --git a/examples/demo-template/third-party/src/main/webapp/pull_data.jsp b/examples/demo-template/third-party/src/main/webapp/pull_data.jsp index a64f674d50..0ccfbcb16b 100755 --- a/examples/demo-template/third-party/src/main/webapp/pull_data.jsp +++ b/examples/demo-template/third-party/src/main/webapp/pull_data.jsp @@ -8,8 +8,16 @@

Pulled Product Listing

<% -java.util.List list = ProductDatabaseClient.getProducts(request); -for (String prod : list) + java.util.List list = null; + try { + list = ProductDatabaseClient.getProducts(request); + } catch (ProductDatabaseClient.Failure failure) { + out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" + + "you just forgot to secure the database service?"); + out.println("Status from database service invocation was: " + failure.getStatus()); + return; + } + for (String prod : list) { out.print("

"); out.print(prod); diff --git a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java index e3a7c4b716..483d895f87 100755 --- a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java +++ b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java @@ -31,6 +31,7 @@ import org.jboss.metadata.web.jboss.JBossWebMetaData; import org.jboss.metadata.web.jboss.ValveMetaData; import org.jboss.metadata.web.spec.LoginConfigMetaData; import org.keycloak.adapters.as7.KeycloakAuthenticatorValve; +import org.keycloak.subsystem.logging.KeycloakLogger; /** * Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension. @@ -93,6 +94,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP } loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentName)); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); } private void addValve(JBossWebMetaData webMetaData) { diff --git a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java index fb45f69913..8bf2033d6a 100755 --- a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java +++ b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java @@ -17,9 +17,14 @@ package org.keycloak.subsystem.logging; import org.jboss.logging.BasicLogger; +import org.jboss.logging.LogMessage; import org.jboss.logging.Logger; +import org.jboss.logging.Message; import org.jboss.logging.MessageLogger; +import static org.jboss.logging.Logger.Level.INFO; +import static org.jboss.logging.Logger.Level.DEBUG; + /** * This interface to be fleshed out later when error messages are fully externalized. * @@ -33,4 +38,12 @@ public interface KeycloakLogger extends BasicLogger { */ KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak"); + @LogMessage(level = INFO) + @Message(value = "Keycloak subsystem override for deployment %s") + void deploymentSecured(String deployment); + + @LogMessage(level = DEBUG) + @Message(value = "Keycloak has overriden and secured deployment %s") + void warSecured(String deployment); + } diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java index 74c614e6a0..9bf321a085 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java @@ -94,7 +94,7 @@ public class OAuthAuthenticator { protected String getRedirectUri(String state) { String url = getRequestUrl(); - log.info("sending redirect uri: " + url); + log.infof("sending redirect uri: %s", url); if (!isRequestSecure() && realmInfo.isSslRequired()) { int port = sslRedirectPort(); if (port < 0) { diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java index 9599158266..59fd9aa445 100755 --- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java +++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java @@ -29,6 +29,7 @@ import org.jboss.logging.Logger; import org.jboss.metadata.javaee.spec.ParamValueMetaData; import org.jboss.metadata.web.jboss.JBossWebMetaData; import org.jboss.metadata.web.spec.LoginConfigMetaData; +import org.keycloak.subsystem.logging.KeycloakLogger; /** * Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension. @@ -58,6 +59,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP addKeycloakAuthData(phaseContext, deploymentName, service); } + + // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK } private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) { @@ -77,6 +80,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP } loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentName)); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); } private void addJSONData(String json, WarMetaData warMetaData) { diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java old mode 100644 new mode 100755 index 61c3608d83..0ab14f7e6f --- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java +++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java @@ -16,9 +16,17 @@ */ package org.keycloak.subsystem.logging; +import java.util.List; import org.jboss.logging.BasicLogger; +import org.jboss.logging.annotations.LogMessage; import org.jboss.logging.Logger; +import org.jboss.logging.annotations.Message; import org.jboss.logging.annotations.MessageLogger; +import org.jboss.vfs.VirtualFile; + +import static org.jboss.logging.Logger.Level.ERROR; +import static org.jboss.logging.Logger.Level.INFO; +import static org.jboss.logging.Logger.Level.WARN; /** * This interface to be fleshed out later when error messages are fully externalized. @@ -33,4 +41,9 @@ public interface KeycloakLogger extends BasicLogger { */ KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak"); + @LogMessage(level = INFO) + @Message(value = "Keycloak subsystem override for deployment %s") + void deploymentSecured(String deployment); + + } diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java old mode 100644 new mode 100755 index 93b5e2cf8b..4859f24f36 --- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java +++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java @@ -24,7 +24,7 @@ import org.jboss.logging.Messages; * * @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc. */ -@MessageBundle(projectCode = "TLIP") +@MessageBundle(projectCode = "KEYCLOAK") public interface KeycloakMessages { /**