Bill Burke
commit
138c5a9e4c
13 changed files with 117 additions and 10 deletions
|
|
@ -3,6 +3,9 @@
|
||||||
<sect1>
|
<sect1>
|
||||||
<title>Migrating from 1.0 Alpha 1 to 1.0 Alpha 2</title>
|
<title>Migrating from 1.0 Alpha 1 to 1.0 Alpha 2</title>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
DB Schema has changed. We don't have any data migration utilities yet as of Alpha 2.
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
JBoss and Wildfly adapters are now installed via a JBoss/Wildfly subsystem. Please review the adapter
|
JBoss and Wildfly adapters are now installed via a JBoss/Wildfly subsystem. Please review the adapter
|
||||||
installation documentation. Edits to standalone.xml are now required.
|
installation documentation. Edits to standalone.xml are now required.
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,19 @@ public class CustomerDatabaseClient {
|
||||||
static class TypedList extends ArrayList<String> {
|
static class TypedList extends ArrayList<String> {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<String> getCustomers(HttpServletRequest req) {
|
public static class Failure extends Exception {
|
||||||
|
private int status;
|
||||||
|
|
||||||
|
public Failure(int status) {
|
||||||
|
this.status = status;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getStatus() {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static List<String> getCustomers(HttpServletRequest req) throws Failure {
|
||||||
SkeletonKeySession session = (SkeletonKeySession) req.getAttribute(SkeletonKeySession.class.getName());
|
SkeletonKeySession session = (SkeletonKeySession) req.getAttribute(SkeletonKeySession.class.getName());
|
||||||
|
|
||||||
HttpClient client = new HttpClientBuilder()
|
HttpClient client = new HttpClientBuilder()
|
||||||
|
|
@ -34,6 +46,9 @@ public class CustomerDatabaseClient {
|
||||||
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
||||||
try {
|
try {
|
||||||
HttpResponse response = client.execute(get);
|
HttpResponse response = client.execute(get);
|
||||||
|
if (response.getStatusLine().getStatusCode() != 200) {
|
||||||
|
throw new Failure(response.getStatusLine().getStatusCode());
|
||||||
|
}
|
||||||
HttpEntity entity = response.getEntity();
|
HttpEntity entity = response.getEntity();
|
||||||
InputStream is = entity.getContent();
|
InputStream is = entity.getContent();
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,15 @@ User <b><%=request.getUserPrincipal().getName()%>
|
||||||
</b> made this request.
|
</b> made this request.
|
||||||
<h2>Customer Listing</h2>
|
<h2>Customer Listing</h2>
|
||||||
<%
|
<%
|
||||||
java.util.List<String> list = CustomerDatabaseClient.getCustomers(request);
|
java.util.List<String> list = null;
|
||||||
|
try {
|
||||||
|
list = CustomerDatabaseClient.getCustomers(request);
|
||||||
|
} catch (CustomerDatabaseClient.Failure failure) {
|
||||||
|
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
|
||||||
|
"you just forgot to secure the database service?");
|
||||||
|
out.println("Status from database service invocation was: " + failure.getStatus());
|
||||||
|
return;
|
||||||
|
}
|
||||||
for (String cust : list) {
|
for (String cust : list) {
|
||||||
out.print("<p>");
|
out.print("<p>");
|
||||||
out.print(cust);
|
out.print(cust);
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,19 @@ public class ProductDatabaseClient
|
||||||
{
|
{
|
||||||
static class TypedList extends ArrayList<String> {}
|
static class TypedList extends ArrayList<String> {}
|
||||||
|
|
||||||
public static List<String> getProducts(HttpServletRequest req) {
|
public static class Failure extends Exception {
|
||||||
|
private int status;
|
||||||
|
|
||||||
|
public Failure(int status) {
|
||||||
|
this.status = status;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getStatus() {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static List<String> getProducts(HttpServletRequest req) throws Failure {
|
||||||
SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
|
SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
|
||||||
HttpClient client = new HttpClientBuilder()
|
HttpClient client = new HttpClientBuilder()
|
||||||
.trustStore(session.getMetadata().getTruststore())
|
.trustStore(session.getMetadata().getTruststore())
|
||||||
|
|
@ -32,6 +44,9 @@ public class ProductDatabaseClient
|
||||||
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
||||||
try {
|
try {
|
||||||
HttpResponse response = client.execute(get);
|
HttpResponse response = client.execute(get);
|
||||||
|
if (response.getStatusLine().getStatusCode() != 200) {
|
||||||
|
throw new Failure(response.getStatusLine().getStatusCode());
|
||||||
|
}
|
||||||
HttpEntity entity = response.getEntity();
|
HttpEntity entity = response.getEntity();
|
||||||
InputStream is = entity.getContent();
|
InputStream is = entity.getContent();
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -17,8 +17,17 @@
|
||||||
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
|
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
|
||||||
<h2>Product Listing</h2>
|
<h2>Product Listing</h2>
|
||||||
<%
|
<%
|
||||||
java.util.List<String> list = ProductDatabaseClient.getProducts(request);
|
java.util.List<String> list = null;
|
||||||
for (String cust : list)
|
try {
|
||||||
|
list = ProductDatabaseClient.getProducts(request);
|
||||||
|
} catch (ProductDatabaseClient.Failure failure) {
|
||||||
|
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
|
||||||
|
"you just forgot to secure the database service?");
|
||||||
|
out.println("Status from database service invocation was: " + failure.getStatus());
|
||||||
|
return;
|
||||||
|
|
||||||
|
}
|
||||||
|
for (String cust : list)
|
||||||
{
|
{
|
||||||
out.print("<p>");
|
out.print("<p>");
|
||||||
out.print(cust);
|
out.print(cust);
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,20 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ProductDatabaseClient {
|
public class ProductDatabaseClient {
|
||||||
|
|
||||||
|
public static class Failure extends Exception {
|
||||||
|
private int status;
|
||||||
|
|
||||||
|
public Failure(int status) {
|
||||||
|
this.status = status;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getStatus() {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public static void redirect(HttpServletRequest request, HttpServletResponse response) {
|
public static void redirect(HttpServletRequest request, HttpServletResponse response) {
|
||||||
// The ServletOAuthClient is obtained by getting a context attribute
|
// The ServletOAuthClient is obtained by getting a context attribute
|
||||||
// that is set in the Bootstrap context listener in this project.
|
// that is set in the Bootstrap context listener in this project.
|
||||||
|
|
@ -36,7 +50,7 @@ public class ProductDatabaseClient {
|
||||||
|
|
||||||
static class TypedList extends ArrayList<String> {}
|
static class TypedList extends ArrayList<String> {}
|
||||||
|
|
||||||
public static List<String> getProducts(HttpServletRequest request) {
|
public static List<String> getProducts(HttpServletRequest request) throws Failure {
|
||||||
// The ServletOAuthClient is obtained by getting a context attribute
|
// The ServletOAuthClient is obtained by getting a context attribute
|
||||||
// that is set in the Bootstrap context listener in this project.
|
// that is set in the Bootstrap context listener in this project.
|
||||||
// You really should come up with a better way to initialize
|
// You really should come up with a better way to initialize
|
||||||
|
|
@ -58,6 +72,9 @@ public class ProductDatabaseClient {
|
||||||
get.addHeader("Authorization", "Bearer " + token);
|
get.addHeader("Authorization", "Bearer " + token);
|
||||||
try {
|
try {
|
||||||
HttpResponse response = client.execute(get);
|
HttpResponse response = client.execute(get);
|
||||||
|
if (response.getStatusLine().getStatusCode() != 200) {
|
||||||
|
throw new Failure(response.getStatusLine().getStatusCode());
|
||||||
|
}
|
||||||
HttpEntity entity = response.getEntity();
|
HttpEntity entity = response.getEntity();
|
||||||
InputStream is = entity.getContent();
|
InputStream is = entity.getContent();
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,16 @@
|
||||||
<body>
|
<body>
|
||||||
<h2>Pulled Product Listing</h2>
|
<h2>Pulled Product Listing</h2>
|
||||||
<%
|
<%
|
||||||
java.util.List<String> list = ProductDatabaseClient.getProducts(request);
|
java.util.List<String> list = null;
|
||||||
for (String prod : list)
|
try {
|
||||||
|
list = ProductDatabaseClient.getProducts(request);
|
||||||
|
} catch (ProductDatabaseClient.Failure failure) {
|
||||||
|
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
|
||||||
|
"you just forgot to secure the database service?");
|
||||||
|
out.println("Status from database service invocation was: " + failure.getStatus());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
for (String prod : list)
|
||||||
{
|
{
|
||||||
out.print("<p>");
|
out.print("<p>");
|
||||||
out.print(prod);
|
out.print(prod);
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@ import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
import org.jboss.metadata.web.jboss.ValveMetaData;
|
import org.jboss.metadata.web.jboss.ValveMetaData;
|
||||||
import org.jboss.metadata.web.spec.LoginConfigMetaData;
|
import org.jboss.metadata.web.spec.LoginConfigMetaData;
|
||||||
import org.keycloak.adapters.as7.KeycloakAuthenticatorValve;
|
import org.keycloak.adapters.as7.KeycloakAuthenticatorValve;
|
||||||
|
import org.keycloak.subsystem.logging.KeycloakLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
|
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
|
||||||
|
|
@ -93,6 +94,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
}
|
}
|
||||||
loginConfig.setAuthMethod("KEYCLOAK");
|
loginConfig.setAuthMethod("KEYCLOAK");
|
||||||
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
||||||
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addValve(JBossWebMetaData webMetaData) {
|
private void addValve(JBossWebMetaData webMetaData) {
|
||||||
|
|
|
||||||
|
|
@ -17,9 +17,14 @@
|
||||||
package org.keycloak.subsystem.logging;
|
package org.keycloak.subsystem.logging;
|
||||||
|
|
||||||
import org.jboss.logging.BasicLogger;
|
import org.jboss.logging.BasicLogger;
|
||||||
|
import org.jboss.logging.LogMessage;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
|
import org.jboss.logging.Message;
|
||||||
import org.jboss.logging.MessageLogger;
|
import org.jboss.logging.MessageLogger;
|
||||||
|
|
||||||
|
import static org.jboss.logging.Logger.Level.INFO;
|
||||||
|
import static org.jboss.logging.Logger.Level.DEBUG;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This interface to be fleshed out later when error messages are fully externalized.
|
* This interface to be fleshed out later when error messages are fully externalized.
|
||||||
*
|
*
|
||||||
|
|
@ -33,4 +38,12 @@ public interface KeycloakLogger extends BasicLogger {
|
||||||
*/
|
*/
|
||||||
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
|
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(value = "Keycloak subsystem override for deployment %s")
|
||||||
|
void deploymentSecured(String deployment);
|
||||||
|
|
||||||
|
@LogMessage(level = DEBUG)
|
||||||
|
@Message(value = "Keycloak has overriden and secured deployment %s")
|
||||||
|
void warSecured(String deployment);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -94,7 +94,7 @@ public class OAuthAuthenticator {
|
||||||
|
|
||||||
protected String getRedirectUri(String state) {
|
protected String getRedirectUri(String state) {
|
||||||
String url = getRequestUrl();
|
String url = getRequestUrl();
|
||||||
log.info("sending redirect uri: " + url);
|
log.infof("sending redirect uri: %s", url);
|
||||||
if (!isRequestSecure() && realmInfo.isSslRequired()) {
|
if (!isRequestSecure() && realmInfo.isSslRequired()) {
|
||||||
int port = sslRedirectPort();
|
int port = sslRedirectPort();
|
||||||
if (port < 0) {
|
if (port < 0) {
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ import org.jboss.logging.Logger;
|
||||||
import org.jboss.metadata.javaee.spec.ParamValueMetaData;
|
import org.jboss.metadata.javaee.spec.ParamValueMetaData;
|
||||||
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
import org.jboss.metadata.web.spec.LoginConfigMetaData;
|
import org.jboss.metadata.web.spec.LoginConfigMetaData;
|
||||||
|
import org.keycloak.subsystem.logging.KeycloakLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
|
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
|
||||||
|
|
@ -58,6 +59,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
|
|
||||||
addKeycloakAuthData(phaseContext, deploymentName, service);
|
addKeycloakAuthData(phaseContext, deploymentName, service);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) {
|
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) {
|
||||||
|
|
@ -77,6 +80,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
}
|
}
|
||||||
loginConfig.setAuthMethod("KEYCLOAK");
|
loginConfig.setAuthMethod("KEYCLOAK");
|
||||||
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
||||||
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addJSONData(String json, WarMetaData warMetaData) {
|
private void addJSONData(String json, WarMetaData warMetaData) {
|
||||||
|
|
|
||||||
13
integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
Normal file → Executable file
13
integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
Normal file → Executable file
|
|
@ -16,9 +16,17 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.subsystem.logging;
|
package org.keycloak.subsystem.logging;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
import org.jboss.logging.BasicLogger;
|
import org.jboss.logging.BasicLogger;
|
||||||
|
import org.jboss.logging.annotations.LogMessage;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
|
import org.jboss.logging.annotations.Message;
|
||||||
import org.jboss.logging.annotations.MessageLogger;
|
import org.jboss.logging.annotations.MessageLogger;
|
||||||
|
import org.jboss.vfs.VirtualFile;
|
||||||
|
|
||||||
|
import static org.jboss.logging.Logger.Level.ERROR;
|
||||||
|
import static org.jboss.logging.Logger.Level.INFO;
|
||||||
|
import static org.jboss.logging.Logger.Level.WARN;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This interface to be fleshed out later when error messages are fully externalized.
|
* This interface to be fleshed out later when error messages are fully externalized.
|
||||||
|
|
@ -33,4 +41,9 @@ public interface KeycloakLogger extends BasicLogger {
|
||||||
*/
|
*/
|
||||||
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
|
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(value = "Keycloak subsystem override for deployment %s")
|
||||||
|
void deploymentSecured(String deployment);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
2
integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java
Normal file → Executable file
2
integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java
Normal file → Executable file
|
|
@ -24,7 +24,7 @@ import org.jboss.logging.Messages;
|
||||||
*
|
*
|
||||||
* @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc.
|
* @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc.
|
||||||
*/
|
*/
|
||||||
@MessageBundle(projectCode = "TLIP")
|
@MessageBundle(projectCode = "KEYCLOAK")
|
||||||
public interface KeycloakMessages {
|
public interface KeycloakMessages {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue