Merge pull request #2175 from pdrozd/KEYCLOAK-2445

KEYCLOAK-2445 - Added ssl profile to eap7 server and adapter.
This commit is contained in:
Stian Thorgersen 2016-02-04 09:55:22 +01:00
commit 19b1190185
5 changed files with 164 additions and 6 deletions

View file

@ -17,8 +17,11 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:1.7"
xmlns:w="urn:jboss:domain:web:2.2"
xmlns:j="urn:jboss:domain:4.0"
xmlns:ds="urn:jboss:domain:datasources:4.0"
xmlns:k="urn:jboss:domain:keycloak:1.1"
xmlns:sec="urn:jboss:domain:security:1.2"
xmlns:u="urn:jboss:domain:undertow:3.0"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
@ -27,11 +30,29 @@
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//w:connector[@name='http']">
<xsl:template match="//j:security-realms">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//u:http-listener">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//u:host">
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
</connector>
</xsl:template>
<xsl:template match="//j:socket-binding[@name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="//j:extensions">

View file

@ -176,6 +176,72 @@
</plugins>
</build>
</profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>app.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${app.server.eap7.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>src/main/xslt/security.xsl</stylesheet>
<outputDir>${app.server.eap7.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.eap7.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/keystore</directory>
<includes>
<include>adapter.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>adapter-libs-provided</id>
<activation>

View file

@ -0,0 +1,71 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:4.0"
xmlns:ds="urn:jboss:domain:datasources:4.0"
xmlns:k="urn:jboss:domain:keycloak:1.1"
xmlns:sec="urn:jboss:domain:security:1.2"
xmlns:u="urn:jboss:domain:undertow:3.0"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//j:security-realms">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="adapter.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//u:http-listener">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//u:host">
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
</xsl:template>
<xsl:template match="//j:socket-binding[@name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>