Merge pull request #2121 from pdrozd/KEYCLOAK-2401-ssl
KEYCLOAK-2401 - add ssl profile and fix urls when ssl profile enabled.
This commit is contained in:
Stian Thorgersen
commit
1b0ccae4ac
7 changed files with 115 additions and 6 deletions
|
|
@ -238,5 +238,67 @@
|
|||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>ssl</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>auth.server.ssl.required</name>
|
||||
</property>
|
||||
</activation>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>xml-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>configure-adapter-subsystem-security</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>transform</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<transformationSets>
|
||||
<transformationSet>
|
||||
<dir>${keycloak.server.home}/standalone/configuration</dir>
|
||||
<includes>
|
||||
<include>standalone.xml</include>
|
||||
</includes>
|
||||
<stylesheet>src/main/xslt/security.xsl</stylesheet>
|
||||
<outputDir>${keycloak.server.home}/standalone/configuration</outputDir>
|
||||
</transformationSet>
|
||||
</transformationSets>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<version>2.7</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-keystore</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${keycloak.server.home}/standalone/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/keystore</directory>
|
||||
<includes>
|
||||
<include>keycloak.jks</include>
|
||||
<include>keycloak.truststore</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
</project>
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,34 @@
|
|||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
xmlns:j="urn:jboss:domain:1.7"
|
||||
xmlns:w="urn:jboss:domain:web:2.2"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan j ds k sec">
|
||||
|
||||
<xsl:param name="config"/>
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//w:connector[@name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
|
||||
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
|
||||
</connector>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:extensions">
|
||||
<xsl:copy-of select="."/>
|
||||
<system-properties>
|
||||
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
|
||||
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
|
||||
</system-properties>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
|
@ -35,6 +35,8 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
|||
|
||||
protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass());
|
||||
|
||||
private final boolean authServerSslRequired = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required"));
|
||||
|
||||
public static final String WEBXML_PATH = "/WEB-INF/web.xml";
|
||||
public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
|
||||
public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json";
|
||||
|
|
@ -74,10 +76,18 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
|||
log.info("Modyfying saml adapter config in " + archive.getName());
|
||||
|
||||
Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream());
|
||||
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||
if (authServerSslRequired) {
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "http", "https");
|
||||
} else {
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||
}
|
||||
|
||||
try {
|
||||
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
|
||||
|
|
|
|||
|
|
@ -62,7 +62,8 @@ public class URLProvider extends URLResourceProvider {
|
|||
if (url.getPort() == 8080) {
|
||||
for (Annotation a : qualifiers) {
|
||||
if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
|
||||
url = new URL(fixedUrl.toExternalForm().replace("8080", System.getProperty("app.server.http.port", null)) + "/" + ((OperateOnDeployment) a).value());
|
||||
String port = appServerSslRequired ? System.getProperty("app.server.https.port", "8643"):System.getProperty("app.server.http.port", "8280");
|
||||
url = new URL(fixedUrl.toExternalForm().replace("8080", port) + "/" + ((OperateOnDeployment) a).value());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,8 +18,10 @@ public abstract class AbstractPageWithInjectedUrl extends AbstractPage {
|
|||
if (System.getProperty("app.server.eap6","false").equals("false")) {
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
|
||||
return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/" + url);
|
||||
};
|
||||
return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8180") + "/" + url);
|
||||
} catch (MalformedURLException e) {
|
||||
e.printStackTrace();
|
||||
|
|
|
|||
Loading…
Reference in a new issue