Merge pull request #2121 from pdrozd/KEYCLOAK-2401-ssl
KEYCLOAK-2401 - add ssl profile and fix urls when ssl profile enabled.
This commit is contained in:
commit
1b0ccae4ac
7 changed files with 115 additions and 6 deletions
|
@ -238,5 +238,67 @@
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
</profile>
|
</profile>
|
||||||
|
<profile>
|
||||||
|
<id>ssl</id>
|
||||||
|
<activation>
|
||||||
|
<property>
|
||||||
|
<name>auth.server.ssl.required</name>
|
||||||
|
</property>
|
||||||
|
</activation>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.codehaus.mojo</groupId>
|
||||||
|
<artifactId>xml-maven-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>configure-adapter-subsystem-security</id>
|
||||||
|
<phase>process-resources</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>transform</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<transformationSets>
|
||||||
|
<transformationSet>
|
||||||
|
<dir>${keycloak.server.home}/standalone/configuration</dir>
|
||||||
|
<includes>
|
||||||
|
<include>standalone.xml</include>
|
||||||
|
</includes>
|
||||||
|
<stylesheet>src/main/xslt/security.xsl</stylesheet>
|
||||||
|
<outputDir>${keycloak.server.home}/standalone/configuration</outputDir>
|
||||||
|
</transformationSet>
|
||||||
|
</transformationSets>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-resources-plugin</artifactId>
|
||||||
|
<version>2.7</version>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>copy-keystore</id>
|
||||||
|
<phase>process-resources</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>copy-resources</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<outputDirectory>${keycloak.server.home}/standalone/configuration</outputDirectory>
|
||||||
|
<resources>
|
||||||
|
<resource>
|
||||||
|
<directory>src/main/keystore</directory>
|
||||||
|
<includes>
|
||||||
|
<include>keycloak.jks</include>
|
||||||
|
<include>keycloak.truststore</include>
|
||||||
|
</includes>
|
||||||
|
</resource>
|
||||||
|
</resources>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
</profile>
|
||||||
</profiles>
|
</profiles>
|
||||||
</project>
|
</project>
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,34 @@
|
||||||
|
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||||
|
xmlns:xalan="http://xml.apache.org/xalan"
|
||||||
|
xmlns:j="urn:jboss:domain:1.7"
|
||||||
|
xmlns:w="urn:jboss:domain:web:2.2"
|
||||||
|
version="2.0"
|
||||||
|
exclude-result-prefixes="xalan j ds k sec">
|
||||||
|
|
||||||
|
<xsl:param name="config"/>
|
||||||
|
|
||||||
|
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||||
|
<xsl:strip-space elements="*"/>
|
||||||
|
|
||||||
|
<xsl:template match="//w:connector[@name='http']">
|
||||||
|
<xsl:copy-of select="."/>
|
||||||
|
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
|
||||||
|
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
|
||||||
|
</connector>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
<xsl:template match="//j:extensions">
|
||||||
|
<xsl:copy-of select="."/>
|
||||||
|
<system-properties>
|
||||||
|
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
|
||||||
|
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
|
||||||
|
</system-properties>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
<xsl:template match="@*|node()">
|
||||||
|
<xsl:copy>
|
||||||
|
<xsl:apply-templates select="@*|node()" />
|
||||||
|
</xsl:copy>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
</xsl:stylesheet>
|
|
@ -35,6 +35,8 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
||||||
|
|
||||||
protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass());
|
protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass());
|
||||||
|
|
||||||
|
private final boolean authServerSslRequired = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required"));
|
||||||
|
|
||||||
public static final String WEBXML_PATH = "/WEB-INF/web.xml";
|
public static final String WEBXML_PATH = "/WEB-INF/web.xml";
|
||||||
public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
|
public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
|
||||||
public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json";
|
public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json";
|
||||||
|
@ -74,10 +76,18 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
||||||
log.info("Modyfying saml adapter config in " + archive.getName());
|
log.info("Modyfying saml adapter config in " + archive.getName());
|
||||||
|
|
||||||
Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream());
|
Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream());
|
||||||
|
if (authServerSslRequired) {
|
||||||
|
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port", null));
|
||||||
|
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
|
||||||
|
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
|
||||||
|
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
|
||||||
|
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
|
||||||
|
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "http", "https");
|
||||||
|
} else {
|
||||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||||
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
|
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
|
||||||
|
|
|
@ -62,7 +62,8 @@ public class URLProvider extends URLResourceProvider {
|
||||||
if (url.getPort() == 8080) {
|
if (url.getPort() == 8080) {
|
||||||
for (Annotation a : qualifiers) {
|
for (Annotation a : qualifiers) {
|
||||||
if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
|
if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
|
||||||
url = new URL(fixedUrl.toExternalForm().replace("8080", System.getProperty("app.server.http.port", null)) + "/" + ((OperateOnDeployment) a).value());
|
String port = appServerSslRequired ? System.getProperty("app.server.https.port", "8643"):System.getProperty("app.server.http.port", "8280");
|
||||||
|
url = new URL(fixedUrl.toExternalForm().replace("8080", port) + "/" + ((OperateOnDeployment) a).value());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,8 +18,10 @@ public abstract class AbstractPageWithInjectedUrl extends AbstractPage {
|
||||||
if (System.getProperty("app.server.eap6","false").equals("false")) {
|
if (System.getProperty("app.server.eap6","false").equals("false")) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
|
||||||
|
return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/" + url);
|
||||||
|
};
|
||||||
return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8180") + "/" + url);
|
return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8180") + "/" + url);
|
||||||
} catch (MalformedURLException e) {
|
} catch (MalformedURLException e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
|
|
Loading…
Reference in a new issue