Merge pull request #2121 from pdrozd/KEYCLOAK-2401-ssl

KEYCLOAK-2401 - add ssl profile and fix urls when ssl profile enabled.
This commit is contained in:
Stian Thorgersen 2016-01-27 11:39:06 +01:00
commit 1b0ccae4ac
7 changed files with 115 additions and 6 deletions

View file

@ -238,5 +238,67 @@
</plugins> </plugins>
</build> </build>
</profile> </profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>auth.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${keycloak.server.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>src/main/xslt/security.xsl</stylesheet>
<outputDir>${keycloak.server.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${keycloak.server.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/keystore</directory>
<includes>
<include>keycloak.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles> </profiles>
</project> </project>

View file

@ -0,0 +1,34 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:1.7"
xmlns:w="urn:jboss:domain:web:2.2"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//w:connector[@name='http']">
<xsl:copy-of select="."/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
</connector>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -35,6 +35,8 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass()); protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass());
private final boolean authServerSslRequired = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required"));
public static final String WEBXML_PATH = "/WEB-INF/web.xml"; public static final String WEBXML_PATH = "/WEB-INF/web.xml";
public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json"; public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json"; public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json";
@ -74,10 +76,18 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
log.info("Modyfying saml adapter config in " + archive.getName()); log.info("Modyfying saml adapter config in " + archive.getName());
Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream()); Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream());
if (authServerSslRequired) {
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port", null));
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "http", "https");
} else {
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null)); modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null)); modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null)); modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
}
try { try {
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath); archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);

View file

@ -62,7 +62,8 @@ public class URLProvider extends URLResourceProvider {
if (url.getPort() == 8080) { if (url.getPort() == 8080) {
for (Annotation a : qualifiers) { for (Annotation a : qualifiers) {
if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) { if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
url = new URL(fixedUrl.toExternalForm().replace("8080", System.getProperty("app.server.http.port", null)) + "/" + ((OperateOnDeployment) a).value()); String port = appServerSslRequired ? System.getProperty("app.server.https.port", "8643"):System.getProperty("app.server.http.port", "8280");
url = new URL(fixedUrl.toExternalForm().replace("8080", port) + "/" + ((OperateOnDeployment) a).value());
} }
} }

View file

@ -18,8 +18,10 @@ public abstract class AbstractPageWithInjectedUrl extends AbstractPage {
if (System.getProperty("app.server.eap6","false").equals("false")) { if (System.getProperty("app.server.eap6","false").equals("false")) {
return null; return null;
} }
try { try {
if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/" + url);
};
return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8180") + "/" + url); return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8180") + "/" + url);
} catch (MalformedURLException e) { } catch (MalformedURLException e) {
e.printStackTrace(); e.printStackTrace();