KEYCLOAK-3273: Prefer module name for secure-deployment name.
This commit is contained in:
parent
73cbf857c1
commit
1d4e76117c
13 changed files with 139 additions and 54 deletions
|
@ -49,7 +49,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
@Override
|
@Override
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
String deploymentName = deploymentUnit.getName();
|
|
||||||
|
|
||||||
// if it's not a web-app there's nothing to secure
|
// if it's not a web-app there's nothing to secure
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
@ -67,24 +66,24 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
// otherwise
|
// otherwise
|
||||||
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
||||||
|
|
||||||
boolean hasSubsystemConfig = service.isSecureDeployment(deploymentName);
|
boolean hasSubsystemConfig = service.isSecureDeployment(deploymentUnit);
|
||||||
boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod());
|
boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod());
|
||||||
|
|
||||||
if (hasSubsystemConfig || webRequiresKC) {
|
if (hasSubsystemConfig || webRequiresKC) {
|
||||||
log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName);
|
log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentUnit.getName());
|
||||||
|
|
||||||
// if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
|
// if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
|
||||||
if (hasSubsystemConfig) {
|
if (hasSubsystemConfig) {
|
||||||
addJSONData(service.getJSON(deploymentName), warMetaData);
|
addJSONData(service.getJSON(deploymentUnit), warMetaData);
|
||||||
if (loginConfig != null) {
|
if (loginConfig != null) {
|
||||||
loginConfig.setAuthMethod("KEYCLOAK");
|
loginConfig.setAuthMethod("KEYCLOAK");
|
||||||
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
loginConfig.setRealmName(service.getRealmName(deploymentUnit));
|
||||||
} else {
|
} else {
|
||||||
log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentName + " (loginConfig == null)");
|
log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
addValve(webMetaData);
|
addValve(webMetaData);
|
||||||
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,9 @@ import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
|
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||||
|
import org.jboss.as.web.deployment.WarMetaData;
|
||||||
|
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This service keeps track of the entire Keycloak management model so as to provide
|
* This service keeps track of the entire Keycloak management model so as to provide
|
||||||
|
@ -154,13 +157,15 @@ public final class KeycloakAdapterConfigService {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRealmName(String deploymentName) {
|
public String getRealmName(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = preferredDeploymentName(deploymentUnit);
|
||||||
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
||||||
return deployment.get(RealmDefinition.TAG_NAME).asString();
|
return deployment.get(RealmDefinition.TAG_NAME).asString();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getJSON(String deploymentName) {
|
public String getJSON(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = preferredDeploymentName(deploymentUnit);
|
||||||
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
||||||
String realmName = deployment.get(RealmDefinition.TAG_NAME).asString();
|
String realmName = deployment.get(RealmDefinition.TAG_NAME).asString();
|
||||||
ModelNode realm = this.realms.get(realmName);
|
ModelNode realm = this.realms.get(realmName);
|
||||||
|
@ -184,9 +189,29 @@ public final class KeycloakAdapterConfigService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isSecureDeployment(String deploymentName) {
|
public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
|
||||||
//log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());
|
//log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());
|
||||||
|
|
||||||
|
String deploymentName = preferredDeploymentName(deploymentUnit);
|
||||||
return this.secureDeployments.containsKey(deploymentName);
|
return this.secureDeployments.containsKey(deploymentName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// KEYCLOAK-3273: prefer module name if available
|
||||||
|
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = deploymentUnit.getName();
|
||||||
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
if (warMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
|
if (webMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
String moduleName = webMetaData.getModuleName();
|
||||||
|
if (moduleName != null) return moduleName + ".war";
|
||||||
|
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) {
|
||||||
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) {
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -46,8 +46,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
|
|
||||||
// not sure if we need this yet, keeping here just in case
|
// not sure if we need this yet, keeping here just in case
|
||||||
protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) {
|
protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) {
|
||||||
String deploymentName = deploymentUnit.getName();
|
if (!service.isSecureDeployment(deploymentUnit)) {
|
||||||
if (!service.isSecureDeployment(deploymentName)) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
@ -67,10 +66,9 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
|
||||||
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
|
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
|
||||||
if (service.isSecureDeployment(deploymentName)) {
|
if (service.isSecureDeployment(deploymentUnit)) {
|
||||||
addKeycloakAuthData(phaseContext, deploymentName, service);
|
addKeycloakAuthData(phaseContext, service);
|
||||||
}
|
}
|
||||||
|
|
||||||
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
|
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
|
||||||
|
@ -79,14 +77,14 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
// addSecurityDomain(deploymentUnit, service);
|
// addSecurityDomain(deploymentUnit, service);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException {
|
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
|
throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
|
||||||
}
|
}
|
||||||
|
|
||||||
addJSONData(service.getJSON(deploymentName), warMetaData);
|
addJSONData(service.getJSON(deploymentUnit), warMetaData);
|
||||||
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
if (webMetaData == null) {
|
if (webMetaData == null) {
|
||||||
webMetaData = new JBossWebMetaData();
|
webMetaData = new JBossWebMetaData();
|
||||||
|
@ -99,8 +97,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
webMetaData.setLoginConfig(loginConfig);
|
webMetaData.setLoginConfig(loginConfig);
|
||||||
}
|
}
|
||||||
loginConfig.setAuthMethod("KEYCLOAK");
|
loginConfig.setAuthMethod("KEYCLOAK");
|
||||||
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
loginConfig.setRealmName(service.getRealmName(deploymentUnit));
|
||||||
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addJSONData(String json, WarMetaData warMetaData) {
|
private void addJSONData(String json, WarMetaData warMetaData) {
|
||||||
|
|
|
@ -24,6 +24,9 @@ import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
|
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||||
|
import org.jboss.as.web.common.WarMetaData;
|
||||||
|
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This service keeps track of the entire Keycloak management model so as to provide
|
* This service keeps track of the entire Keycloak management model so as to provide
|
||||||
|
@ -153,13 +156,15 @@ public final class KeycloakAdapterConfigService {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRealmName(String deploymentName) {
|
public String getRealmName(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = preferredDeploymentName(deploymentUnit);
|
||||||
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
||||||
return deployment.get(RealmDefinition.TAG_NAME).asString();
|
return deployment.get(RealmDefinition.TAG_NAME).asString();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getJSON(String deploymentName) {
|
public String getJSON(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = preferredDeploymentName(deploymentUnit);
|
||||||
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
ModelNode deployment = this.secureDeployments.get(deploymentName);
|
||||||
String realmName = deployment.get(RealmDefinition.TAG_NAME).asString();
|
String realmName = deployment.get(RealmDefinition.TAG_NAME).asString();
|
||||||
ModelNode realm = this.realms.get(realmName);
|
ModelNode realm = this.realms.get(realmName);
|
||||||
|
@ -183,9 +188,29 @@ public final class KeycloakAdapterConfigService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isSecureDeployment(String deploymentName) {
|
public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
|
||||||
//log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());
|
//log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());
|
||||||
|
|
||||||
|
String deploymentName = preferredDeploymentName(deploymentUnit);
|
||||||
return this.secureDeployments.containsKey(deploymentName);
|
return this.secureDeployments.containsKey(deploymentName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// KEYCLOAK-3273: prefer module name if available
|
||||||
|
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = deploymentUnit.getName();
|
||||||
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
if (warMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
|
if (webMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
String moduleName = webMetaData.getModuleName();
|
||||||
|
if (moduleName != null) return moduleName + ".war";
|
||||||
|
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) {
|
||||||
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) {
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -78,8 +78,6 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
|
||||||
addCredential(addr, service, "secret", "secret1");
|
addCredential(addr, service, "secret", "secret1");
|
||||||
addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
|
addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
|
||||||
addCredential(addr, service, "jwt.token-timeout", "10");
|
addCredential(addr, service, "jwt.token-timeout", "10");
|
||||||
|
|
||||||
System.out.println("Deployment: " + service.getJSON("foo"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
|
private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
|
||||||
|
|
|
@ -16,8 +16,11 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.subsystem.saml.as7;
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||||
|
import org.jboss.as.web.deployment.WarMetaData;
|
||||||
import org.jboss.dmr.ModelNode;
|
import org.jboss.dmr.ModelNode;
|
||||||
import org.jboss.dmr.Property;
|
import org.jboss.dmr.Property;
|
||||||
|
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
|
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
|
||||||
|
@ -46,7 +49,8 @@ public class Configuration {
|
||||||
return keymodel.get(key);
|
return keymodel.get(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public ModelNode getSecureDeployment(String name) {
|
public ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) {
|
||||||
|
String name = preferredDeploymentName(deploymentUnit);
|
||||||
ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT);
|
ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT);
|
||||||
if (secureDeployment.hasDefined(name)) {
|
if (secureDeployment.hasDefined(name)) {
|
||||||
return secureDeployment.get(name);
|
return secureDeployment.get(name);
|
||||||
|
@ -54,7 +58,26 @@ public class Configuration {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isSecureDeployment(String name) {
|
public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
|
||||||
return getSecureDeployment(name) != null;
|
return getSecureDeployment(deploymentUnit) != null;
|
||||||
|
}
|
||||||
|
|
||||||
|
// KEYCLOAK-3273: prefer module name if available
|
||||||
|
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = deploymentUnit.getName();
|
||||||
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
if (warMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
|
if (webMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
String moduleName = webMetaData.getModuleName();
|
||||||
|
if (moduleName != null) return moduleName + ".war";
|
||||||
|
|
||||||
|
return deploymentName;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,7 +51,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
@Override
|
@Override
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
String deploymentName = deploymentUnit.getName();
|
|
||||||
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
|
@ -69,30 +68,30 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
|
|
||||||
try {
|
try {
|
||||||
boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod());
|
boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod());
|
||||||
boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentName);
|
boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentUnit);
|
||||||
if (hasSubsystemConfig || webRequiresKC) {
|
if (hasSubsystemConfig || webRequiresKC) {
|
||||||
log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName);
|
log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentUnit.getName());
|
||||||
|
|
||||||
// if secure-deployment configuration exists for web app, we force KEYCLOAK-SAML auth method on it
|
// if secure-deployment configuration exists for web app, we force KEYCLOAK-SAML auth method on it
|
||||||
if (hasSubsystemConfig) {
|
if (hasSubsystemConfig) {
|
||||||
addXMLData(getXML(deploymentName), warMetaData);
|
addXMLData(getXML(deploymentUnit), warMetaData);
|
||||||
if (loginConfig != null) {
|
if (loginConfig != null) {
|
||||||
loginConfig.setAuthMethod("KEYCLOAK-SAML");
|
loginConfig.setAuthMethod("KEYCLOAK-SAML");
|
||||||
//loginConfig.setRealmName(service.getRealmName(deploymentName));
|
//loginConfig.setRealmName(service.getRealmName(deploymentName));
|
||||||
} else {
|
} else {
|
||||||
log.warn("Failed to set up KEYCLOAK-SAML auth method for WAR: " + deploymentName + " (loginConfig == null)");
|
log.warn("Failed to set up KEYCLOAK-SAML auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
addValve(webMetaData);
|
addValve(webMetaData);
|
||||||
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e);
|
throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getXML(String deploymentName) throws XMLStreamException {
|
private String getXML(DeploymentUnit deploymentUnit) throws XMLStreamException {
|
||||||
ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentName);
|
ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentUnit);
|
||||||
if (node != null) {
|
if (node != null) {
|
||||||
KeycloakSubsystemParser writer = new KeycloakSubsystemParser();
|
KeycloakSubsystemParser writer = new KeycloakSubsystemParser();
|
||||||
ByteArrayOutputStream output = new ByteArrayOutputStream();
|
ByteArrayOutputStream output = new ByteArrayOutputStream();
|
||||||
|
|
|
@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) == null) {
|
||||||
if (Configuration.INSTANCE.getSecureDeployment(deploymentName) == null) {
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -16,8 +16,11 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.subsystem.adapter.saml.extension;
|
package org.keycloak.subsystem.adapter.saml.extension;
|
||||||
|
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||||
|
import org.jboss.as.web.common.WarMetaData;
|
||||||
import org.jboss.dmr.ModelNode;
|
import org.jboss.dmr.ModelNode;
|
||||||
import org.jboss.dmr.Property;
|
import org.jboss.dmr.Property;
|
||||||
|
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
|
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
|
||||||
|
@ -46,11 +49,31 @@ public class Configuration {
|
||||||
return keymodel.get(key);
|
return keymodel.get(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public ModelNode getSecureDeployment(String name) {
|
public ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) {
|
||||||
|
String name = preferredDeploymentName(deploymentUnit);
|
||||||
ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT);
|
ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT);
|
||||||
if (secureDeployment.hasDefined(name)) {
|
if (secureDeployment.hasDefined(name)) {
|
||||||
return secureDeployment.get(name);
|
return secureDeployment.get(name);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// KEYCLOAK-3273: prefer module name if available
|
||||||
|
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
|
||||||
|
String deploymentName = deploymentUnit.getName();
|
||||||
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
if (warMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
|
if (webMetaData == null) {
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
|
|
||||||
|
String moduleName = webMetaData.getModuleName();
|
||||||
|
if (moduleName != null) return moduleName + ".war";
|
||||||
|
|
||||||
|
return deploymentName;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,21 +49,20 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) != null) {
|
||||||
if (Configuration.INSTANCE.getSecureDeployment(deploymentName) != null) {
|
addKeycloakSamlAuthData(phaseContext);
|
||||||
addKeycloakSamlAuthData(phaseContext, deploymentName);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext, String deploymentName) throws DeploymentUnitProcessingException {
|
private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
|
throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
addXMLData(getXML(deploymentName), warMetaData);
|
addXMLData(getXML(deploymentUnit), warMetaData);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e);
|
throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e);
|
||||||
}
|
}
|
||||||
|
@ -80,11 +79,11 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
}
|
}
|
||||||
loginConfig.setAuthMethod("KEYCLOAK-SAML");
|
loginConfig.setAuthMethod("KEYCLOAK-SAML");
|
||||||
|
|
||||||
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getXML(String deploymentName) throws XMLStreamException {
|
private String getXML(DeploymentUnit deploymentUnit) throws XMLStreamException {
|
||||||
ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentName);
|
ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentUnit);
|
||||||
if (node != null) {
|
if (node != null) {
|
||||||
KeycloakSubsystemParser writer = new KeycloakSubsystemParser();
|
KeycloakSubsystemParser writer = new KeycloakSubsystemParser();
|
||||||
ByteArrayOutputStream output = new ByteArrayOutputStream();
|
ByteArrayOutputStream output = new ByteArrayOutputStream();
|
||||||
|
|
|
@ -45,8 +45,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) == null) {
|
||||||
if (Configuration.INSTANCE.getSecureDeployment(deploymentName) == null) {
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in a new issue