[KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron

adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakConfigurationServletListener.java

@@ -43,7 +43,8 @@ import java.io.InputStream;
  */
 public class KeycloakConfigurationServletListener implements ServletContextListener {
 
-    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = AdapterDeploymentContext.class.getName() + ".elytron";
+    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = AdapterDeploymentContext.class.getName();
+    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON = AdapterDeploymentContext.class.getName() + ".elytron";
 
     @Override
     public void contextInitialized(ServletContextEvent sce) {
@@ -76,6 +77,7 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
         }
 
         servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
+        servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
     }
 
     @Override

adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakHttpServerAuthenticationMechanism.java

@@ -126,7 +126,7 @@ class KeycloakHttpServerAuthenticationMechanism implements HttpServerAuthenticat
 
     private AdapterDeploymentContext getDeploymentContext(HttpServerRequest request) {
         if (this.deploymentContext == null) {
-            return (AdapterDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE);
+            return (AdapterDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON);
         }
 
         return this.deploymentContext;

adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/Elytron.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.subsystem.adapter.extension;
+
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
+import org.jboss.as.server.deployment.DeploymentUnit;
+import org.jboss.as.web.common.WarMetaData;
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.msc.service.ServiceName;
+
+/**
+ * Utility class for Elytron integration
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public final class Elytron {
+
+    private static final String DEFAULT_SECURITY_DOMAIN = "other";
+    private static final String UNDERTOW_APPLICATION_SECURITY_DOMAIN = "org.wildfly.undertow.application-security-domain.";
+
+    static boolean isElytronEnabled(DeploymentPhaseContext phaseContext) {
+        String securityDomain = getSecurityDomain(phaseContext.getDeploymentUnit());
+        ServiceName serviceName = ServiceName.parse(new StringBuilder(UNDERTOW_APPLICATION_SECURITY_DOMAIN).append(securityDomain).toString());
+        return phaseContext.getServiceRegistry().getService(serviceName) != null;
+    }
+
+    private static String getSecurityDomain(DeploymentUnit deploymentUnit) {
+        WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
+
+        if (warMetaData != null) {
+            JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
+
+            if (webMetaData != null) {
+                String configuredSecurityDomain = webMetaData.getSecurityDomain();
+
+                if (configuredSecurityDomain != null) {
+                    return configuredSecurityDomain;
+                }
+            }
+        }
+
+        return DEFAULT_SECURITY_DOMAIN;
+    }
+}

adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java

@@ -17,6 +17,8 @@
 
 package org.keycloak.subsystem.adapter.extension;
 
+import static org.keycloak.subsystem.adapter.extension.Elytron.isElytronEnabled;
+
 import org.jboss.as.server.deployment.DeploymentPhaseContext;
 import org.jboss.as.server.deployment.DeploymentUnit;
 import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
@@ -73,7 +75,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
             addKeycloakAuthData(phaseContext, service);
         }
 
-        addConfigurationListener(deploymentUnit);
+        addConfigurationListener(phaseContext);
 
         // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
 
@@ -125,7 +127,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
         webMetaData.setContextParams(contextParams);
     }
 
-    private void addConfigurationListener(DeploymentUnit deploymentUnit) {
+    private void addConfigurationListener(DeploymentPhaseContext phaseContext) {
+        DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
         WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
         if (warMetaData == null) {
             return;
@@ -144,16 +147,18 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
         if (!loginConfig.getAuthMethod().equals("KEYCLOAK")) {
             return;
         }
-        ListenerMetaData listenerMetaData = new ListenerMetaData();
 
-        listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
+        if (isElytronEnabled(phaseContext)) {
+            ListenerMetaData listenerMetaData = new ListenerMetaData();
 
-        webMetaData.getListeners().add(listenerMetaData);
+            listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
+
+            webMetaData.getListeners().add(listenerMetaData);
+        }
     }
 
     @Override
     public void undeploy(DeploymentUnit du) {
 
     }
-
 }

adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessor.java

@@ -63,7 +63,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
         final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
         final ModuleLoader moduleLoader = Module.getBootModuleLoader();
         addCommonModules(moduleSpecification, moduleLoader);
-        addPlatformSpecificModules(moduleSpecification, moduleLoader);
+        addPlatformSpecificModules(phaseContext, moduleSpecification, moduleLoader);
     }
     
     private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
@@ -74,7 +74,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
         moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
     }
 
-    abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
+    abstract protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
 
     @Override
     public void undeploy(DeploymentUnit du) {

adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessorWildFly.java

@@ -17,6 +17,9 @@
 
 package org.keycloak.subsystem.adapter.extension;
 
+import static org.keycloak.subsystem.adapter.extension.Elytron.isElytronEnabled;
+
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
 import org.jboss.as.server.deployment.module.ModuleDependency;
 import org.jboss.as.server.deployment.module.ModuleSpecification;
 import org.jboss.modules.ModuleIdentifier;
@@ -34,9 +37,12 @@ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProces
     private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-undertow-adapter");
 
     @Override
-    protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
+    protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
-        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
+        if (isElytronEnabled(phaseContext)) {
-        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
-        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
+        } else {
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
+        }
     }
 }

adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakConfigurationServletListener.java

@@ -49,7 +49,8 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
 
     protected static Logger log = Logger.getLogger(KeycloakConfigurationServletListener.class);
 
-    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName() + ".elytron";
+    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName();
+    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON = SamlDeploymentContext.class.getName() + ".elytron";
 
     @Override
     public void contextInitialized(ServletContextEvent sce) {
@@ -93,6 +94,7 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
         }
 
         servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
+        servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
     }
 
     @Override

adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakHttpServerAuthenticationMechanism.java

@@ -131,7 +131,7 @@ class KeycloakHttpServerAuthenticationMechanism implements HttpServerAuthenticat
 
     private SamlDeploymentContext getDeploymentContext(HttpServerRequest request) {
         if (this.deploymentContext == null) {
-            return (SamlDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE);
+            return (SamlDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON);
         }
 
         return this.deploymentContext;

adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Elytron.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.subsystem.adapter.saml.extension;
+
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
+import org.jboss.as.server.deployment.DeploymentUnit;
+import org.jboss.as.web.common.WarMetaData;
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.msc.service.ServiceName;
+
+/**
+ * Utility class for Elytron integration
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public final class Elytron {
+
+    private static final String DEFAULT_SECURITY_DOMAIN = "other";
+    private static final String UNDERTOW_APPLICATION_SECURITY_DOMAIN = "org.wildfly.undertow.application-security-domain.";
+
+    static boolean isElytronEnabled(DeploymentPhaseContext phaseContext) {
+        String securityDomain = getSecurityDomain(phaseContext.getDeploymentUnit());
+        ServiceName serviceName = ServiceName.parse(new StringBuilder(UNDERTOW_APPLICATION_SECURITY_DOMAIN).append(securityDomain).toString());
+        return phaseContext.getServiceRegistry().getService(serviceName) != null;
+    }
+
+    private static String getSecurityDomain(DeploymentUnit deploymentUnit) {
+        WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
+
+        if (warMetaData != null) {
+            JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
+
+            if (webMetaData != null) {
+                String configuredSecurityDomain = webMetaData.getSecurityDomain();
+
+                if (configuredSecurityDomain != null) {
+                    return configuredSecurityDomain;
+                }
+            }
+        }
+
+        return DEFAULT_SECURITY_DOMAIN;
+    }
+}

adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java

@@ -17,6 +17,8 @@
 
 package org.keycloak.subsystem.adapter.saml.extension;
 
+import static org.keycloak.subsystem.adapter.saml.extension.Elytron.isElytronEnabled;
+
 import org.jboss.as.server.deployment.DeploymentPhaseContext;
 import org.jboss.as.server.deployment.DeploymentUnit;
 import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
@@ -55,7 +57,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
             addKeycloakSamlAuthData(phaseContext);
         }
 
-        addConfigurationListener(deploymentUnit);
+        addConfigurationListener(phaseContext);
     }
 
     private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
@@ -129,7 +131,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
 
     }
 
-    private void addConfigurationListener(DeploymentUnit deploymentUnit) {
+    private void addConfigurationListener(DeploymentPhaseContext phaseContext) {
+        DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
         WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
         if (warMetaData == null) {
             return;
@@ -148,10 +151,13 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
         if (!loginConfig.getAuthMethod().equals("KEYCLOAK-SAML")) {
             return;
         }
-        ListenerMetaData listenerMetaData = new ListenerMetaData();
 
-        listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
+        if (isElytronEnabled(phaseContext)) {
+            ListenerMetaData listenerMetaData = new ListenerMetaData();
 
-        webMetaData.getListeners().add(listenerMetaData);
+            listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
+
+            webMetaData.getListeners().add(listenerMetaData);
+        }
     }
 }

adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java

@@ -65,7 +65,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
         final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
         final ModuleLoader moduleLoader = Module.getBootModuleLoader();
         addCommonModules(moduleSpecification, moduleLoader);
-        addPlatformSpecificModules(moduleSpecification, moduleLoader);
+        addPlatformSpecificModules(phaseContext, moduleSpecification, moduleLoader);
     }
 
     private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
@@ -76,7 +76,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
         moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
     }
 
-    abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
+    abstract protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
 
     @Override
     public void undeploy(DeploymentUnit du) {

adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessorWildFly.java

@@ -17,6 +17,9 @@
 
 package org.keycloak.subsystem.adapter.saml.extension;
 
+import static org.keycloak.subsystem.adapter.saml.extension.Elytron.isElytronEnabled;
+
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
 import org.jboss.as.server.deployment.module.ModuleDependency;
 import org.jboss.as.server.deployment.module.ModuleSpecification;
 import org.jboss.modules.ModuleIdentifier;
@@ -34,10 +37,12 @@ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProces
     private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-undertow-adapter");
 
     @Override
-    protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
+    protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
-        // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
+        if (isElytronEnabled(phaseContext)) {
-        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
-        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
+        } else {
-        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
+        }
     }
 }