[KEYCLOAK-7679] - Wildfly adapter must be disabled when using Elytron

This commit is contained in:
Pedro Igor 2018-06-21 15:13:08 -03:00
parent 591093f867
commit 23db2b852b
12 changed files with 170 additions and 28 deletions

View file

@ -43,7 +43,8 @@ import java.io.InputStream;
*/
public class KeycloakConfigurationServletListener implements ServletContextListener {
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = AdapterDeploymentContext.class.getName() + ".elytron";
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = AdapterDeploymentContext.class.getName();
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON = AdapterDeploymentContext.class.getName() + ".elytron";
@Override
public void contextInitialized(ServletContextEvent sce) {
@ -76,6 +77,7 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
}
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
}
@Override

View file

@ -126,7 +126,7 @@ class KeycloakHttpServerAuthenticationMechanism implements HttpServerAuthenticat
private AdapterDeploymentContext getDeploymentContext(HttpServerRequest request) {
if (this.deploymentContext == null) {
return (AdapterDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE);
return (AdapterDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON);
}
return this.deploymentContext;

View file

@ -0,0 +1,58 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.subsystem.adapter.extension;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.web.common.WarMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.msc.service.ServiceName;
/**
* Utility class for Elytron integration
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public final class Elytron {
private static final String DEFAULT_SECURITY_DOMAIN = "other";
private static final String UNDERTOW_APPLICATION_SECURITY_DOMAIN = "org.wildfly.undertow.application-security-domain.";
static boolean isElytronEnabled(DeploymentPhaseContext phaseContext) {
String securityDomain = getSecurityDomain(phaseContext.getDeploymentUnit());
ServiceName serviceName = ServiceName.parse(new StringBuilder(UNDERTOW_APPLICATION_SECURITY_DOMAIN).append(securityDomain).toString());
return phaseContext.getServiceRegistry().getService(serviceName) != null;
}
private static String getSecurityDomain(DeploymentUnit deploymentUnit) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData != null) {
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData != null) {
String configuredSecurityDomain = webMetaData.getSecurityDomain();
if (configuredSecurityDomain != null) {
return configuredSecurityDomain;
}
}
}
return DEFAULT_SECURITY_DOMAIN;
}
}

View file

@ -17,6 +17,8 @@
package org.keycloak.subsystem.adapter.extension;
import static org.keycloak.subsystem.adapter.extension.Elytron.isElytronEnabled;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
@ -73,7 +75,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
addKeycloakAuthData(phaseContext, service);
}
addConfigurationListener(deploymentUnit);
addConfigurationListener(phaseContext);
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
@ -125,7 +127,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
webMetaData.setContextParams(contextParams);
}
private void addConfigurationListener(DeploymentUnit deploymentUnit) {
private void addConfigurationListener(DeploymentPhaseContext phaseContext) {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return;
@ -144,16 +147,18 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
if (!loginConfig.getAuthMethod().equals("KEYCLOAK")) {
return;
}
if (isElytronEnabled(phaseContext)) {
ListenerMetaData listenerMetaData = new ListenerMetaData();
listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
webMetaData.getListeners().add(listenerMetaData);
}
}
@Override
public void undeploy(DeploymentUnit du) {
}
}

View file

@ -63,7 +63,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
final ModuleLoader moduleLoader = Module.getBootModuleLoader();
addCommonModules(moduleSpecification, moduleLoader);
addPlatformSpecificModules(moduleSpecification, moduleLoader);
addPlatformSpecificModules(phaseContext, moduleSpecification, moduleLoader);
}
private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
@ -74,7 +74,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
}
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
abstract protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
@Override
public void undeploy(DeploymentUnit du) {

View file

@ -17,6 +17,9 @@
package org.keycloak.subsystem.adapter.extension;
import static org.keycloak.subsystem.adapter.extension.Elytron.isElytronEnabled;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.module.ModuleDependency;
import org.jboss.as.server.deployment.module.ModuleSpecification;
import org.jboss.modules.ModuleIdentifier;
@ -34,9 +37,12 @@ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProces
private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-undertow-adapter");
@Override
protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
if (isElytronEnabled(phaseContext)) {
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
} else {
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
}
}
}

View file

@ -49,7 +49,8 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
protected static Logger log = Logger.getLogger(KeycloakConfigurationServletListener.class);
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName() + ".elytron";
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName();
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON = SamlDeploymentContext.class.getName() + ".elytron";
@Override
public void contextInitialized(ServletContextEvent sce) {
@ -93,6 +94,7 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
}
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
}
@Override

View file

@ -131,7 +131,7 @@ class KeycloakHttpServerAuthenticationMechanism implements HttpServerAuthenticat
private SamlDeploymentContext getDeploymentContext(HttpServerRequest request) {
if (this.deploymentContext == null) {
return (SamlDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE);
return (SamlDeploymentContext) request.getScope(Scope.APPLICATION).getAttachment(KeycloakConfigurationServletListener.ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON);
}
return this.deploymentContext;

View file

@ -0,0 +1,58 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.subsystem.adapter.saml.extension;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.web.common.WarMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.msc.service.ServiceName;
/**
* Utility class for Elytron integration
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public final class Elytron {
private static final String DEFAULT_SECURITY_DOMAIN = "other";
private static final String UNDERTOW_APPLICATION_SECURITY_DOMAIN = "org.wildfly.undertow.application-security-domain.";
static boolean isElytronEnabled(DeploymentPhaseContext phaseContext) {
String securityDomain = getSecurityDomain(phaseContext.getDeploymentUnit());
ServiceName serviceName = ServiceName.parse(new StringBuilder(UNDERTOW_APPLICATION_SECURITY_DOMAIN).append(securityDomain).toString());
return phaseContext.getServiceRegistry().getService(serviceName) != null;
}
private static String getSecurityDomain(DeploymentUnit deploymentUnit) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData != null) {
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData != null) {
String configuredSecurityDomain = webMetaData.getSecurityDomain();
if (configuredSecurityDomain != null) {
return configuredSecurityDomain;
}
}
}
return DEFAULT_SECURITY_DOMAIN;
}
}

View file

@ -17,6 +17,8 @@
package org.keycloak.subsystem.adapter.saml.extension;
import static org.keycloak.subsystem.adapter.saml.extension.Elytron.isElytronEnabled;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
@ -55,7 +57,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
addKeycloakSamlAuthData(phaseContext);
}
addConfigurationListener(deploymentUnit);
addConfigurationListener(phaseContext);
}
private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
@ -129,7 +131,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
}
private void addConfigurationListener(DeploymentUnit deploymentUnit) {
private void addConfigurationListener(DeploymentPhaseContext phaseContext) {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return;
@ -148,10 +151,13 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
if (!loginConfig.getAuthMethod().equals("KEYCLOAK-SAML")) {
return;
}
if (isElytronEnabled(phaseContext)) {
ListenerMetaData listenerMetaData = new ListenerMetaData();
listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
webMetaData.getListeners().add(listenerMetaData);
}
}
}

View file

@ -65,7 +65,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
final ModuleLoader moduleLoader = Module.getBootModuleLoader();
addCommonModules(moduleSpecification, moduleLoader);
addPlatformSpecificModules(moduleSpecification, moduleLoader);
addPlatformSpecificModules(phaseContext, moduleSpecification, moduleLoader);
}
private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
@ -76,7 +76,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
}
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
abstract protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
@Override
public void undeploy(DeploymentUnit du) {

View file

@ -17,6 +17,9 @@
package org.keycloak.subsystem.adapter.saml.extension;
import static org.keycloak.subsystem.adapter.saml.extension.Elytron.isElytronEnabled;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.module.ModuleDependency;
import org.jboss.as.server.deployment.module.ModuleSpecification;
import org.jboss.modules.ModuleIdentifier;
@ -34,10 +37,12 @@ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProces
private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-undertow-adapter");
@Override
protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
// ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
protected void addPlatformSpecificModules(DeploymentPhaseContext phaseContext, ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
if (isElytronEnabled(phaseContext)) {
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
} else {
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
}
}
}