Merge remote-tracking branch 'upstream/master'
This commit is contained in:
Bill Burke
commit
2a64f5e3ce
25 changed files with 297 additions and 76 deletions
|
|
@ -14,6 +14,7 @@
|
||||||
<outputDirectory>keycloak</outputDirectory>
|
<outputDirectory>keycloak</outputDirectory>
|
||||||
<excludes>
|
<excludes>
|
||||||
<exclude>**/*.sh</exclude>
|
<exclude>**/*.sh</exclude>
|
||||||
|
<exclude>**/standalone.xml</exclude>
|
||||||
</excludes>
|
</excludes>
|
||||||
</fileSet>
|
</fileSet>
|
||||||
<fileSet>
|
<fileSet>
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,9 @@
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<config>
|
<config>
|
||||||
<standalone template="configuration/standalone/template.xml" subsystems="configuration/standalone/subsystems.xml" output-file="standalone/configuration/standalone.xml" />
|
<standalone template="configuration/standalone/template.xml" subsystems="configuration/standalone/subsystems.xml" output-file="standalone/configuration/standalone.xml" />
|
||||||
|
<standalone template="configuration/standalone/template.xml" subsystems="configuration/standalone/subsystems-ha.xml" output-file="standalone/configuration/standalone-ha.xml">
|
||||||
|
<property name="jgroups.supplement" value="" />
|
||||||
|
</standalone>
|
||||||
<domain template="configuration/domain/template.xml" subsystems="configuration/domain/subsystems.xml" output-file="domain/configuration/domain.xml" />
|
<domain template="configuration/domain/template.xml" subsystems="configuration/domain/subsystems.xml" output-file="domain/configuration/domain.xml" />
|
||||||
</config>
|
</config>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,11 @@
|
||||||
<groupId>org.keycloak.subsystem</groupId>
|
<groupId>org.keycloak.subsystem</groupId>
|
||||||
<artifactId>keycloak-server</artifactId>
|
<artifactId>keycloak-server</artifactId>
|
||||||
<type>war</type>
|
<type>war</type>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-wildfly-extensions</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.keycloak</groupId>
|
||||||
<artifactId>keycloak-wf9-server-subsystem</artifactId>
|
<artifactId>keycloak-wf9-server-subsystem</artifactId>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,36 @@
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||||
|
<config>
|
||||||
|
<subsystems>
|
||||||
|
<subsystem>logging.xml</subsystem>
|
||||||
|
<subsystem>batch.xml</subsystem>
|
||||||
|
<subsystem>bean-validation.xml</subsystem>
|
||||||
|
<subsystem>keycloak-datasources.xml</subsystem>
|
||||||
|
<subsystem>ee.xml</subsystem>
|
||||||
|
<subsystem supplement="ha">ejb3.xml</subsystem>
|
||||||
|
<subsystem>io.xml</subsystem>
|
||||||
|
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
||||||
|
<subsystem>jaxrs.xml</subsystem>
|
||||||
|
<subsystem>jca.xml</subsystem>
|
||||||
|
<subsystem>jdr.xml</subsystem>
|
||||||
|
<subsystem>jgroups.xml</subsystem>
|
||||||
|
<subsystem>jmx.xml</subsystem>
|
||||||
|
<subsystem>jpa.xml</subsystem>
|
||||||
|
<subsystem>jsf.xml</subsystem>
|
||||||
|
<subsystem>mail.xml</subsystem>
|
||||||
|
<subsystem>mod_cluster.xml</subsystem>
|
||||||
|
<subsystem>naming.xml</subsystem>
|
||||||
|
<subsystem>pojo.xml</subsystem>
|
||||||
|
<subsystem>remoting.xml</subsystem>
|
||||||
|
<subsystem>resource-adapters.xml</subsystem>
|
||||||
|
<subsystem>request-controller.xml</subsystem>
|
||||||
|
<subsystem>sar.xml</subsystem>
|
||||||
|
<subsystem>security-manager.xml</subsystem>
|
||||||
|
<subsystem>security.xml</subsystem>
|
||||||
|
<subsystem>transactions.xml</subsystem>
|
||||||
|
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||||
|
<subsystem>webservices.xml</subsystem>
|
||||||
|
<subsystem>weld.xml</subsystem>
|
||||||
|
<subsystem>keycloak-server.xml</subsystem>
|
||||||
|
</subsystems>
|
||||||
|
</config>
|
||||||
|
|
@ -3,21 +3,32 @@
|
||||||
<config>
|
<config>
|
||||||
<subsystems>
|
<subsystems>
|
||||||
<subsystem>logging.xml</subsystem>
|
<subsystem>logging.xml</subsystem>
|
||||||
<!-- resteasy complains if bean-validation is missing -->
|
<subsystem>batch.xml</subsystem>
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
<subsystem>bean-validation.xml</subsystem>
|
||||||
<subsystem>keycloak-datasources.xml</subsystem>
|
<subsystem>keycloak-datasources.xml</subsystem>
|
||||||
<subsystem supplement="web-build">ee.xml</subsystem>
|
<subsystem>ee.xml</subsystem>
|
||||||
|
<subsystem>ejb3.xml</subsystem>
|
||||||
<subsystem>io.xml</subsystem>
|
<subsystem>io.xml</subsystem>
|
||||||
<subsystem>infinispan.xml</subsystem>
|
<subsystem>keycloak-infinispan.xml</subsystem>
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
<subsystem>jaxrs.xml</subsystem>
|
||||||
<subsystem>jca.xml</subsystem>
|
<subsystem>jca.xml</subsystem>
|
||||||
|
<subsystem>jdr.xml</subsystem>
|
||||||
|
<subsystem>jmx.xml</subsystem>
|
||||||
<subsystem>jpa.xml</subsystem>
|
<subsystem>jpa.xml</subsystem>
|
||||||
<subsystem supplement="web-build">naming.xml</subsystem>
|
<subsystem>jsf.xml</subsystem>
|
||||||
|
<subsystem>mail.xml</subsystem>
|
||||||
|
<subsystem>naming.xml</subsystem>
|
||||||
|
<subsystem>pojo.xml</subsystem>
|
||||||
|
<subsystem>remoting.xml</subsystem>
|
||||||
|
<subsystem>resource-adapters.xml</subsystem>
|
||||||
<subsystem>request-controller.xml</subsystem>
|
<subsystem>request-controller.xml</subsystem>
|
||||||
|
<subsystem>sar.xml</subsystem>
|
||||||
<subsystem>security-manager.xml</subsystem>
|
<subsystem>security-manager.xml</subsystem>
|
||||||
<subsystem>security.xml</subsystem>
|
<subsystem>security.xml</subsystem>
|
||||||
<subsystem>transactions.xml</subsystem>
|
<subsystem>transactions.xml</subsystem>
|
||||||
<subsystem>undertow.xml</subsystem>
|
<subsystem>undertow.xml</subsystem>
|
||||||
|
<subsystem>webservices.xml</subsystem>
|
||||||
|
<subsystem>weld.xml</subsystem>
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
<subsystem>keycloak-server.xml</subsystem>
|
||||||
</subsystems>
|
</subsystems>
|
||||||
</config>
|
</config>
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,8 @@
|
||||||
{
|
{
|
||||||
|
"providers": [
|
||||||
|
"classpath:${jboss.server.config.dir}/providers/*"
|
||||||
|
],
|
||||||
|
|
||||||
"admin": {
|
"admin": {
|
||||||
"realm": "master"
|
"realm": "master"
|
||||||
},
|
},
|
||||||
|
|
@ -63,6 +67,12 @@
|
||||||
"interval": 900
|
"interval": 900
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"connectionsHttpClient": {
|
||||||
|
"default": {
|
||||||
|
"disable-trust-manager": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
"connectionsJpa": {
|
"connectionsJpa": {
|
||||||
"default": {
|
"default": {
|
||||||
"dataSource": "java:jboss/datasources/KeycloakDS",
|
"dataSource": "java:jboss/datasources/KeycloakDS",
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,7 @@
|
||||||
<module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
|
<module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
|
||||||
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
||||||
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
||||||
|
<module name="org.keycloak.keycloak-wildfly-extensions" services="import"/>
|
||||||
|
|
||||||
<module name="javax.ws.rs.api"/>
|
<module name="javax.ws.rs.api"/>
|
||||||
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
|
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wildfly-extensions">
|
||||||
|
<resources>
|
||||||
|
<artifact name="${org.keycloak:keycloak-wildfly-extensions}"/>
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="org.keycloak.keycloak-core"/>
|
||||||
|
<module name="org.keycloak.keycloak-model-api"/>
|
||||||
|
<module name="org.keycloak.keycloak-services"/>
|
||||||
|
<module name="org.keycloak.keycloak-forms-common-freemarker"/>
|
||||||
|
<module name="org.keycloak.keycloak-forms-common-themes"/>
|
||||||
|
<module name="org.jboss.modules"/>
|
||||||
|
</dependencies>
|
||||||
|
</module>
|
||||||
|
|
@ -317,6 +317,10 @@
|
||||||
|
|
||||||
<module-def name="org.keycloak.keycloak-server-subsystem"/>
|
<module-def name="org.keycloak.keycloak-server-subsystem"/>
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-wildfly-extensions">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-wildfly-extensions"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="clean-target">
|
<target name="clean-target">
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,10 @@
|
||||||
<artifactId>keycloak-server</artifactId>
|
<artifactId>keycloak-server</artifactId>
|
||||||
<type>war</type>
|
<type>war</type>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-wildfly-extensions</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.bouncycastle</groupId>
|
<groupId>org.bouncycastle</groupId>
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
|
|
||||||
|
|
@ -61,6 +61,7 @@
|
||||||
<module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
|
<module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
|
||||||
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
||||||
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
||||||
|
<module name="org.keycloak.keycloak-wildfly-extensions" services="import"/>
|
||||||
|
|
||||||
<module name="javax.ws.rs.api"/>
|
<module name="javax.ws.rs.api"/>
|
||||||
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
|
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wildfly-extensions">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="org.keycloak.keycloak-core"/>
|
||||||
|
<module name="org.keycloak.keycloak-model-api"/>
|
||||||
|
<module name="org.keycloak.keycloak-services"/>
|
||||||
|
<module name="org.keycloak.keycloak-forms-common-freemarker"/>
|
||||||
|
<module name="org.keycloak.keycloak-forms-common-themes"/>
|
||||||
|
<module name="org.jboss.modules"/>
|
||||||
|
</dependencies>
|
||||||
|
</module>
|
||||||
|
|
@ -1,4 +1,8 @@
|
||||||
{
|
{
|
||||||
|
"providers": [
|
||||||
|
"classpath:${jboss.server.config.dir}/providers/*"
|
||||||
|
],
|
||||||
|
|
||||||
"admin": {
|
"admin": {
|
||||||
"realm": "master"
|
"realm": "master"
|
||||||
},
|
},
|
||||||
|
|
@ -63,6 +67,12 @@
|
||||||
"interval": 900
|
"interval": 900
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"connectionsHttpClient": {
|
||||||
|
"default": {
|
||||||
|
"disable-trust-manager": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
"connectionsJpa": {
|
"connectionsJpa": {
|
||||||
"default": {
|
"default": {
|
||||||
"dataSource": "java:jboss/datasources/KeycloakDS",
|
"dataSource": "java:jboss/datasources/KeycloakDS",
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@
|
||||||
exclude-result-prefixes="xalan j ds k sec">
|
exclude-result-prefixes="xalan j ds k sec">
|
||||||
|
|
||||||
<xsl:param name="config"/>
|
<xsl:param name="config"/>
|
||||||
|
<xsl:variable name="log" select="'urn:jboss:domain:logging:'"/>
|
||||||
|
|
||||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||||
<xsl:strip-space elements="*"/>
|
<xsl:strip-space elements="*"/>
|
||||||
|
|
@ -59,6 +60,15 @@
|
||||||
</xsl:copy>
|
</xsl:copy>
|
||||||
</xsl:template>
|
</xsl:template>
|
||||||
|
|
||||||
|
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $log)]">
|
||||||
|
<xsl:copy>
|
||||||
|
<xsl:apply-templates select="node()|@*"/>
|
||||||
|
<logger category="org.jboss.resteasy.resteasy_jaxrs.i18n">
|
||||||
|
<level name="ERROR"/>
|
||||||
|
</logger>
|
||||||
|
</xsl:copy>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
<xsl:template match="@*|node()">
|
<xsl:template match="@*|node()">
|
||||||
<xsl:copy>
|
<xsl:copy>
|
||||||
<xsl:apply-templates select="@*|node()" />
|
<xsl:apply-templates select="@*|node()" />
|
||||||
|
|
|
||||||
|
|
@ -8,9 +8,9 @@
|
||||||
<relativePath>../../pom.xml</relativePath>
|
<relativePath>../../pom.xml</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>keycloak-server-overlay</artifactId>
|
<artifactId>keycloak-server-overlay-parent</artifactId>
|
||||||
<packaging>pom</packaging>
|
<packaging>pom</packaging>
|
||||||
<name>Keycloak Server Overlay Distributions</name>
|
<name>Keycloak Server Overlay Parent</name>
|
||||||
<description/>
|
<description/>
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,9 +8,9 @@
|
||||||
<relativePath>../../../pom.xml</relativePath>
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>keycloak-wf9-server-overlay</artifactId>
|
<artifactId>keycloak-server-overlay</artifactId>
|
||||||
<packaging>pom</packaging>
|
<packaging>pom</packaging>
|
||||||
<name>Keycloak Wildfly 9 Server Overlay Distribution</name>
|
<name>Keycloak Server Overlay Distribution</name>
|
||||||
<description/>
|
<description/>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,18 @@
|
||||||
<name>Keycloak Subsystem Server WAR</name>
|
<name>Keycloak Subsystem Server WAR</name>
|
||||||
<description/>
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.msc</groupId>
|
||||||
|
<artifactId>jboss-msc</artifactId>
|
||||||
|
<version>1.2.6.Final</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
<finalName>auth-server</finalName>
|
<finalName>auth-server</finalName>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,29 @@
|
||||||
|
package org.keycloak.provider.wildfly;
|
||||||
|
|
||||||
|
import org.jboss.msc.service.*;
|
||||||
|
import org.keycloak.Config;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Used to add a dependency on Infinispan caches to make sure they are started.
|
||||||
|
*
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
public class InfinispanCacheActivator implements ServiceActivator {
|
||||||
|
|
||||||
|
private static final ServiceName cacheContainerService = ServiceName.of("jboss", "infinispan", "keycloak");
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void activate(ServiceActivatorContext context) throws ServiceRegistryException {
|
||||||
|
if (context.getServiceRegistry().getService(cacheContainerService) != null) {
|
||||||
|
ServiceTarget st = context.getServiceTarget();
|
||||||
|
st.addDependency(cacheContainerService);
|
||||||
|
st.addDependency(cacheContainerService.append("realms"));
|
||||||
|
st.addDependency(cacheContainerService.append("users"));
|
||||||
|
st.addDependency(cacheContainerService.append("sessions"));
|
||||||
|
st.addDependency(cacheContainerService.append("loginFailures"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
org.keycloak.provider.wildfly.InfinispanCacheActivator
|
||||||
|
|
@ -56,6 +56,8 @@
|
||||||
<module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
|
<module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
|
||||||
<module name="org.jboss.resteasy.resteasy-multipart-provider" services="import"/>
|
<module name="org.jboss.resteasy.resteasy-multipart-provider" services="import"/>
|
||||||
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
|
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
|
||||||
|
|
||||||
|
<module name="org.jboss.msc"/>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<exclusions>
|
<exclusions>
|
||||||
<module name="org.jboss.resteasy.resteasy-jackson2-provider"/>
|
<module name="org.jboss.resteasy.resteasy-jackson2-provider"/>
|
||||||
|
|
|
||||||
|
|
@ -57,31 +57,7 @@
|
||||||
cache.
|
cache.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
To configure the required Infinspan caches open <literal>standalone/configuration/standalone-ha.xml</literal> and add:
|
To enable clustering in Keycloak open <literal>standalone/configuration/keycloak-server.json</literal> and add:
|
||||||
<programlisting>
|
|
||||||
<![CDATA[
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:2.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak" start="EAGER">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="realms" mode="SYNC" start="EAGER"/>
|
|
||||||
<invalidation-cache name="users" mode="SYNC" start="EAGER"/>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1" start="EAGER"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1" start="EAGER"/>
|
|
||||||
</cache-container>
|
|
||||||
...
|
|
||||||
</subsystem>
|
|
||||||
]]>
|
|
||||||
</programlisting>
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
For more advanced options refer to the
|
|
||||||
<ulink url="http://docs.jboss.org/author/display/WFLY8/Infinispan+Subsystem">Infinispan Subsystem</ulink>
|
|
||||||
and
|
|
||||||
<ulink url="http://www.infinispan.org/docs/6.0.x/user_guide/user_guide.html">Infinispan</ulink>
|
|
||||||
documentation.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Next open <literal>standalone/configuration/keycloak-server.json</literal> and add:
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
"connectionsInfinispan": {
|
"connectionsInfinispan": {
|
||||||
"default" : {
|
"default" : {
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ public class MemEventStoreProviderFactory implements EventStoreProviderFactory {
|
||||||
@Override
|
@Override
|
||||||
public void init(Config.Scope config) {
|
public void init(Config.Scope config) {
|
||||||
events = Collections.synchronizedList(new LinkedList<Event>());
|
events = Collections.synchronizedList(new LinkedList<Event>());
|
||||||
|
adminEvents = Collections.synchronizedList(new LinkedList<AdminEvent>());
|
||||||
|
|
||||||
String excludes = config.get("excludes");
|
String excludes = config.get("excludes");
|
||||||
if (excludes != null) {
|
if (excludes != null) {
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,6 @@
|
||||||
* License for the specific language governing permissions and limitations under
|
* License for the specific language governing permissions and limitations under
|
||||||
* the License.
|
* the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package org.keycloak.subsystem.as7;
|
package org.keycloak.subsystem.as7;
|
||||||
|
|
||||||
import org.jboss.as.server.deployment.DeploymentPhaseContext;
|
import org.jboss.as.server.deployment.DeploymentPhaseContext;
|
||||||
|
|
@ -46,64 +45,41 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
|
||||||
// two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration.
|
// two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration.
|
||||||
public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.json.adapterConfig";
|
public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.json.adapterConfig";
|
||||||
|
|
||||||
// not sure if we need this yet, keeping here just in case
|
|
||||||
protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) {
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
|
||||||
if (!service.isSecureDeployment(deploymentName)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
|
||||||
if (warMetaData == null) return;
|
|
||||||
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
|
||||||
if (webMetaData == null) return;
|
|
||||||
|
|
||||||
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
|
||||||
if (loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK")) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
webMetaData.setSecurityDomain("keycloak");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
String deploymentName = deploymentUnit.getName();
|
String deploymentName = deploymentUnit.getName();
|
||||||
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
|
|
||||||
if (service.isSecureDeployment(deploymentName)) {
|
|
||||||
addKeycloakAuthData(phaseContext, deploymentName, service);
|
|
||||||
}
|
|
||||||
|
|
||||||
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
|
// if it's not a web-app there's nothing to secure
|
||||||
|
|
||||||
// todo notsure if we need this
|
|
||||||
// addSecurityDomain(deploymentUnit, service);
|
|
||||||
}
|
|
||||||
|
|
||||||
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException {
|
|
||||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
|
||||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
if (warMetaData == null) {
|
if (warMetaData == null) {
|
||||||
throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
addJSONData(service.getJSON(deploymentName), warMetaData);
|
|
||||||
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
if (webMetaData == null) {
|
if (webMetaData == null) {
|
||||||
webMetaData = new JBossWebMetaData();
|
webMetaData = new JBossWebMetaData();
|
||||||
warMetaData.setMergedJBossWebMetaData(webMetaData);
|
warMetaData.setMergedJBossWebMetaData(webMetaData);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
|
||||||
|
|
||||||
|
// if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
|
||||||
|
// otherwise we only set up KEYCLOAK auth if it's requested through web.xml auth-method
|
||||||
|
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
||||||
|
if (!service.isSecureDeployment(deploymentName) && (loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK"))) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName);
|
||||||
|
loginConfig.setAuthMethod("KEYCLOAK");
|
||||||
|
|
||||||
|
if (service.isSecureDeployment(deploymentName)) {
|
||||||
|
addJSONData(service.getJSON(deploymentName), warMetaData);
|
||||||
|
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
||||||
|
}
|
||||||
addValve(webMetaData);
|
addValve(webMetaData);
|
||||||
|
|
||||||
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
|
||||||
if (loginConfig == null) {
|
|
||||||
loginConfig = new LoginConfigMetaData();
|
|
||||||
webMetaData.setLoginConfig(loginConfig);
|
|
||||||
}
|
|
||||||
loginConfig.setAuthMethod("KEYCLOAK");
|
|
||||||
loginConfig.setRealmName(service.getRealmName(deploymentName));
|
|
||||||
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,14 @@
|
||||||
<extension-module>org.jboss.as.connector</extension-module>
|
<extension-module>org.jboss.as.connector</extension-module>
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:3.0">
|
<subsystem xmlns="urn:jboss:domain:datasources:3.0">
|
||||||
<datasources>
|
<datasources>
|
||||||
|
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
||||||
|
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
||||||
|
<driver>h2</driver>
|
||||||
|
<security>
|
||||||
|
<user-name>sa</user-name>
|
||||||
|
<password>sa</password>
|
||||||
|
</security>
|
||||||
|
</datasource>
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
||||||
<driver>h2</driver>
|
<driver>h2</driver>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,93 @@
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||||
|
<config default-supplement="default">
|
||||||
|
<extension-module>org.jboss.as.clustering.infinispan</extension-module>
|
||||||
|
<subsystem xmlns="urn:jboss:domain:infinispan:3.0">
|
||||||
|
<?CACHE-CONTAINERS?>
|
||||||
|
</subsystem>
|
||||||
|
<supplement name="default">
|
||||||
|
<replacement placeholder="CACHE-CONTAINERS">
|
||||||
|
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
||||||
|
<local-cache name="default">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
</local-cache>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
||||||
|
<local-cache name="passivation">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
<file-store passivation="true" purge="false"/>
|
||||||
|
</local-cache>
|
||||||
|
<local-cache name="persistent">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
<file-store passivation="false" purge="false"/>
|
||||||
|
</local-cache>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
||||||
|
<local-cache name="passivation">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
<file-store passivation="true" purge="false"/>
|
||||||
|
</local-cache>
|
||||||
|
<local-cache name="persistent">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
<file-store passivation="false" purge="false"/>
|
||||||
|
</local-cache>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
||||||
|
<local-cache name="entity">
|
||||||
|
<transaction mode="NON_XA"/>
|
||||||
|
<eviction strategy="LRU" max-entries="10000"/>
|
||||||
|
<expiration max-idle="100000"/>
|
||||||
|
</local-cache>
|
||||||
|
<local-cache name="local-query">
|
||||||
|
<eviction strategy="LRU" max-entries="10000"/>
|
||||||
|
<expiration max-idle="100000"/>
|
||||||
|
</local-cache>
|
||||||
|
<local-cache name="timestamps"/>
|
||||||
|
</cache-container>
|
||||||
|
</replacement>
|
||||||
|
</supplement>
|
||||||
|
<supplement name="ha">
|
||||||
|
<replacement placeholder="CACHE-CONTAINERS">
|
||||||
|
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
||||||
|
<transport lock-timeout="60000"/>
|
||||||
|
<invalidation-cache name="realms" mode="SYNC"/>
|
||||||
|
<invalidation-cache name="users" mode="SYNC"/>
|
||||||
|
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
||||||
|
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
||||||
|
<transport lock-timeout="60000"/>
|
||||||
|
<replicated-cache name="default" mode="SYNC">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
</replicated-cache>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
||||||
|
<transport lock-timeout="60000"/>
|
||||||
|
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
<file-store/>
|
||||||
|
</distributed-cache>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
||||||
|
<transport lock-timeout="60000"/>
|
||||||
|
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
||||||
|
<transaction mode="BATCH"/>
|
||||||
|
<file-store/>
|
||||||
|
</distributed-cache>
|
||||||
|
</cache-container>
|
||||||
|
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
||||||
|
<transport lock-timeout="60000"/>
|
||||||
|
<invalidation-cache name="entity" mode="SYNC">
|
||||||
|
<transaction mode="NON_XA"/>
|
||||||
|
<eviction strategy="LRU" max-entries="10000"/>
|
||||||
|
<expiration max-idle="100000"/>
|
||||||
|
</invalidation-cache>
|
||||||
|
<local-cache name="local-query">
|
||||||
|
<eviction strategy="LRU" max-entries="10000"/>
|
||||||
|
<expiration max-idle="100000"/>
|
||||||
|
</local-cache>
|
||||||
|
<replicated-cache name="timestamps" mode="ASYNC"/>
|
||||||
|
</cache-container>
|
||||||
|
</replacement>
|
||||||
|
</supplement>
|
||||||
|
</config>
|
||||||
Loading…
Reference in a new issue