From 2e04ac549e1dee6246bc6b7a085f7c88823969f7 Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 16 Jan 2015 17:39:18 +0100 Subject: [PATCH] Make it easier to run demo on different host then auth-server --- .../java/org/keycloak/example/AdminClient.java | 2 +- .../keycloak/example/CustomerDatabaseClient.java | 4 +++- .../example/oauth/ProductDatabaseClient.java | 2 +- .../java/org/keycloak/adapters/AdapterUtils.java | 16 ++++++++++++++-- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java index c1ccc38b48..7b17e18d53 100755 --- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java +++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java @@ -43,7 +43,7 @@ public class AdminClient { HttpClient client = new HttpClientBuilder() .disableTrustManager().build(); try { - HttpGet get = new HttpGet(AdapterUtils.getOrigin(req.getRequestURL().toString(), session) + "/auth/admin/realms/demo/roles"); + HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/auth/admin/realms/demo/roles"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java index 0cb400f2a4..3a0409b9dc 100755 --- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java +++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java @@ -7,8 +7,10 @@ import org.apache.http.client.methods.HttpGet; import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.AdapterUtils; import org.keycloak.adapters.HttpClientBuilder; +import org.keycloak.constants.ServiceUrlConstants; import org.keycloak.representations.IDToken; import org.keycloak.util.JsonSerialization; +import org.keycloak.util.KeycloakUriBuilder; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; @@ -50,7 +52,7 @@ public class CustomerDatabaseClient { HttpClient client = new HttpClientBuilder() .disableTrustManager().build(); try { - HttpGet get = new HttpGet(AdapterUtils.getOrigin(req.getRequestURL().toString(), session) + "/database/customers"); + HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/customers"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java index c8e9cf000c..f259d0c0c4 100755 --- a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java +++ b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java @@ -40,7 +40,7 @@ public class ProductDatabaseClient HttpClient client = new HttpClientBuilder() .disableTrustManager().build(); try { - HttpGet get = new HttpGet(AdapterUtils.getOrigin(req.getRequestURL().toString(), session) + "/database/products"); + HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/products"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java index e0551fcfe9..632c66af3f 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java @@ -16,15 +16,27 @@ public class AdapterUtils { private static Logger log = Logger.getLogger(AdapterUtils.class); - public static String getOrigin(String browserRequestURL, KeycloakSecurityContext session) { + /** + * Best effort to find origin for REST request calls from web UI application to REST application. In case of relative or absolute + * "auth-server-url" is returned the URL from request. In case of "auth-server-url-for-backend-request" used in configuration, it returns + * the origin of auth server. + * + * This may be the optimization in cluster, so if you have keycloak and applications on same host, the REST request doesn't need to + * go through loadbalancer, but can be sent directly to same host. + * + * @param browserRequestURL + * @param session + * @return + */ + public static String getOriginForRestCalls(String browserRequestURL, KeycloakSecurityContext session) { if (session instanceof RefreshableKeycloakSecurityContext) { KeycloakDeployment deployment = ((RefreshableKeycloakSecurityContext)session).getDeployment(); switch (deployment.getRelativeUrls()) { case ALL_REQUESTS: + case NEVER: // Resolve baseURI from the request return UriUtils.getOrigin(browserRequestURL); case BROWSER_ONLY: - case NEVER: // Resolve baseURI from the codeURL (This is already non-relative and based on our hostname) return UriUtils.getOrigin(deployment.getCodeUrl()); default: