Make it easier to run demo on different host then auth-server

2015-01-16 17:39:18 +01:00 · 2015-01-16 17:39:18 +01:00 · 2e04ac549e
commit 2e04ac549e
parent ef0201718f
4 changed files with 19 additions and 5 deletions
--- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java
+++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java
@ -43,7 +43,7 @@ public class AdminClient {
        HttpClient client = new HttpClientBuilder()
                .disableTrustManager().build();
        try {
-            HttpGet get = new HttpGet(AdapterUtils.getOrigin(req.getRequestURL().toString(), session) + "/auth/admin/realms/demo/roles");
+            HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/auth/admin/realms/demo/roles");
            get.addHeader("Authorization", "Bearer " + session.getTokenString());
            try {
                HttpResponse response = client.execute(get);
--- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
+++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
@ -7,8 +7,10 @@ import org.apache.http.client.methods.HttpGet;
 import org.keycloak.KeycloakSecurityContext;
 import org.keycloak.adapters.AdapterUtils;
 import org.keycloak.adapters.HttpClientBuilder;
+import org.keycloak.constants.ServiceUrlConstants;
 import org.keycloak.representations.IDToken;
 import org.keycloak.util.JsonSerialization;
+import org.keycloak.util.KeycloakUriBuilder;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@ -50,7 +52,7 @@ public class CustomerDatabaseClient {
        HttpClient client = new HttpClientBuilder()
                .disableTrustManager().build();
        try {
-            HttpGet get = new HttpGet(AdapterUtils.getOrigin(req.getRequestURL().toString(), session) + "/database/customers");
+            HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/customers");
            get.addHeader("Authorization", "Bearer " + session.getTokenString());
            try {
                HttpResponse response = client.execute(get);
--- a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
+++ b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@ -40,7 +40,7 @@ public class ProductDatabaseClient
        HttpClient client = new HttpClientBuilder()
                .disableTrustManager().build();
        try {
-            HttpGet get = new HttpGet(AdapterUtils.getOrigin(req.getRequestURL().toString(), session) + "/database/products");
+            HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/products");
            get.addHeader("Authorization", "Bearer " + session.getTokenString());
            try {
                HttpResponse response = client.execute(get);
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java
@ -16,15 +16,27 @@ public class AdapterUtils {

    private static Logger log = Logger.getLogger(AdapterUtils.class);

-    public static String getOrigin(String browserRequestURL, KeycloakSecurityContext session) {
+    /**
+     * Best effort to find origin for REST request calls from web UI application to REST application. In case of relative or absolute
+     * "auth-server-url" is returned the URL from request. In case of "auth-server-url-for-backend-request" used in configuration, it returns
+     * the origin of auth server.
+     *
+     * This may be the optimization in cluster, so if you have keycloak and applications on same host, the REST request doesn't need to
+     * go through loadbalancer, but can be sent directly to same host.
+     *
+     * @param browserRequestURL
+     * @param session
+     * @return
+     */
+    public static String getOriginForRestCalls(String browserRequestURL, KeycloakSecurityContext session) {
        if (session instanceof RefreshableKeycloakSecurityContext) {
            KeycloakDeployment deployment = ((RefreshableKeycloakSecurityContext)session).getDeployment();
            switch (deployment.getRelativeUrls()) {
                case ALL_REQUESTS:
+                case NEVER:
                    // Resolve baseURI from the request
                    return UriUtils.getOrigin(browserRequestURL);
                case BROWSER_ONLY:
-                case NEVER:
                    // Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
                    return UriUtils.getOrigin(deployment.getCodeUrl());
                default: