Merge pull request #728 from mposolda/master

KEYCLOAK-731
2014-10-02 19:19:09 +02:00 · 2014-10-02 19:19:09 +02:00 · 4050cf9ac3
commit 4050cf9ac3
parent 8855bcf3c1 50f148cd7c
15 changed files with 139 additions and 51 deletions
--- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
@ -10,14 +10,14 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
 * @version $Revision: 1 $
 */
@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-required",
-        "resource", "credentials",
+        "resource", "public-client", "credentials",
        "use-resource-role-mappings",
        "enable-cors", "cors-max-age", "cors-allowed-methods",
        "expose-token", "bearer-only",
        "connection-pool-size",
        "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
        "client-keystore", "client-keystore-password", "client-key-password",
-        "use-hostname-for-local-requests", "local-requests-scheme", "local-requests-port"
+        "auth-server-url-for-backend-requests"
 })
 public class AdapterConfig extends BaseAdapterConfig {
@ -37,12 +37,8 @@ public class AdapterConfig extends BaseAdapterConfig {
    protected String clientKeyPassword;
    @JsonProperty("connection-pool-size")
    protected int connectionPoolSize = 20;
-    @JsonProperty("use-hostname-for-local-requests")
+    @JsonProperty("auth-server-url-for-backend-requests")
-    protected boolean useHostnameForLocalRequests;
+    protected String authServerUrlForBackendRequests;
    @JsonProperty("local-requests-scheme")
    protected String localRequestsScheme = "http";
    @JsonProperty("local-requests-port")
    protected int localRequestsPort = 8080;
    public boolean isAllowAnyHostname() {
        return allowAnyHostname;
@ -108,27 +104,11 @@ public class AdapterConfig extends BaseAdapterConfig {
        this.connectionPoolSize = connectionPoolSize;
    }
-    public boolean isUseHostnameForLocalRequests() {
+    public String getAuthServerUrlForBackendRequests() {
-        return useHostnameForLocalRequests;
+        return authServerUrlForBackendRequests;
    }
-    public void setUseHostnameForLocalRequests(boolean useHostnameForLocalRequests) {
+    public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) {
-        this.useHostnameForLocalRequests = useHostnameForLocalRequests;
+        this.authServerUrlForBackendRequests = authServerUrlForBackendRequests;
    }
    public String getLocalRequestsScheme() {
        return localRequestsScheme;
    }
    public void setLocalRequestsScheme(String localRequestsScheme) {
        this.localRequestsScheme = localRequestsScheme;
    }
    public int getLocalRequestsPort() {
        return localRequestsPort;
    }
    public void setLocalRequestsPort(int localRequestsPort) {
        this.localRequestsPort = localRequestsPort;
    }
 }
--- a/core/src/main/java/org/keycloak/util/JsonSerialization.java
+++ b/core/src/main/java/org/keycloak/util/JsonSerialization.java
@ -17,6 +17,7 @@ import java.io.OutputStream;
 public class JsonSerialization {
    public static final ObjectMapper mapper = new ObjectMapper();
    public static final ObjectMapper prettyMapper = new ObjectMapper();
    public static final ObjectMapper sysPropertiesAwareMapper = new ObjectMapper(new SystemPropertiesJsonParserFactory());
    static {
        mapper.setSerializationInclusion(JsonSerialize.Inclusion.NON_NULL);
@ -49,6 +50,10 @@ public class JsonSerialization {
        return mapper.readValue(bytes, type);
    }
    public static <T> T readValueAndReplaceSysProperties(InputStream bytes, Class<T> type) throws IOException {
        return sysPropertiesAwareMapper.readValue(bytes, type);
    }
 }
--- a/core/src/main/java/org/keycloak/util/SystemPropertiesJsonParserFactory.java
+++ b/core/src/main/java/org/keycloak/util/SystemPropertiesJsonParserFactory.java
@ -0,0 +1,51 @@
 package org.keycloak.util;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.Reader;
 import org.codehaus.jackson.JsonParser;
 import org.codehaus.jackson.io.IOContext;
 import org.codehaus.jackson.map.MappingJsonFactory;
 import org.codehaus.jackson.util.JsonParserDelegate;
 /**
 * Provides replacing of system properties for parsed values
 *
 * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
 */
 public class SystemPropertiesJsonParserFactory extends MappingJsonFactory {
    @Override
    protected JsonParser _createJsonParser(byte[] data, int offset, int len, IOContext ctxt) throws IOException {
        JsonParser delegate = super._createJsonParser(data, offset, len, ctxt);
        return new SystemPropertiesAwareJsonParser(delegate);
    }
    @Override
    protected JsonParser _createJsonParser(Reader r, IOContext ctxt) throws IOException {
        JsonParser delegate = super._createJsonParser(r, ctxt);
        return new SystemPropertiesAwareJsonParser(delegate);
    }
    @Override
    protected JsonParser _createJsonParser(InputStream in, IOContext ctxt) throws IOException {
        JsonParser delegate = super._createJsonParser(in, ctxt);
        return new SystemPropertiesAwareJsonParser(delegate);
    }
    public static class SystemPropertiesAwareJsonParser extends JsonParserDelegate {
        public SystemPropertiesAwareJsonParser(JsonParser d) {
            super(d);
        }
        @Override
        public String getText() throws IOException {
            String orig = super.getText();
            return StringPropertyReplacer.replaceProperties(orig);
        }
    }
 }
--- a/core/src/test/java/org/keycloak/JsonParserTest.java
+++ b/core/src/test/java/org/keycloak/JsonParserTest.java
@ -0,0 +1,33 @@
 package org.keycloak;
 import java.io.IOException;
 import java.io.InputStream;
 import org.junit.Assert;
 import org.junit.Test;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.util.JsonSerialization;
 /**
 * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
 */
 public class JsonParserTest {
    @Test
    public void testParsingSystemProps() throws IOException {
        System.setProperty("my.host", "foo");
        System.setProperty("con.pool.size", "200");
        System.setProperty("allow.any.hostname", "true");
        InputStream is = getClass().getClassLoader().getResourceAsStream("keycloak.json");
        AdapterConfig config = JsonSerialization.readValueAndReplaceSysProperties(is, AdapterConfig.class);
        Assert.assertEquals("http://foo:8080/auth", config.getAuthServerUrl());
        Assert.assertEquals("external", config.getSslRequired());
        Assert.assertEquals("angular-product${non.existing}", config.getResource());
        Assert.assertTrue(config.isPublicClient());
        Assert.assertTrue(config.isAllowAnyHostname());
        Assert.assertEquals(100, config.getCorsMaxAge());
        Assert.assertEquals(200, config.getConnectionPoolSize());
    }
 }
--- a/core/src/test/resources/keycloak.json
+++ b/core/src/test/resources/keycloak.json
@ -0,0 +1,9 @@
 {
  "auth-server-url" : "http://${my.host}:8080/auth",
  "ssl-required" : "external",
  "resource" : "angular-product${non.existing}",
  "public-client" : true,
  "allow-any-hostname": "${allow.any.hostname}",
  "cors-max-age": 100,
  "connection-pool-size": "${con.pool.size}"
 }
--- a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
@ -7,6 +7,5 @@
    "expose-token": true,
    "credentials": {
        "secret": "password"
-    },
+    }
    "use-hostname-for-local-requests": false
 }
--- a/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
@ -6,6 +6,5 @@
  "ssl-required" : "external",
  "credentials" : {
      "secret": "password"
-  },
+  }
  "use-hostname-for-local-requests": false
 }
--- a/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
@ -5,6 +5,5 @@
  "ssl-required" : "external",
   "credentials" : {
       "secret": "password"
-   },
+   }
   "use-hostname-for-local-requests": false
 }
--- a/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
@ -5,6 +5,5 @@
  "ssl-required" : "external",
   "credentials" : {
       "secret": "password"
-   },
+   }
   "use-hostname-for-local-requests": false
 }
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@ -7,7 +7,6 @@ import org.keycloak.enums.RelativeUrlsUsed;
 import org.keycloak.enums.SslRequired;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.util.KeycloakUriBuilder;
 import org.keycloak.util.UriUtils;
 import java.net.URI;
 import java.security.PublicKey;
@ -87,15 +86,18 @@ public class KeycloakDeployment {
        URI uri = URI.create(authServerBaseUrl);
        if (uri.getHost() == null) {
-            if (config.isUseHostnameForLocalRequests()) {
+            String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
            if (authServerURLForBackendReqs != null) {
                relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;
-                KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
+                KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
-                serverBuilder.host(UriUtils.getHostName()).port(config.getLocalRequestsPort()).scheme(config.getLocalRequestsScheme());
+                if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) {
                    throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: "
                            + authServerURLForBackendReqs + ", Client: " + config.getResource());
                }
                resolveNonBrowserUrls(serverBuilder);
            } else {
                relativeUrls = RelativeUrlsUsed.ALL_REQUESTS;
                return;
            }
        } else {
            // We have absolute URI in config
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
@ -6,6 +6,7 @@ import org.jboss.logging.Logger;
 import org.keycloak.enums.SslRequired;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.util.PemUtils;
 import org.keycloak.util.SystemPropertiesJsonParserFactory;
 import java.io.IOException;
 import java.io.InputStream;
@ -79,7 +80,7 @@ public class KeycloakDeploymentBuilder {
    }
    public static KeycloakDeployment build(InputStream is) {
-        ObjectMapper mapper = new ObjectMapper();
+        ObjectMapper mapper = new ObjectMapper(new SystemPropertiesJsonParserFactory());
        mapper.setSerializationInclusion(JsonSerialize.Inclusion.NON_DEFAULT);
        AdapterConfig adapterConfig = null;
        try {
--- a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
+++ b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
@ -25,7 +25,7 @@ public class ServletOAuthClientBuilder {
    public static AdapterConfig getAdapterConfig(InputStream is) {
        try {
-            return JsonSerialization.readValue(is, AdapterConfig.class);
+            return JsonSerialization.readValueAndReplaceSysProperties(is, AdapterConfig.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
@ -57,13 +57,17 @@ public class ServletOAuthClientBuilder {
        String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
-        KeycloakUriBuilder tokenUrlBuilder = serverBuilder.clone();
+        KeycloakUriBuilder tokenUrlBuilder;
-        KeycloakUriBuilder refreshUrlBuilder = serverBuilder.clone();
+        KeycloakUriBuilder refreshUrlBuilder;
        if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
            // Use absolute URI for refreshToken and codeToToken requests
-            tokenUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
+            KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
-            refreshUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
+            tokenUrlBuilder = nonBrowsersServerBuilder.clone();
            refreshUrlBuilder = nonBrowsersServerBuilder.clone();
        } else {
            tokenUrlBuilder = serverBuilder.clone();
            refreshUrlBuilder = serverBuilder.clone();
        }
        String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
        String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
@ -74,7 +78,7 @@ public class ServletOAuthClientBuilder {
    private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
        if (serverBuilder.clone().getHost() == null) {
-            return (adapterConfig.isUseHostnameForLocalRequests()) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
+            return (adapterConfig.getAuthServerUrlForBackendRequests() != null) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
        } else {
            return RelativeUrlsUsed.NEVER;
        }
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowUserSessionManagement.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowUserSessionManagement.java
@ -151,6 +151,7 @@ public class UndertowUserSessionManagement implements SessionListener {
    public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) {
        // Look up the single session id associated with this session (if any)
        String username = getUsernameFromSession(session);
        log.debugf("Session destroyed for user: %s, sessionId: %s", username, session.getId());
        if (username == null) return;
        String sessionId = session.getId();
        UserSessions userSessions = userSessionMap.get(username);
--- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
@ -23,6 +23,7 @@ import org.keycloak.representations.adapters.action.UserStats;
 import org.keycloak.representations.adapters.action.UserStatsAction;
 import org.keycloak.services.util.HttpClientBuilder;
 import org.keycloak.services.util.ResolveRelative;
 import org.keycloak.util.StringPropertyReplacer;
 import org.keycloak.util.Time;
 import javax.ws.rs.core.MediaType;
@ -108,8 +109,10 @@ public class ResourceAdminManager {
        }
        // this is to support relative admin urls when keycloak and applications are deployed on the same machine
-        return ResolveRelative.resolveRelativeUri(requestUri, mgmtUrl);
+        String absoluteURI = ResolveRelative.resolveRelativeUri(requestUri, mgmtUrl);
        // this is for resolving URI like "http://${jboss.home.name}:8080/..." in order to send request to same machine and avoid LB in cluster env
        return StringPropertyReplacer.replaceProperties(absoluteURI);
    }
    public UserStats getUserStats(URI requestUri, RealmModel realm, ApplicationModel application, UserModel user) {
--- a/testsuite/docker-cluster/wildfly/deploy-examples.sh
+++ b/testsuite/docker-cluster/wildfly/deploy-examples.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-# Deploy and configure all examples
+## Deploy and configure all examples
 # Deploy examples
 cd /keycloak-docker-cluster/examples
@ -25,10 +25,13 @@ sed -i -e 's/false/true/' admin-access.war/WEB-INF/web.xml
 # Configure other examples
 for I in *.war/WEB-INF/keycloak.json; do
-  sed -i -e 's/\"use-hostname-for-local-requests\": false/\"use-hostname-for-local-requests\": true/' $I;
+  sed -i -e 's/\"\/auth\",/&\n    \"auth-server-url-for-backend-requests\": \"http:\/\/\$\{jboss.host.name\}:8080\/auth\",/' $I;
 done;
 # Enable distributable for customer-portal
 sed -i -e 's/<\/module-name>/&\n    <distributable \/>/' customer-portal.war/WEB-INF/web.xml
 # Configure testrealm.json - Enable adminUrl to access adapters on local machine
 sed -i -e 's/\"adminUrl\": \"/&http:\/\/\$\{jboss.host.name\}:8080/' /keycloak-docker-cluster/examples/testrealm.json