Use one option "auth-server-url-for-backend-requests" instead of 3 options

2014-10-02 17:42:11 +02:00 · 2014-10-02 17:42:11 +02:00 · 50f148cd7c
commit 50f148cd7c
parent 72b5632cfe
10 changed files with 34 additions and 49 deletions
--- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
@ -17,7 +17,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
        "connection-pool-size",
        "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
        "client-keystore", "client-keystore-password", "client-key-password",
-        "use-hostname-for-local-requests", "local-requests-scheme", "local-requests-port"
+        "auth-server-url-for-backend-requests"
 })
 public class AdapterConfig extends BaseAdapterConfig {

@ -37,12 +37,8 @@ public class AdapterConfig extends BaseAdapterConfig {
    protected String clientKeyPassword;
    @JsonProperty("connection-pool-size")
    protected int connectionPoolSize = 20;
-    @JsonProperty("use-hostname-for-local-requests")
-    protected boolean useHostnameForLocalRequests;
-    @JsonProperty("local-requests-scheme")
-    protected String localRequestsScheme = "http";
-    @JsonProperty("local-requests-port")
-    protected int localRequestsPort = 8080;
+    @JsonProperty("auth-server-url-for-backend-requests")
+    protected String authServerUrlForBackendRequests;

    public boolean isAllowAnyHostname() {
        return allowAnyHostname;
@ -108,27 +104,11 @@ public class AdapterConfig extends BaseAdapterConfig {
        this.connectionPoolSize = connectionPoolSize;
    }

-    public boolean isUseHostnameForLocalRequests() {
-        return useHostnameForLocalRequests;
+    public String getAuthServerUrlForBackendRequests() {
+        return authServerUrlForBackendRequests;
    }

-    public void setUseHostnameForLocalRequests(boolean useHostnameForLocalRequests) {
-        this.useHostnameForLocalRequests = useHostnameForLocalRequests;
-    }
-
-    public String getLocalRequestsScheme() {
-        return localRequestsScheme;
-    }
-
-    public void setLocalRequestsScheme(String localRequestsScheme) {
-        this.localRequestsScheme = localRequestsScheme;
-    }
-
-    public int getLocalRequestsPort() {
-        return localRequestsPort;
-    }
-
-    public void setLocalRequestsPort(int localRequestsPort) {
-        this.localRequestsPort = localRequestsPort;
+    public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) {
+        this.authServerUrlForBackendRequests = authServerUrlForBackendRequests;
    }
 }
--- a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
@ -7,6 +7,5 @@
    "expose-token": true,
    "credentials": {
        "secret": "password"
-    },
-    "use-hostname-for-local-requests": false
+    }
 }
--- a/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
@ -6,6 +6,5 @@
  "ssl-required" : "external",
  "credentials" : {
      "secret": "password"
-  },
-  "use-hostname-for-local-requests": false
+  }
 }
--- a/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
@ -5,6 +5,5 @@
  "ssl-required" : "external",
   "credentials" : {
       "secret": "password"
-   },
-   "use-hostname-for-local-requests": false
+   }
 }
--- a/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
@ -5,6 +5,5 @@
  "ssl-required" : "external",
   "credentials" : {
       "secret": "password"
-   },
-   "use-hostname-for-local-requests": false
+   }
 }
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@ -7,7 +7,6 @@ import org.keycloak.enums.RelativeUrlsUsed;
 import org.keycloak.enums.SslRequired;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.util.KeycloakUriBuilder;
-import org.keycloak.util.UriUtils;

 import java.net.URI;
 import java.security.PublicKey;
@ -87,15 +86,18 @@ public class KeycloakDeployment {

        URI uri = URI.create(authServerBaseUrl);
        if (uri.getHost() == null) {
-            if (config.isUseHostnameForLocalRequests()) {
+            String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
+            if (authServerURLForBackendReqs != null) {
                relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;

-                KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
-                serverBuilder.host(UriUtils.getHostName()).port(config.getLocalRequestsPort()).scheme(config.getLocalRequestsScheme());
+                KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
+                if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) {
+                    throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: "
+                            + authServerURLForBackendReqs + ", Client: " + config.getResource());
+                }
                resolveNonBrowserUrls(serverBuilder);
            } else {
                relativeUrls = RelativeUrlsUsed.ALL_REQUESTS;
-                return;
            }
        } else {
            // We have absolute URI in config
--- a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
+++ b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
@ -57,13 +57,17 @@ public class ServletOAuthClientBuilder {

        String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();

-        KeycloakUriBuilder tokenUrlBuilder = serverBuilder.clone();
-        KeycloakUriBuilder refreshUrlBuilder = serverBuilder.clone();
+        KeycloakUriBuilder tokenUrlBuilder;
+        KeycloakUriBuilder refreshUrlBuilder;

        if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
            // Use absolute URI for refreshToken and codeToToken requests
-            tokenUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
-            refreshUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
+            KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
+            tokenUrlBuilder = nonBrowsersServerBuilder.clone();
+            refreshUrlBuilder = nonBrowsersServerBuilder.clone();
+        } else {
+            tokenUrlBuilder = serverBuilder.clone();
+            refreshUrlBuilder = serverBuilder.clone();
        }
        String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
        String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
@ -74,7 +78,7 @@ public class ServletOAuthClientBuilder {

    private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
        if (serverBuilder.clone().getHost() == null) {
-            return (adapterConfig.isUseHostnameForLocalRequests()) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
+            return (adapterConfig.getAuthServerUrlForBackendRequests() != null) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
        } else {
            return RelativeUrlsUsed.NEVER;
        }
--- a/testsuite/docker-cluster/fig.yml
+++ b/testsuite/docker-cluster/fig.yml
@ -1,7 +1,7 @@
 httpd:
   build: httpd
   ports:
-      - "8000:8000"
+      - "8000:80"
      - "10001:10001"
   volumes_from:
      - mysql
--- a/testsuite/docker-cluster/httpd/httpd.conf
+++ b/testsuite/docker-cluster/httpd/httpd.conf
@ -49,7 +49,7 @@ ServerRoot "/opt/jboss/httpd/httpd"
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
-Listen 8000
+Listen 80

 #
 # Dynamic Shared Object (DSO) Support
--- a/testsuite/docker-cluster/wildfly/deploy-examples.sh
+++ b/testsuite/docker-cluster/wildfly/deploy-examples.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-# Deploy and configure all examples
+## Deploy and configure all examples

 # Deploy examples
 cd /keycloak-docker-cluster/examples
@ -25,10 +25,13 @@ sed -i -e 's/false/true/' admin-access.war/WEB-INF/web.xml

 # Configure other examples
 for I in *.war/WEB-INF/keycloak.json; do
-  sed -i -e 's/\"use-hostname-for-local-requests\": false/\"use-hostname-for-local-requests\": true/' $I;
+  sed -i -e 's/\"\/auth\",/&\n    \"auth-server-url-for-backend-requests\": \"http:\/\/\$\{jboss.host.name\}:8080\/auth\",/' $I;
 done;

 # Enable distributable for customer-portal
 sed -i -e 's/<\/module-name>/&\n    <distributable \/>/' customer-portal.war/WEB-INF/web.xml

+# Configure testrealm.json - Enable adminUrl to access adapters on local machine
+sed -i -e 's/\"adminUrl\": \"/&http:\/\/\$\{jboss.host.name\}:8080/' /keycloak-docker-cluster/examples/testrealm.json
+