Use one option "auth-server-url-for-backend-requests" instead of 3 options

This commit is contained in:
mposolda 2014-10-02 17:42:11 +02:00
parent 72b5632cfe
commit 50f148cd7c
10 changed files with 34 additions and 49 deletions

View file

@ -17,7 +17,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
"connection-pool-size",
"allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
"client-keystore", "client-keystore-password", "client-key-password",
"use-hostname-for-local-requests", "local-requests-scheme", "local-requests-port"
"auth-server-url-for-backend-requests"
})
public class AdapterConfig extends BaseAdapterConfig {
@ -37,12 +37,8 @@ public class AdapterConfig extends BaseAdapterConfig {
protected String clientKeyPassword;
@JsonProperty("connection-pool-size")
protected int connectionPoolSize = 20;
@JsonProperty("use-hostname-for-local-requests")
protected boolean useHostnameForLocalRequests;
@JsonProperty("local-requests-scheme")
protected String localRequestsScheme = "http";
@JsonProperty("local-requests-port")
protected int localRequestsPort = 8080;
@JsonProperty("auth-server-url-for-backend-requests")
protected String authServerUrlForBackendRequests;
public boolean isAllowAnyHostname() {
return allowAnyHostname;
@ -108,27 +104,11 @@ public class AdapterConfig extends BaseAdapterConfig {
this.connectionPoolSize = connectionPoolSize;
}
public boolean isUseHostnameForLocalRequests() {
return useHostnameForLocalRequests;
public String getAuthServerUrlForBackendRequests() {
return authServerUrlForBackendRequests;
}
public void setUseHostnameForLocalRequests(boolean useHostnameForLocalRequests) {
this.useHostnameForLocalRequests = useHostnameForLocalRequests;
}
public String getLocalRequestsScheme() {
return localRequestsScheme;
}
public void setLocalRequestsScheme(String localRequestsScheme) {
this.localRequestsScheme = localRequestsScheme;
}
public int getLocalRequestsPort() {
return localRequestsPort;
}
public void setLocalRequestsPort(int localRequestsPort) {
this.localRequestsPort = localRequestsPort;
public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) {
this.authServerUrlForBackendRequests = authServerUrlForBackendRequests;
}
}

View file

@ -7,6 +7,5 @@
"expose-token": true,
"credentials": {
"secret": "password"
},
"use-hostname-for-local-requests": false
}
}

View file

@ -6,6 +6,5 @@
"ssl-required" : "external",
"credentials" : {
"secret": "password"
},
"use-hostname-for-local-requests": false
}
}

View file

@ -5,6 +5,5 @@
"ssl-required" : "external",
"credentials" : {
"secret": "password"
},
"use-hostname-for-local-requests": false
}
}

View file

@ -5,6 +5,5 @@
"ssl-required" : "external",
"credentials" : {
"secret": "password"
},
"use-hostname-for-local-requests": false
}
}

View file

@ -7,7 +7,6 @@ import org.keycloak.enums.RelativeUrlsUsed;
import org.keycloak.enums.SslRequired;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.KeycloakUriBuilder;
import org.keycloak.util.UriUtils;
import java.net.URI;
import java.security.PublicKey;
@ -87,15 +86,18 @@ public class KeycloakDeployment {
URI uri = URI.create(authServerBaseUrl);
if (uri.getHost() == null) {
if (config.isUseHostnameForLocalRequests()) {
String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
if (authServerURLForBackendReqs != null) {
relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
serverBuilder.host(UriUtils.getHostName()).port(config.getLocalRequestsPort()).scheme(config.getLocalRequestsScheme());
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) {
throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: "
+ authServerURLForBackendReqs + ", Client: " + config.getResource());
}
resolveNonBrowserUrls(serverBuilder);
} else {
relativeUrls = RelativeUrlsUsed.ALL_REQUESTS;
return;
}
} else {
// We have absolute URI in config

View file

@ -57,13 +57,17 @@ public class ServletOAuthClientBuilder {
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
KeycloakUriBuilder tokenUrlBuilder = serverBuilder.clone();
KeycloakUriBuilder refreshUrlBuilder = serverBuilder.clone();
KeycloakUriBuilder tokenUrlBuilder;
KeycloakUriBuilder refreshUrlBuilder;
if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
// Use absolute URI for refreshToken and codeToToken requests
tokenUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
refreshUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
tokenUrlBuilder = nonBrowsersServerBuilder.clone();
refreshUrlBuilder = nonBrowsersServerBuilder.clone();
} else {
tokenUrlBuilder = serverBuilder.clone();
refreshUrlBuilder = serverBuilder.clone();
}
String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
@ -74,7 +78,7 @@ public class ServletOAuthClientBuilder {
private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
if (serverBuilder.clone().getHost() == null) {
return (adapterConfig.isUseHostnameForLocalRequests()) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
return (adapterConfig.getAuthServerUrlForBackendRequests() != null) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
} else {
return RelativeUrlsUsed.NEVER;
}

View file

@ -1,7 +1,7 @@
httpd:
build: httpd
ports:
- "8000:8000"
- "8000:80"
- "10001:10001"
volumes_from:
- mysql

View file

@ -49,7 +49,7 @@ ServerRoot "/opt/jboss/httpd/httpd"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 8000
Listen 80
#
# Dynamic Shared Object (DSO) Support

View file

@ -1,6 +1,6 @@
#!/bin/bash
# Deploy and configure all examples
## Deploy and configure all examples
# Deploy examples
cd /keycloak-docker-cluster/examples
@ -25,10 +25,13 @@ sed -i -e 's/false/true/' admin-access.war/WEB-INF/web.xml
# Configure other examples
for I in *.war/WEB-INF/keycloak.json; do
sed -i -e 's/\"use-hostname-for-local-requests\": false/\"use-hostname-for-local-requests\": true/' $I;
sed -i -e 's/\"\/auth\",/&\n \"auth-server-url-for-backend-requests\": \"http:\/\/\$\{jboss.host.name\}:8080\/auth\",/' $I;
done;
# Enable distributable for customer-portal
sed -i -e 's/<\/module-name>/&\n <distributable \/>/' customer-portal.war/WEB-INF/web.xml
# Configure testrealm.json - Enable adminUrl to access adapters on local machine
sed -i -e 's/\"adminUrl\": \"/&http:\/\/\$\{jboss.host.name\}:8080/' /keycloak-docker-cluster/examples/testrealm.json