Use one option "auth-server-url-for-backend-requests" instead of 3 options
This commit is contained in:
parent
72b5632cfe
commit
50f148cd7c
10 changed files with 34 additions and 49 deletions
|
@ -17,7 +17,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
|
|||
"connection-pool-size",
|
||||
"allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
|
||||
"client-keystore", "client-keystore-password", "client-key-password",
|
||||
"use-hostname-for-local-requests", "local-requests-scheme", "local-requests-port"
|
||||
"auth-server-url-for-backend-requests"
|
||||
})
|
||||
public class AdapterConfig extends BaseAdapterConfig {
|
||||
|
||||
|
@ -37,12 +37,8 @@ public class AdapterConfig extends BaseAdapterConfig {
|
|||
protected String clientKeyPassword;
|
||||
@JsonProperty("connection-pool-size")
|
||||
protected int connectionPoolSize = 20;
|
||||
@JsonProperty("use-hostname-for-local-requests")
|
||||
protected boolean useHostnameForLocalRequests;
|
||||
@JsonProperty("local-requests-scheme")
|
||||
protected String localRequestsScheme = "http";
|
||||
@JsonProperty("local-requests-port")
|
||||
protected int localRequestsPort = 8080;
|
||||
@JsonProperty("auth-server-url-for-backend-requests")
|
||||
protected String authServerUrlForBackendRequests;
|
||||
|
||||
public boolean isAllowAnyHostname() {
|
||||
return allowAnyHostname;
|
||||
|
@ -108,27 +104,11 @@ public class AdapterConfig extends BaseAdapterConfig {
|
|||
this.connectionPoolSize = connectionPoolSize;
|
||||
}
|
||||
|
||||
public boolean isUseHostnameForLocalRequests() {
|
||||
return useHostnameForLocalRequests;
|
||||
public String getAuthServerUrlForBackendRequests() {
|
||||
return authServerUrlForBackendRequests;
|
||||
}
|
||||
|
||||
public void setUseHostnameForLocalRequests(boolean useHostnameForLocalRequests) {
|
||||
this.useHostnameForLocalRequests = useHostnameForLocalRequests;
|
||||
}
|
||||
|
||||
public String getLocalRequestsScheme() {
|
||||
return localRequestsScheme;
|
||||
}
|
||||
|
||||
public void setLocalRequestsScheme(String localRequestsScheme) {
|
||||
this.localRequestsScheme = localRequestsScheme;
|
||||
}
|
||||
|
||||
public int getLocalRequestsPort() {
|
||||
return localRequestsPort;
|
||||
}
|
||||
|
||||
public void setLocalRequestsPort(int localRequestsPort) {
|
||||
this.localRequestsPort = localRequestsPort;
|
||||
public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) {
|
||||
this.authServerUrlForBackendRequests = authServerUrlForBackendRequests;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,6 +7,5 @@
|
|||
"expose-token": true,
|
||||
"credentials": {
|
||||
"secret": "password"
|
||||
},
|
||||
"use-hostname-for-local-requests": false
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,6 +6,5 @@
|
|||
"ssl-required" : "external",
|
||||
"credentials" : {
|
||||
"secret": "password"
|
||||
},
|
||||
"use-hostname-for-local-requests": false
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,6 +5,5 @@
|
|||
"ssl-required" : "external",
|
||||
"credentials" : {
|
||||
"secret": "password"
|
||||
},
|
||||
"use-hostname-for-local-requests": false
|
||||
}
|
||||
}
|
|
@ -5,6 +5,5 @@
|
|||
"ssl-required" : "external",
|
||||
"credentials" : {
|
||||
"secret": "password"
|
||||
},
|
||||
"use-hostname-for-local-requests": false
|
||||
}
|
||||
}
|
|
@ -7,7 +7,6 @@ import org.keycloak.enums.RelativeUrlsUsed;
|
|||
import org.keycloak.enums.SslRequired;
|
||||
import org.keycloak.representations.adapters.config.AdapterConfig;
|
||||
import org.keycloak.util.KeycloakUriBuilder;
|
||||
import org.keycloak.util.UriUtils;
|
||||
|
||||
import java.net.URI;
|
||||
import java.security.PublicKey;
|
||||
|
@ -87,15 +86,18 @@ public class KeycloakDeployment {
|
|||
|
||||
URI uri = URI.create(authServerBaseUrl);
|
||||
if (uri.getHost() == null) {
|
||||
if (config.isUseHostnameForLocalRequests()) {
|
||||
String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
|
||||
if (authServerURLForBackendReqs != null) {
|
||||
relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;
|
||||
|
||||
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
|
||||
serverBuilder.host(UriUtils.getHostName()).port(config.getLocalRequestsPort()).scheme(config.getLocalRequestsScheme());
|
||||
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
|
||||
if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) {
|
||||
throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: "
|
||||
+ authServerURLForBackendReqs + ", Client: " + config.getResource());
|
||||
}
|
||||
resolveNonBrowserUrls(serverBuilder);
|
||||
} else {
|
||||
relativeUrls = RelativeUrlsUsed.ALL_REQUESTS;
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
// We have absolute URI in config
|
||||
|
|
|
@ -57,13 +57,17 @@ public class ServletOAuthClientBuilder {
|
|||
|
||||
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
|
||||
|
||||
KeycloakUriBuilder tokenUrlBuilder = serverBuilder.clone();
|
||||
KeycloakUriBuilder refreshUrlBuilder = serverBuilder.clone();
|
||||
KeycloakUriBuilder tokenUrlBuilder;
|
||||
KeycloakUriBuilder refreshUrlBuilder;
|
||||
|
||||
if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
|
||||
// Use absolute URI for refreshToken and codeToToken requests
|
||||
tokenUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
|
||||
refreshUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
|
||||
KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
|
||||
tokenUrlBuilder = nonBrowsersServerBuilder.clone();
|
||||
refreshUrlBuilder = nonBrowsersServerBuilder.clone();
|
||||
} else {
|
||||
tokenUrlBuilder = serverBuilder.clone();
|
||||
refreshUrlBuilder = serverBuilder.clone();
|
||||
}
|
||||
String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
|
||||
String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
|
||||
|
@ -74,7 +78,7 @@ public class ServletOAuthClientBuilder {
|
|||
|
||||
private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
|
||||
if (serverBuilder.clone().getHost() == null) {
|
||||
return (adapterConfig.isUseHostnameForLocalRequests()) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
|
||||
return (adapterConfig.getAuthServerUrlForBackendRequests() != null) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
|
||||
} else {
|
||||
return RelativeUrlsUsed.NEVER;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
httpd:
|
||||
build: httpd
|
||||
ports:
|
||||
- "8000:8000"
|
||||
- "8000:80"
|
||||
- "10001:10001"
|
||||
volumes_from:
|
||||
- mysql
|
||||
|
|
|
@ -49,7 +49,7 @@ ServerRoot "/opt/jboss/httpd/httpd"
|
|||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 8000
|
||||
Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Deploy and configure all examples
|
||||
## Deploy and configure all examples
|
||||
|
||||
# Deploy examples
|
||||
cd /keycloak-docker-cluster/examples
|
||||
|
@ -25,10 +25,13 @@ sed -i -e 's/false/true/' admin-access.war/WEB-INF/web.xml
|
|||
|
||||
# Configure other examples
|
||||
for I in *.war/WEB-INF/keycloak.json; do
|
||||
sed -i -e 's/\"use-hostname-for-local-requests\": false/\"use-hostname-for-local-requests\": true/' $I;
|
||||
sed -i -e 's/\"\/auth\",/&\n \"auth-server-url-for-backend-requests\": \"http:\/\/\$\{jboss.host.name\}:8080\/auth\",/' $I;
|
||||
done;
|
||||
|
||||
# Enable distributable for customer-portal
|
||||
sed -i -e 's/<\/module-name>/&\n <distributable \/>/' customer-portal.war/WEB-INF/web.xml
|
||||
|
||||
# Configure testrealm.json - Enable adminUrl to access adapters on local machine
|
||||
sed -i -e 's/\"adminUrl\": \"/&http:\/\/\$\{jboss.host.name\}:8080/' /keycloak-docker-cluster/examples/testrealm.json
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue