From 50f148cd7c3a4b9a931b2d0a6f7aa82e5cff7cf8 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 2 Oct 2014 17:42:11 +0200 Subject: [PATCH] Use one option "auth-server-url-for-backend-requests" instead of 3 options --- .../adapters/config/AdapterConfig.java | 34 ++++--------------- .../src/main/webapp/WEB-INF/keycloak.json | 3 +- .../src/main/webapp/WEB-INF/keycloak.json | 3 +- .../src/main/webapp/WEB-INF/keycloak.json | 3 +- .../src/main/webapp/WEB-INF/keycloak.json | 3 +- .../keycloak/adapters/KeycloakDeployment.java | 12 ++++--- .../servlet/ServletOAuthClientBuilder.java | 14 +++++--- testsuite/docker-cluster/fig.yml | 2 +- testsuite/docker-cluster/httpd/httpd.conf | 2 +- .../docker-cluster/wildfly/deploy-examples.sh | 7 ++-- 10 files changed, 34 insertions(+), 49 deletions(-) diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java index 587d30a938..fd54ce2b3e 100755 --- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java +++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java @@ -17,7 +17,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder; "connection-pool-size", "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", "client-keystore", "client-keystore-password", "client-key-password", - "use-hostname-for-local-requests", "local-requests-scheme", "local-requests-port" + "auth-server-url-for-backend-requests" }) public class AdapterConfig extends BaseAdapterConfig { @@ -37,12 +37,8 @@ public class AdapterConfig extends BaseAdapterConfig { protected String clientKeyPassword; @JsonProperty("connection-pool-size") protected int connectionPoolSize = 20; - @JsonProperty("use-hostname-for-local-requests") - protected boolean useHostnameForLocalRequests; - @JsonProperty("local-requests-scheme") - protected String localRequestsScheme = "http"; - @JsonProperty("local-requests-port") - protected int localRequestsPort = 8080; + @JsonProperty("auth-server-url-for-backend-requests") + protected String authServerUrlForBackendRequests; public boolean isAllowAnyHostname() { return allowAnyHostname; @@ -108,27 +104,11 @@ public class AdapterConfig extends BaseAdapterConfig { this.connectionPoolSize = connectionPoolSize; } - public boolean isUseHostnameForLocalRequests() { - return useHostnameForLocalRequests; + public String getAuthServerUrlForBackendRequests() { + return authServerUrlForBackendRequests; } - public void setUseHostnameForLocalRequests(boolean useHostnameForLocalRequests) { - this.useHostnameForLocalRequests = useHostnameForLocalRequests; - } - - public String getLocalRequestsScheme() { - return localRequestsScheme; - } - - public void setLocalRequestsScheme(String localRequestsScheme) { - this.localRequestsScheme = localRequestsScheme; - } - - public int getLocalRequestsPort() { - return localRequestsPort; - } - - public void setLocalRequestsPort(int localRequestsPort) { - this.localRequestsPort = localRequestsPort; + public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) { + this.authServerUrlForBackendRequests = authServerUrlForBackendRequests; } } diff --git a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json index ca0707e817..c2241b3e91 100755 --- a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json +++ b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json @@ -7,6 +7,5 @@ "expose-token": true, "credentials": { "secret": "password" - }, - "use-hostname-for-local-requests": false + } } diff --git a/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json index c1ae517caf..0a86c041c7 100755 --- a/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json +++ b/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json @@ -6,6 +6,5 @@ "ssl-required" : "external", "credentials" : { "secret": "password" - }, - "use-hostname-for-local-requests": false + } } diff --git a/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json index 14bbd79ff2..559df05f0a 100755 --- a/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json +++ b/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json @@ -5,6 +5,5 @@ "ssl-required" : "external", "credentials" : { "secret": "password" - }, - "use-hostname-for-local-requests": false + } } \ No newline at end of file diff --git a/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json index 14bbd79ff2..559df05f0a 100755 --- a/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json +++ b/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json @@ -5,6 +5,5 @@ "ssl-required" : "external", "credentials" : { "secret": "password" - }, - "use-hostname-for-local-requests": false + } } \ No newline at end of file diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java index 9709294c0f..db284b19e0 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java @@ -7,7 +7,6 @@ import org.keycloak.enums.RelativeUrlsUsed; import org.keycloak.enums.SslRequired; import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.util.KeycloakUriBuilder; -import org.keycloak.util.UriUtils; import java.net.URI; import java.security.PublicKey; @@ -87,15 +86,18 @@ public class KeycloakDeployment { URI uri = URI.create(authServerBaseUrl); if (uri.getHost() == null) { - if (config.isUseHostnameForLocalRequests()) { + String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests(); + if (authServerURLForBackendReqs != null) { relativeUrls = RelativeUrlsUsed.BROWSER_ONLY; - KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl); - serverBuilder.host(UriUtils.getHostName()).port(config.getLocalRequestsPort()).scheme(config.getLocalRequestsScheme()); + KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs); + if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) { + throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: " + + authServerURLForBackendReqs + ", Client: " + config.getResource()); + } resolveNonBrowserUrls(serverBuilder); } else { relativeUrls = RelativeUrlsUsed.ALL_REQUESTS; - return; } } else { // We have absolute URI in config diff --git a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java index ffc50ebe9e..ba4135697b 100755 --- a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java +++ b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java @@ -57,13 +57,17 @@ public class ServletOAuthClientBuilder { String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString(); - KeycloakUriBuilder tokenUrlBuilder = serverBuilder.clone(); - KeycloakUriBuilder refreshUrlBuilder = serverBuilder.clone(); + KeycloakUriBuilder tokenUrlBuilder; + KeycloakUriBuilder refreshUrlBuilder; if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) { // Use absolute URI for refreshToken and codeToToken requests - tokenUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort()); - refreshUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort()); + KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests()); + tokenUrlBuilder = nonBrowsersServerBuilder.clone(); + refreshUrlBuilder = nonBrowsersServerBuilder.clone(); + } else { + tokenUrlBuilder = serverBuilder.clone(); + refreshUrlBuilder = serverBuilder.clone(); } String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString(); String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString(); @@ -74,7 +78,7 @@ public class ServletOAuthClientBuilder { private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) { if (serverBuilder.clone().getHost() == null) { - return (adapterConfig.isUseHostnameForLocalRequests()) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS; + return (adapterConfig.getAuthServerUrlForBackendRequests() != null) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS; } else { return RelativeUrlsUsed.NEVER; } diff --git a/testsuite/docker-cluster/fig.yml b/testsuite/docker-cluster/fig.yml index a1c4c6dbe4..046d73b3f7 100644 --- a/testsuite/docker-cluster/fig.yml +++ b/testsuite/docker-cluster/fig.yml @@ -1,7 +1,7 @@ httpd: build: httpd ports: - - "8000:8000" + - "8000:80" - "10001:10001" volumes_from: - mysql diff --git a/testsuite/docker-cluster/httpd/httpd.conf b/testsuite/docker-cluster/httpd/httpd.conf index 7d2d355050..8d3758ebdb 100644 --- a/testsuite/docker-cluster/httpd/httpd.conf +++ b/testsuite/docker-cluster/httpd/httpd.conf @@ -49,7 +49,7 @@ ServerRoot "/opt/jboss/httpd/httpd" # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen 8000 +Listen 80 # # Dynamic Shared Object (DSO) Support diff --git a/testsuite/docker-cluster/wildfly/deploy-examples.sh b/testsuite/docker-cluster/wildfly/deploy-examples.sh index 7da2946bca..4cafe69d40 100644 --- a/testsuite/docker-cluster/wildfly/deploy-examples.sh +++ b/testsuite/docker-cluster/wildfly/deploy-examples.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Deploy and configure all examples +## Deploy and configure all examples # Deploy examples cd /keycloak-docker-cluster/examples @@ -25,10 +25,13 @@ sed -i -e 's/false/true/' admin-access.war/WEB-INF/web.xml # Configure other examples for I in *.war/WEB-INF/keycloak.json; do - sed -i -e 's/\"use-hostname-for-local-requests\": false/\"use-hostname-for-local-requests\": true/' $I; + sed -i -e 's/\"\/auth\",/&\n \"auth-server-url-for-backend-requests\": \"http:\/\/\$\{jboss.host.name\}:8080\/auth\",/' $I; done; # Enable distributable for customer-portal sed -i -e 's/<\/module-name>/&\n /' customer-portal.war/WEB-INF/web.xml +# Configure testrealm.json - Enable adminUrl to access adapters on local machine +sed -i -e 's/\"adminUrl\": \"/&http:\/\/\$\{jboss.host.name\}:8080/' /keycloak-docker-cluster/examples/testrealm.json +