Merge pull request #4650 from pedroigor/KEYCLOAK-4439

[KEYCLOAK-4439] - Fixing elytron adapter for standalone apps
2017-11-08 22:10:25 -02:00 · 2017-11-08 22:10:25 -02:00 · 5119dc3ad5
commit 5119dc3ad5
parent d3b270d025 476dd1cef5
8 changed files with 100 additions and 59 deletions
--- a/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakConfigurationServletListener.java
+++ b/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakConfigurationServletListener.java
@ -50,27 +50,29 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
        ServletContext servletContext = sce.getServletContext();
        String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
        KeycloakConfigResolver configResolver;
-        AdapterDeploymentContext deploymentContext;
+        AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) servletContext.getAttribute(AdapterDeploymentContext.class.getName());

-        if (configResolverClass != null) {
-            try {
-                configResolver = (KeycloakConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
-                deploymentContext = new AdapterDeploymentContext(configResolver);
-            } catch (Exception ex) {
-                deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
-            }
-        } else {
-            InputStream is = getConfigInputStream(servletContext);
-
-            KeycloakDeployment deployment;
-
-            if (is == null) {
-                deployment = new KeycloakDeployment();
+        if (deploymentContext == null) {
+            if (configResolverClass != null) {
+                try {
+                    configResolver = (KeycloakConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
+                    deploymentContext = new AdapterDeploymentContext(configResolver);
+                } catch (Exception ex) {
+                    deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
+                }
            } else {
-                deployment = KeycloakDeploymentBuilder.build(is);
-            }
+                InputStream is = getConfigInputStream(servletContext);

-            deploymentContext = new AdapterDeploymentContext(deployment);
+                KeycloakDeployment deployment;
+
+                if (is == null) {
+                    deployment = new KeycloakDeployment();
+                } else {
+                    deployment = KeycloakDeploymentBuilder.build(is);
+                }
+
+                deploymentContext = new AdapterDeploymentContext(deployment);
+            }
        }

        servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java
@ -71,11 +71,10 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
        KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
        if (service.isSecureDeployment(deploymentUnit) && service.isDeploymentConfigured(deploymentUnit)) {
            addKeycloakAuthData(phaseContext, service);
-        } else if (service.isElytronEnabled(deploymentUnit)) {
-            WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
-            addConfigurationListener(warMetaData);
        }

+        addConfigurationListener(deploymentUnit);
+
        // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK

        // todo notsure if we need this
@ -104,10 +103,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
        loginConfig.setAuthMethod("KEYCLOAK");
        loginConfig.setRealmName(service.getRealmName(deploymentUnit));
        KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
-
-        if (service.isElytronEnabled(deploymentUnit)) {
-            addConfigurationListener(warMetaData);
-        }
    }

    private void addJSONData(String json, WarMetaData warMetaData) {
@ -130,7 +125,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
        webMetaData.setContextParams(contextParams);
    }

-    private void addConfigurationListener(WarMetaData warMetaData) {
+    private void addConfigurationListener(DeploymentUnit deploymentUnit) {
+        WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
        if (warMetaData == null) {
            return;
        }
--- a/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/ElytronHttpFacade.java
+++ b/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/ElytronHttpFacade.java
@ -103,9 +103,10 @@ class ElytronHttpFacade implements HttpFacade {

            if (anonymousAuthorizationCallback.isAuthorized()) {
                callbackHandler.handle(new Callback[]{AuthenticationCompleteCallback.SUCCEEDED, new SecurityIdentityCallback()});
+                request.authenticationComplete(response -> response.forward(getRequest().getRelativePath()));
+            } else {
+                request.noAuthenticationInProgress(response -> response.forward(getRequest().getRelativePath()));
            }
-
-            request.authenticationComplete(response -> response.forward(getRequest().getRelativePath()));
        } catch (Exception e) {
            throw new RuntimeException("Unexpected error processing callbacks during logout.", e);
        }
--- a/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakConfigurationServletListener.java
+++ b/adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/KeycloakConfigurationServletListener.java
@ -49,46 +49,50 @@ public class KeycloakConfigurationServletListener implements ServletContextListe

    protected static Logger log = Logger.getLogger(KeycloakConfigurationServletListener.class);

-    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = AdapterDeploymentContext.class.getName() + ".elytron";
+    static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName() + ".elytron";

    @Override
    public void contextInitialized(ServletContextEvent sce) {
        ServletContext servletContext = sce.getServletContext();
        String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
-        SamlDeploymentContext deploymentContext = null;
-        if (configResolverClass != null) {
-            try {
-                throw new RuntimeException("Not implemented yet");
-                //configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
-                //deploymentContext = new AdapterDeploymentContext(configResolver);
-                //log.info("Using " + configResolverClass + " to resolve Keycloak configuration on a per-request basis.");
-            } catch (Exception ex) {
-                log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
-                //deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
-            }
-        } else {
-            InputStream is = getConfigInputStream(servletContext);
-            final SamlDeployment deployment;
-            if (is == null) {
-                log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
-                deployment = new DefaultSamlDeployment();
-            } else {
+        SamlDeploymentContext deploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
+
+        if (deploymentContext == null) {
+            if (configResolverClass != null) {
                try {
-                    ResourceLoader loader = new ResourceLoader() {
-                        @Override
-                        public InputStream getResourceAsStream(String resource) {
-                            return servletContext.getResourceAsStream(resource);
-                        }
-                    };
-                    deployment = new DeploymentBuilder().build(is, loader);
-                } catch (ParsingException e) {
-                    throw new RuntimeException(e);
+                    throw new RuntimeException("Not implemented yet");
+                    //configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
+                    //deploymentContext = new AdapterDeploymentContext(configResolver);
+                    //log.info("Using " + configResolverClass + " to resolve Keycloak configuration on a per-request basis.");
+                } catch (Exception ex) {
+                    log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
+                    //deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
                }
+            } else {
+                InputStream is = getConfigInputStream(servletContext);
+                final SamlDeployment deployment;
+                if (is == null) {
+                    log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
+                    deployment = new DefaultSamlDeployment();
+                } else {
+                    try {
+                        ResourceLoader loader = new ResourceLoader() {
+                            @Override
+                            public InputStream getResourceAsStream(String resource) {
+                                return servletContext.getResourceAsStream(resource);
+                            }
+                        };
+                        deployment = new DeploymentBuilder().build(is, loader);
+                    } catch (ParsingException e) {
+                        throw new RuntimeException(e);
+                    }
+                }
+                deploymentContext = new SamlDeploymentContext(deployment);
+                log.debug("Keycloak is using a per-deployment configuration.");
            }
-            deploymentContext = new SamlDeploymentContext(deployment);
-            servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
-            log.debug("Keycloak is using a per-deployment configuration.");
        }
+
+        servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
    }

    @Override
--- a/adapters/saml/wildfly/wildfly-subsystem/pom.xml
+++ b/adapters/saml/wildfly/wildfly-subsystem/pom.xml
@ -101,5 +101,10 @@
            <artifactId>keycloak-saml-wildfly-adapter</artifactId>
            <version>${project.version}</version>
        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-saml-wildfly-elytron-adapter</artifactId>
+            <version>${project.version}</version>
+        </dependency>
    </dependencies>
 </project>
--- a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java
@ -25,10 +25,12 @@ import org.jboss.as.web.common.WarMetaData;
 import org.jboss.dmr.ModelNode;
 import org.jboss.metadata.javaee.spec.ParamValueMetaData;
 import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.metadata.web.spec.ListenerMetaData;
 import org.jboss.metadata.web.spec.LoginConfigMetaData;
 import org.jboss.staxmapper.FormattingXMLStreamWriter;
 import org.jboss.staxmapper.XMLExtendedStreamWriter;
 import org.keycloak.adapters.saml.AdapterConstants;
+import org.keycloak.adapters.saml.elytron.KeycloakConfigurationServletListener;
 import org.keycloak.subsystem.adapter.saml.extension.logging.KeycloakLogger;

 import javax.xml.stream.XMLOutputFactory;
@ -52,6 +54,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
        if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) != null) {
            addKeycloakSamlAuthData(phaseContext);
        }
+
+        addConfigurationListener(deploymentUnit);
    }

    private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
@ -124,4 +128,30 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
    public void undeploy(DeploymentUnit du) {

    }
+
+    private void addConfigurationListener(DeploymentUnit deploymentUnit) {
+        WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
+        if (warMetaData == null) {
+            return;
+        }
+
+        JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
+        if (webMetaData == null) {
+            webMetaData = new JBossWebMetaData();
+            warMetaData.setMergedJBossWebMetaData(webMetaData);
+        }
+
+        LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
+        if (loginConfig == null) {
+            return;
+        }
+        if (!loginConfig.getAuthMethod().equals("KEYCLOAK-SAML")) {
+            return;
+        }
+        ListenerMetaData listenerMetaData = new ListenerMetaData();
+
+        listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
+
+        webMetaData.getListeners().add(listenerMetaData);
+    }
 }
--- a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessorWildFly.java
+++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessorWildFly.java
@ -29,6 +29,7 @@ import org.jboss.modules.ModuleLoader;
 */
 public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProcessor {

+    private static final ModuleIdentifier KEYCLOAK_ELYTRON_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-wildfly-elytron-adapter");
    private static final ModuleIdentifier KEYCLOAK_WILDFLY_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-wildfly-adapter");
    private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-undertow-adapter");

@ -37,5 +38,6 @@ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProces
        // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
+        moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
    }
 }
--- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-subsystem/main/module.xml
+++ b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-subsystem/main/module.xml
@ -41,5 +41,6 @@
        <module name="org.jboss.metadata"/>
        <module name="org.apache.httpcomponents"/>
        <module name="org.infinispan.cachestore.remote"/>
+        <module name="org.keycloak.keycloak-saml-wildfly-elytron-adapter"/>
    </dependencies>
 </module>