Merge pull request #4650 from pedroigor/KEYCLOAK-4439

[KEYCLOAK-4439] - Fixing elytron adapter for standalone apps
This commit is contained in:
Pedro Igor 2017-11-08 22:10:25 -02:00 committed by GitHub
commit 5119dc3ad5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 100 additions and 59 deletions

View file

@ -50,27 +50,29 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
ServletContext servletContext = sce.getServletContext();
String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
KeycloakConfigResolver configResolver;
AdapterDeploymentContext deploymentContext;
AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) servletContext.getAttribute(AdapterDeploymentContext.class.getName());
if (configResolverClass != null) {
try {
configResolver = (KeycloakConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new AdapterDeploymentContext(configResolver);
} catch (Exception ex) {
deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
KeycloakDeployment deployment;
if (is == null) {
deployment = new KeycloakDeployment();
if (deploymentContext == null) {
if (configResolverClass != null) {
try {
configResolver = (KeycloakConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new AdapterDeploymentContext(configResolver);
} catch (Exception ex) {
deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
}
} else {
deployment = KeycloakDeploymentBuilder.build(is);
}
InputStream is = getConfigInputStream(servletContext);
deploymentContext = new AdapterDeploymentContext(deployment);
KeycloakDeployment deployment;
if (is == null) {
deployment = new KeycloakDeployment();
} else {
deployment = KeycloakDeploymentBuilder.build(is);
}
deploymentContext = new AdapterDeploymentContext(deployment);
}
}
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);

View file

@ -71,11 +71,10 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
if (service.isSecureDeployment(deploymentUnit) && service.isDeploymentConfigured(deploymentUnit)) {
addKeycloakAuthData(phaseContext, service);
} else if (service.isElytronEnabled(deploymentUnit)) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
addConfigurationListener(warMetaData);
}
addConfigurationListener(deploymentUnit);
// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
// todo notsure if we need this
@ -104,10 +103,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentUnit));
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
if (service.isElytronEnabled(deploymentUnit)) {
addConfigurationListener(warMetaData);
}
}
private void addJSONData(String json, WarMetaData warMetaData) {
@ -130,7 +125,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
webMetaData.setContextParams(contextParams);
}
private void addConfigurationListener(WarMetaData warMetaData) {
private void addConfigurationListener(DeploymentUnit deploymentUnit) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return;
}

View file

@ -103,9 +103,10 @@ class ElytronHttpFacade implements HttpFacade {
if (anonymousAuthorizationCallback.isAuthorized()) {
callbackHandler.handle(new Callback[]{AuthenticationCompleteCallback.SUCCEEDED, new SecurityIdentityCallback()});
request.authenticationComplete(response -> response.forward(getRequest().getRelativePath()));
} else {
request.noAuthenticationInProgress(response -> response.forward(getRequest().getRelativePath()));
}
request.authenticationComplete(response -> response.forward(getRequest().getRelativePath()));
} catch (Exception e) {
throw new RuntimeException("Unexpected error processing callbacks during logout.", e);
}

View file

@ -49,46 +49,50 @@ public class KeycloakConfigurationServletListener implements ServletContextListe
protected static Logger log = Logger.getLogger(KeycloakConfigurationServletListener.class);
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = AdapterDeploymentContext.class.getName() + ".elytron";
static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName() + ".elytron";
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContext servletContext = sce.getServletContext();
String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
SamlDeploymentContext deploymentContext = null;
if (configResolverClass != null) {
try {
throw new RuntimeException("Not implemented yet");
//configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
//deploymentContext = new AdapterDeploymentContext(configResolver);
//log.info("Using " + configResolverClass + " to resolve Keycloak configuration on a per-request basis.");
} catch (Exception ex) {
log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
//deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
final SamlDeployment deployment;
if (is == null) {
log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
SamlDeploymentContext deploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
if (deploymentContext == null) {
if (configResolverClass != null) {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
throw new RuntimeException("Not implemented yet");
//configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
//deploymentContext = new AdapterDeploymentContext(configResolver);
//log.info("Using " + configResolverClass + " to resolve Keycloak configuration on a per-request basis.");
} catch (Exception ex) {
log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
//deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
final SamlDeployment deployment;
if (is == null) {
log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.debug("Keycloak is using a per-deployment configuration.");
}
deploymentContext = new SamlDeploymentContext(deployment);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
log.debug("Keycloak is using a per-deployment configuration.");
}
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
}
@Override

View file

@ -101,5 +101,10 @@
<artifactId>keycloak-saml-wildfly-adapter</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-wildfly-elytron-adapter</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

View file

@ -25,10 +25,12 @@ import org.jboss.as.web.common.WarMetaData;
import org.jboss.dmr.ModelNode;
import org.jboss.metadata.javaee.spec.ParamValueMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.spec.ListenerMetaData;
import org.jboss.metadata.web.spec.LoginConfigMetaData;
import org.jboss.staxmapper.FormattingXMLStreamWriter;
import org.jboss.staxmapper.XMLExtendedStreamWriter;
import org.keycloak.adapters.saml.AdapterConstants;
import org.keycloak.adapters.saml.elytron.KeycloakConfigurationServletListener;
import org.keycloak.subsystem.adapter.saml.extension.logging.KeycloakLogger;
import javax.xml.stream.XMLOutputFactory;
@ -52,6 +54,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) != null) {
addKeycloakSamlAuthData(phaseContext);
}
addConfigurationListener(deploymentUnit);
}
private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
@ -124,4 +128,30 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
public void undeploy(DeploymentUnit du) {
}
private void addConfigurationListener(DeploymentUnit deploymentUnit) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return;
}
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
webMetaData = new JBossWebMetaData();
warMetaData.setMergedJBossWebMetaData(webMetaData);
}
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
if (loginConfig == null) {
return;
}
if (!loginConfig.getAuthMethod().equals("KEYCLOAK-SAML")) {
return;
}
ListenerMetaData listenerMetaData = new ListenerMetaData();
listenerMetaData.setListenerClass(KeycloakConfigurationServletListener.class.getName());
webMetaData.getListeners().add(listenerMetaData);
}
}

View file

@ -29,6 +29,7 @@ import org.jboss.modules.ModuleLoader;
*/
public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProcessor {
private static final ModuleIdentifier KEYCLOAK_ELYTRON_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-wildfly-elytron-adapter");
private static final ModuleIdentifier KEYCLOAK_WILDFLY_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-wildfly-adapter");
private static final ModuleIdentifier KEYCLOAK_UNDERTOW_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-undertow-adapter");
@ -37,5 +38,6 @@ public class KeycloakDependencyProcessorWildFly extends KeycloakDependencyProces
// ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_WILDFLY_ADAPTER, false, false, true, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_UNDERTOW_ADAPTER, false, false, false, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_ELYTRON_ADAPTER, true, false, false, false));
}
}

View file

@ -41,5 +41,6 @@
<module name="org.jboss.metadata"/>
<module name="org.apache.httpcomponents"/>
<module name="org.infinispan.cachestore.remote"/>
<module name="org.keycloak.keycloak-saml-wildfly-elytron-adapter"/>
</dependencies>
</module>