libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2015-07-20 12:21:57 -04:00
commit 548c0db0ae
21 changed files with 773 additions and 686 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.travis.yml
View file

@ -1,5 +1,8 @@
language: java
jdk:
- oraclejdk8
cache:
directories:
- $HOME/.m2
@ -7,4 +10,10 @@ cache:
before_cache:
- rm -rf $HOME/.m2/repository/org/keycloak
install: mvn install -Pdistribution -DskipTests=true -B -V
script:
- mvn test -B
- mvn -file testsuite/integration-arquillian test -B
sudo: false

6
distribution/adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
View file

@ -27,4 +27,10 @@
<outputDirectory>modules</outputDirectory>
</fileSet>
</fileSets>
<files>
<file>
<source>../../shared-cli/adapter-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

6
distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
View file

@ -27,4 +27,10 @@
<outputDirectory>modules/system/layers/base</outputDirectory>
</fileSet>
</fileSets>
<files>
<file>
<source>../../shared-cli/adapter-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

4
distribution/adapters/shared-cli/adapter-install.cli Normal file
View file

@ -0,0 +1,4 @@
/subsystem=security/security-domain=keycloak/:add
/subsystem=security/security-domain=keycloak/authentication=classic/:add(login-modules=[{ "code" => "org.keycloak.adapters.jboss.KeycloakLoginModule","flag" => "required"}])
/extension=org.keycloak.keycloak-adapter-subsystem/:add(module=org.keycloak.keycloak-adapter-subsystem)
/subsystem=keycloak:add

6
distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
View file

@ -28,4 +28,10 @@
<outputDirectory>modules/system/layers/base</outputDirectory>
</fileSet>
</fileSets>
<files>
<file>
<source>../../shared-cli/adapter-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

6
distribution/adapters/wf9-adapter/wf9-adapter-zip/assembly.xml
View file

@ -27,4 +27,10 @@
<outputDirectory>modules/system/layers/base</outputDirectory>
</fileSet>
</fileSets>
<files>
<file>
<source>../../shared-cli/adapter-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

8
distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
View file

@ -40,6 +40,14 @@
<source>src/main/providers/README.txt</source>
<outputDirectory>standalone/configuration/providers</outputDirectory>
</file>
<file>
<source>cli/keycloak-prepare.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>cli/keycloak-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

2
distribution/server-overlay/eap6/eap6-server-overlay/cli/keycloak-install.cli Normal file
View file

@ -0,0 +1,2 @@
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
/subsystem=keycloak-server:add(web-context=auth)

2
distribution/server-overlay/eap6/eap6-server-overlay/cli/keycloak-prepare.cli Normal file
View file

@ -0,0 +1,2 @@
/subsystem=datasources/data-source=KeycloakDS/:add(connection-url="jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE",driver-name=h2,jndi-name=java:jboss/datasources/KeycloakDS,password=sa,user-name=sa,use-java-context=true,enabled=true)
/subsystem=logging/logger=org.jboss.resteasy.resteasy_jaxrs.i18n/:add(level=ERROR)

16
distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
View file

@ -44,22 +44,6 @@
</xsl:copy>
</xsl:template>
<xsl:template match="//sec:security-domains">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-domain']"/>
<security-domain name="keycloak">
<authentication>
<login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
</authentication>
</security-domain>
<security-domain name="sp" cache-type="default">
<authentication>
<login-module code="org.picketlink.identity.federation.bindings.wildfly.SAML2LoginModule" flag="required"/>
</authentication>
</security-domain>
</xsl:copy>
</xsl:template>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $log)]">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>

4
distribution/server-overlay/wf9-server-overlay/assembly.xml
View file

@ -62,6 +62,10 @@
<source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/keycloak-server.json</source>
<outputDirectory>standalone/configuration</outputDirectory>
</file>
<file>
<source>cli/keycloak-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

3
distribution/server-overlay/wf9-server-overlay/cli/keycloak-install.cli Normal file
View file

@ -0,0 +1,3 @@
/subsystem=datasources/data-source=KeycloakDS/:add(connection-url="jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE",driver-name=h2,jndi-name=java:jboss/datasources/KeycloakDS,password=sa,user-name=sa,use-java-context=true)
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
/subsystem=keycloak-server:add(web-context=auth)

12
docbook/reference/en/en-US/modules/jboss-adapter.xml
View file

@ -48,6 +48,15 @@ $ unzip keycloak-as7-adapter-dist.zip
After adding the Keycloak modules, you must then enable the Keycloak Subsystem within your app server's server configuration:
<literal>domain.xml</literal> or <literal>standalone.xml</literal>.
</para>
<para>
There is a CLI script that will help you modify your server configuration. Start the server and run the script
from the server's bin directory:
<programlisting>
$ cd $JBOSS_HOME/bin
$ jboss-cli.sh -c --file=adapter-install.cli
</programlisting>
The script will add the extension, subsystem, and optional security-domain as described below.
</para>
<para>
<programlisting><![CDATA[
<server xmlns="urn:jboss:domain:1.4">
@ -65,8 +74,7 @@ $ unzip keycloak-as7-adapter-dist.zip
</programlisting>
</para>
<para>
Finally, you must specify a shared keycloak security domain.
This security domain should be used with EJBs and other components when you need the security context created
The keycloak security domain should be used with EJBs and other components when you need the security context created
in the secured web tier to be propagated to the EJBs (other EE component) you are invoking. Otherwise
this configuration is optional.
</para>

29
docbook/reference/en/en-US/modules/server-installation.xml
View file

@ -49,9 +49,9 @@
<literal>keycloak-overlay-&project.version;.zip</literal> or <literal>keycloak-overlay-&project.version;.tar.gz</literal>.
Once downloaded extract into the root directory of your WildFly installation. To start WildFly with Keycloak
run:
<programlisting>keycloak-&project.version;/bin/standalone.sh --server-config=standalone-keycloak.xml</programlisting>
<programlisting>&lt;WILDFLY_HOME&gt;/bin/standalone.sh --server-config=standalone-keycloak.xml</programlisting>
or:
<programlisting>keycloak-&project.version;/bin/standalone.bat --server-config=standalone-keycloak.xml</programlisting>
<programlisting>&lt;WILDFLY_HOME&gt;/bin/standalone.bat --server-config=standalone-keycloak.xml</programlisting>
</para>
<para>
Once the server is started log into the admin console at
@ -60,15 +60,9 @@
enter in a new password.
</para>
<para>
To add Keycloak to other sever configurations (standalone.xml, standalone-ha.xml, etc.) open
<literal>standalone/configuration/standalone-keycloak.xml</literal> and the configuration you want to add it
to, for example <literal>standalone/configuration/standalone.xml</literal>. From <literal>standalone-keycloak.xml</literal>
you need to copy 3 elements:
<itemizedlist>
<listitem><literal>&lt;extension module="org.keycloak.keycloak-server-subsystem"/&gt;</literal></listitem>
<listitem><literal>&lt;datasource jndi-name="java:jboss/datasources/KeycloakDS" ...&gt;</literal></listitem>
<listitem><literal>&lt;subsystem xmlns="urn:jboss:domain:keycloak-server:1.1" ...&gt;</literal></listitem>
</itemizedlist>
To add Keycloak to other sever configurations (standalone.xml, standalone-ha.xml, etc.) start the server with
the desired server-config. Then execute the following CLI script:
<programlisting>&lt;WILDFLY_HOME&gt;/bin/jboss-cli.sh -c --file=keycloak-install.cli</programlisting>
</para>
</section>
<section>
@ -76,6 +70,19 @@
<para>
Same procedure as WildFly 9.0.0.Final, but download <literal>keycloak-overlay-eap6-&project.version;.zip</literal> or <literal>keycloak-overlay-eap6-&project.version;.tar.gz</literal>.
</para>
<para>
However, for EAP, adding Keycloak to other sever configurations (standalone.xml, standalone-ha.xml, etc.) requires two CLI scripts. Start the server with
the desired server-config. Then execute the following CLI scripts with a restart in between:
<orderedlist>
<listitem>
<programlisting>&lt;EAP_HOME&gt;/bin/jboss-cli.sh -c --file=keycloak-prepare.cli</programlisting>
</listitem>
<listitem>Restart the server with the same server-config.</listitem>
<listitem>
<programlisting>&lt;EAP_HOME&gt;/bin/jboss-cli.sh -c --file=keycloak-install.cli</programlisting>
</listitem>
</orderedlist>
</para>
</section>
<section>
<title id="demo_install">Install Development Bundle</title>

28
integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/AdapterDeploymentContextBean.java
View file

@ -9,30 +9,48 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.io.Resource;
import java.io.InputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
/**
* Bean holding the {@link KeycloakDeployment} and {@link AdapterDeploymentContext} for this
* Spring application context. The Keycloak deployment is loaded from the required
* <code>WEB-INF/keycloak.json</code> file generated by Keycloak.
* <code>keycloak.json</code> resource file.
*
* @author <a href="mailto:srossillo@smartling.com">Scott Rossillo</a>
* @version $Revision: 1 $
*/
public class AdapterDeploymentContextBean implements ApplicationContextAware, InitializingBean {
private static final String KEYCLOAK_CONFIG_FILE = "keycloak.json";
private static final String KEYCLOAK_CONFIG_WEB_RESOURCE = "WEB-INF/" + KEYCLOAK_CONFIG_FILE;
private static final String KEYCLOAK_CONFIG_CLASSPATH_RESOURCE = "classpath:" + KEYCLOAK_CONFIG_FILE;
private ApplicationContext applicationContext;
private AdapterDeploymentContext deploymentContext;
private KeycloakDeployment deployment;
@Override
public void afterPropertiesSet() throws Exception {
Resource resource = applicationContext.getResource("WEB-INF/keycloak.json");
InputStream is = resource.getInputStream();
this.deployment = KeycloakDeploymentBuilder.build(is);
this.deployment = loadKeycloakDeployment();
this.deploymentContext = new AdapterDeploymentContext(deployment);
}
private KeycloakDeployment loadKeycloakDeployment() throws IOException {
Resource resource = applicationContext.getResource(KEYCLOAK_CONFIG_WEB_RESOURCE);
if (!resource.isReadable()) {
resource= applicationContext.getResource(KEYCLOAK_CONFIG_CLASSPATH_RESOURCE);
}
if (!resource.isReadable()) {
throw new FileNotFoundException(String.format("Unable to locate Keycloak from %s or %s", KEYCLOAK_CONFIG_WEB_RESOURCE, KEYCLOAK_CONFIG_CLASSPATH_RESOURCE));
}
return KeycloakDeploymentBuilder.build(resource.getInputStream());
}
/**
* Returns the Keycloak {@link AdapterDeploymentContext} for this application context.
*

2
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -623,6 +623,7 @@ public class LoginActionsService {
if (clientSession.getAction().equals(ClientSessionModel.Action.RECOVER_PASSWORD.name())) {
String actionCookieValue = getActionCookie();
if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
session.sessions().removeClientSession(realm, clientSession);
return session.getProvider(LoginFormsProvider.class)
.setSuccess(Messages.ACCOUNT_PASSWORD_UPDATED)
.createInfoPage();
@ -657,6 +658,7 @@ public class LoginActionsService {
String actionCookieValue = getActionCookie();
if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
session.sessions().removeClientSession(realm, clientSession);
return session.getProvider(LoginFormsProvider.class)
.setSuccess(Messages.EMAIL_VERIFIED)
.createInfoPage();

16
testsuite/integration/src/test/java/org/keycloak/testsuite/MailServer.java
View file

@ -5,6 +5,7 @@ import com.icegreen.greenmail.util.ServerSetup;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMessage.RecipientType;
import javax.mail.internet.MimeMultipart;
public class MailServer {
@ -22,9 +23,20 @@ public class MailServer {
if (greenMail.waitForIncomingEmail(Long.MAX_VALUE, c + 1)) {
MimeMessage message = greenMail.getReceivedMessages()[c++];
System.out.println("-------------------------------------------------------");
System.out.println("Received mail to " + message.getRecipients(RecipientType.TO)[0]);
System.out.println();
System.out.println(message.getContent());
if (message.getContent() instanceof MimeMultipart) {
MimeMultipart mimeMultipart = (MimeMultipart) message.getContent();
for (int i = 0; i < mimeMultipart.getCount(); i++) {
System.out.println("----");
System.out.println(mimeMultipart.getBodyPart(i).getContentType() + ":");
System.out.println();
System.out.println(mimeMultipart.getBodyPart(i).getContent());
}
} else {
System.out.println();
System.out.println(message.getContent());
}
System.out.println("-------------------------------------------------------");
}
}