[KEYCLOAK-11784] - Quarkus Keycloak Application
This commit is contained in:
Pedro Igor
Stian Thorgersen
parent
4b8c7dd7d7
commit
54db691b26
1 changed files with 392 additions and 0 deletions
|
|
@ -1,10 +1,402 @@
|
|||
package org.keycloak;
|
||||
|
||||
import javax.transaction.SystemException;
|
||||
import javax.transaction.Transaction;
|
||||
import javax.ws.rs.ApplicationPath;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.NoSuchElementException;
|
||||
import java.util.ServiceLoader;
|
||||
import java.util.Set;
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.common.util.Resteasy;
|
||||
import org.keycloak.config.ConfigProviderFactory;
|
||||
import org.keycloak.exportimport.ExportImportManager;
|
||||
import org.keycloak.migration.MigrationModelManager;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.KeycloakSessionTask;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.dblock.DBLockManager;
|
||||
import org.keycloak.models.dblock.DBLockProvider;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import org.keycloak.models.utils.PostMigrationEvent;
|
||||
import org.keycloak.models.utils.RepresentationToModel;
|
||||
import org.keycloak.platform.Platform;
|
||||
import org.keycloak.platform.PlatformProvider;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.DefaultKeycloakSessionFactory;
|
||||
import org.keycloak.services.ServicesLogger;
|
||||
import org.keycloak.services.error.KeycloakErrorHandler;
|
||||
import org.keycloak.services.filters.KeycloakSecurityHeadersFilter;
|
||||
import org.keycloak.services.filters.KeycloakTransactionCommitter;
|
||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.UserStorageSyncManager;
|
||||
import org.keycloak.services.resources.JsResource;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.RealmsResource;
|
||||
import org.keycloak.services.resources.RobotsResource;
|
||||
import org.keycloak.services.resources.ThemeResource;
|
||||
import org.keycloak.services.resources.WelcomeResource;
|
||||
import org.keycloak.services.resources.admin.AdminRoot;
|
||||
import org.keycloak.services.scheduled.ClearExpiredClientInitialAccessTokens;
|
||||
import org.keycloak.services.scheduled.ClearExpiredEvents;
|
||||
import org.keycloak.services.scheduled.ClearExpiredUserSessions;
|
||||
import org.keycloak.services.scheduled.ClusterAwareScheduledTaskRunner;
|
||||
import org.keycloak.services.scheduled.ScheduledTaskRunner;
|
||||
import org.keycloak.services.util.ObjectMapperResolver;
|
||||
import org.keycloak.timer.TimerProvider;
|
||||
import org.keycloak.transaction.JtaTransactionManagerLookup;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
@ApplicationPath("/")
|
||||
public class QuarkusKeycloakApplication extends KeycloakApplication {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(KeycloakApplication.class);
|
||||
|
||||
protected final PlatformProvider platform = Platform.getPlatform();
|
||||
|
||||
protected Set<Object> singletons = new HashSet<Object>();
|
||||
protected Set<Class<?>> classes = new HashSet<Class<?>>();
|
||||
|
||||
protected KeycloakSessionFactory sessionFactory;
|
||||
|
||||
public QuarkusKeycloakApplication() {
|
||||
|
||||
try {
|
||||
|
||||
logger.debugv("PlatformProvider: {0}", platform.getClass().getName());
|
||||
logger.debugv("RestEasy provider: {0}", Resteasy.getProvider().getClass().getName());
|
||||
|
||||
loadConfig();
|
||||
|
||||
Resteasy.pushDefaultContextObject(KeycloakApplication.class, this);
|
||||
Resteasy.pushContext(KeycloakApplication.class, this); // for injection
|
||||
|
||||
singletons.add(new RobotsResource());
|
||||
singletons.add(new RealmsResource());
|
||||
singletons.add(new AdminRoot());
|
||||
classes.add(ThemeResource.class);
|
||||
classes.add(JsResource.class);
|
||||
|
||||
classes.add(KeycloakSecurityHeadersFilter.class);
|
||||
classes.add(KeycloakTransactionCommitter.class);
|
||||
classes.add(KeycloakErrorHandler.class);
|
||||
|
||||
singletons.add(new ObjectMapperResolver(Boolean.parseBoolean(System.getProperty("keycloak.jsonPrettyPrint", "false"))));
|
||||
singletons.add(new WelcomeResource());
|
||||
|
||||
platform.onStartup(this::startup);
|
||||
platform.onShutdown(this::shutdown);
|
||||
|
||||
} catch (Throwable t) {
|
||||
platform.exit(t);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
protected void startup() {
|
||||
this.sessionFactory = createSessionFactory();
|
||||
|
||||
ExportImportManager[] exportImportManager = new ExportImportManager[1];
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() {
|
||||
|
||||
@Override
|
||||
public void run(KeycloakSession lockSession) {
|
||||
DBLockManager dbLockManager = new DBLockManager(lockSession);
|
||||
dbLockManager.checkForcedUnlock();
|
||||
DBLockProvider dbLock = dbLockManager.getDBLock();
|
||||
dbLock.waitForLock(DBLockProvider.Namespace.KEYCLOAK_BOOT);
|
||||
try {
|
||||
exportImportManager[0] = migrateAndBootstrap();
|
||||
} finally {
|
||||
dbLock.releaseLock();
|
||||
}
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
|
||||
if (exportImportManager[0].isRunExport()) {
|
||||
exportImportManager[0].runExport();
|
||||
}
|
||||
|
||||
KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() {
|
||||
|
||||
@Override
|
||||
public void run(KeycloakSession session) {
|
||||
boolean shouldBootstrapAdmin = new ApplianceBootstrap(session).isNoMasterUser();
|
||||
BOOTSTRAP_ADMIN_USER.set(shouldBootstrapAdmin);
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
sessionFactory.publish(new PostMigrationEvent());
|
||||
|
||||
setupScheduledTasks(sessionFactory);
|
||||
|
||||
}
|
||||
|
||||
protected void shutdown() {
|
||||
if (sessionFactory != null)
|
||||
sessionFactory.close();
|
||||
}
|
||||
|
||||
// Migrate model, bootstrap master realm, import realms and create admin user. This is done with acquired dbLock
|
||||
protected ExportImportManager migrateAndBootstrap() {
|
||||
ExportImportManager exportImportManager;
|
||||
logger.debug("Calling migrateModel");
|
||||
migrateModel();
|
||||
|
||||
logger.debug("bootstrap");
|
||||
KeycloakSession session = sessionFactory.create();
|
||||
try {
|
||||
session.getTransactionManager().begin();
|
||||
JtaTransactionManagerLookup lookup = (JtaTransactionManagerLookup) sessionFactory.getProviderFactory(JtaTransactionManagerLookup.class);
|
||||
if (lookup != null) {
|
||||
if (lookup.getTransactionManager() != null) {
|
||||
try {
|
||||
Transaction transaction = lookup.getTransactionManager().getTransaction();
|
||||
logger.debugv("bootstrap current transaction? {0}", transaction != null);
|
||||
if (transaction != null) {
|
||||
logger.debugv("bootstrap current transaction status? {0}", transaction.getStatus());
|
||||
}
|
||||
} catch (SystemException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
ApplianceBootstrap applianceBootstrap = new ApplianceBootstrap(session);
|
||||
exportImportManager = new ExportImportManager(session);
|
||||
|
||||
boolean createMasterRealm = applianceBootstrap.isNewInstall();
|
||||
if (exportImportManager.isRunImport() && exportImportManager.isImportMasterIncluded()) {
|
||||
createMasterRealm = false;
|
||||
}
|
||||
|
||||
if (createMasterRealm) {
|
||||
applianceBootstrap.createMasterRealm();
|
||||
}
|
||||
session.getTransactionManager().commit();
|
||||
} catch (RuntimeException re) {
|
||||
if (session.getTransactionManager().isActive()) {
|
||||
session.getTransactionManager().rollback();
|
||||
}
|
||||
throw re;
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
|
||||
if (exportImportManager.isRunImport()) {
|
||||
exportImportManager.runImport();
|
||||
} else {
|
||||
importRealms();
|
||||
}
|
||||
|
||||
importAddUser();
|
||||
|
||||
return exportImportManager;
|
||||
}
|
||||
|
||||
|
||||
protected void migrateModel() {
|
||||
KeycloakSession session = sessionFactory.create();
|
||||
try {
|
||||
session.getTransactionManager().begin();
|
||||
MigrationModelManager.migrate(session);
|
||||
session.getTransactionManager().commit();
|
||||
} catch (Exception e) {
|
||||
session.getTransactionManager().rollback();
|
||||
throw e;
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
}
|
||||
|
||||
protected void loadConfig() {
|
||||
|
||||
ServiceLoader<ConfigProviderFactory> loader = ServiceLoader.load(ConfigProviderFactory.class, KeycloakApplication.class.getClassLoader());
|
||||
|
||||
try {
|
||||
ConfigProviderFactory factory = loader.iterator().next();
|
||||
logger.debugv("ConfigProvider: {0}", factory.getClass().getName());
|
||||
Config.init(factory.create().orElseThrow(() -> new RuntimeException("Failed to load Keycloak configuration")));
|
||||
} catch (NoSuchElementException e) {
|
||||
throw new RuntimeException("No valid ConfigProvider found");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public static KeycloakSessionFactory createSessionFactory() {
|
||||
DefaultKeycloakSessionFactory factory = new DefaultKeycloakSessionFactory();
|
||||
factory.init();
|
||||
return factory;
|
||||
}
|
||||
|
||||
public static void setupScheduledTasks(final KeycloakSessionFactory sessionFactory) {
|
||||
long interval = Config.scope("scheduled").getLong("interval", 900L) * 1000;
|
||||
|
||||
KeycloakSession session = sessionFactory.create();
|
||||
try {
|
||||
TimerProvider timer = session.getProvider(TimerProvider.class);
|
||||
timer.schedule(new ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(), interval), interval, "ClearExpiredEvents");
|
||||
timer.schedule(new ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredClientInitialAccessTokens(), interval), interval, "ClearExpiredClientInitialAccessTokens");
|
||||
timer.schedule(new ScheduledTaskRunner(sessionFactory, new ClearExpiredUserSessions()), interval, ClearExpiredUserSessions.TASK_NAME);
|
||||
new UserStorageSyncManager().bootstrapPeriodic(sessionFactory, timer);
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
}
|
||||
|
||||
public KeycloakSessionFactory getSessionFactory() {
|
||||
return sessionFactory;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<Class<?>> getClasses() {
|
||||
return classes;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<Object> getSingletons() {
|
||||
return singletons;
|
||||
}
|
||||
|
||||
public void importRealms() {
|
||||
String files = System.getProperty("keycloak.import");
|
||||
if (files != null) {
|
||||
StringTokenizer tokenizer = new StringTokenizer(files, ",");
|
||||
while (tokenizer.hasMoreTokens()) {
|
||||
String file = tokenizer.nextToken().trim();
|
||||
RealmRepresentation rep;
|
||||
try {
|
||||
rep = loadJson(new FileInputStream(file), RealmRepresentation.class);
|
||||
} catch (FileNotFoundException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
importRealm(rep, "file " + file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void importRealm(RealmRepresentation rep, String from) {
|
||||
KeycloakSession session = sessionFactory.create();
|
||||
boolean exists = false;
|
||||
try {
|
||||
session.getTransactionManager().begin();
|
||||
|
||||
try {
|
||||
RealmManager manager = new RealmManager(session);
|
||||
|
||||
if (rep.getId() != null && manager.getRealm(rep.getId()) != null) {
|
||||
ServicesLogger.LOGGER.realmExists(rep.getRealm(), from);
|
||||
exists = true;
|
||||
}
|
||||
|
||||
if (manager.getRealmByName(rep.getRealm()) != null) {
|
||||
ServicesLogger.LOGGER.realmExists(rep.getRealm(), from);
|
||||
exists = true;
|
||||
}
|
||||
if (!exists) {
|
||||
RealmModel realm = manager.importRealm(rep);
|
||||
ServicesLogger.LOGGER.importedRealm(realm.getName(), from);
|
||||
}
|
||||
session.getTransactionManager().commit();
|
||||
} catch (Throwable t) {
|
||||
session.getTransactionManager().rollback();
|
||||
if (!exists) {
|
||||
ServicesLogger.LOGGER.unableToImportRealm(t, rep.getRealm(), from);
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
}
|
||||
|
||||
public void importAddUser() {
|
||||
String configDir = System.getProperty("jboss.server.config.dir");
|
||||
if (configDir != null) {
|
||||
File addUserFile = new File(configDir + File.separator + "keycloak-add-user.json");
|
||||
if (addUserFile.isFile()) {
|
||||
ServicesLogger.LOGGER.imprtingUsersFrom(addUserFile);
|
||||
|
||||
List<RealmRepresentation> realms;
|
||||
try {
|
||||
realms = JsonSerialization
|
||||
.readValue(new FileInputStream(addUserFile), new TypeReference<List<RealmRepresentation>>() {
|
||||
});
|
||||
} catch (IOException e) {
|
||||
ServicesLogger.LOGGER.failedToLoadUsers(e);
|
||||
return;
|
||||
}
|
||||
|
||||
for (RealmRepresentation realmRep : realms) {
|
||||
for (UserRepresentation userRep : realmRep.getUsers()) {
|
||||
KeycloakSession session = sessionFactory.create();
|
||||
|
||||
try {
|
||||
session.getTransactionManager().begin();
|
||||
RealmModel realm = session.realms().getRealmByName(realmRep.getRealm());
|
||||
|
||||
if (realm == null) {
|
||||
ServicesLogger.LOGGER.addUserFailedRealmNotFound(userRep.getUsername(), realmRep.getRealm());
|
||||
}
|
||||
|
||||
UserProvider users = session.users();
|
||||
|
||||
if (users.getUserByUsername(userRep.getUsername(), realm) != null) {
|
||||
ServicesLogger.LOGGER.notCreatingExistingUser(userRep.getUsername());
|
||||
} else {
|
||||
UserModel user = users.addUser(realm, userRep.getUsername());
|
||||
user.setEnabled(userRep.isEnabled());
|
||||
RepresentationToModel.createCredentials(userRep, session, realm, user, false);
|
||||
RepresentationToModel.createRoleMappings(userRep, user, realm);
|
||||
ServicesLogger.LOGGER.addUserSuccess(userRep.getUsername(), realmRep.getRealm());
|
||||
}
|
||||
|
||||
session.getTransactionManager().commit();
|
||||
} catch (ModelDuplicateException e) {
|
||||
session.getTransactionManager().rollback();
|
||||
ServicesLogger.LOGGER.addUserFailedUserExists(userRep.getUsername(), realmRep.getRealm());
|
||||
} catch (Throwable t) {
|
||||
session.getTransactionManager().rollback();
|
||||
ServicesLogger.LOGGER.addUserFailed(t, userRep.getUsername(), realmRep.getRealm());
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!addUserFile.delete()) {
|
||||
ServicesLogger.LOGGER.failedToDeleteFile(addUserFile.getAbsolutePath());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static <T> T loadJson(InputStream is, Class<T> type) {
|
||||
try {
|
||||
return JsonSerialization.readValue(is, type);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException("Failed to parse json", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue