[KEYCLOAK-18878] Register the subsystem parser for older versions of the OIDC adapter schemas

This commit is contained in:
Stefan Guilhen 2021-07-22 17:06:58 -03:00 committed by Hynek Mlnařík
parent 6436716514
commit 579302f396
6 changed files with 126 additions and 6 deletions

View file

@ -37,7 +37,9 @@ import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUB
public class KeycloakExtension implements Extension {
public static final String SUBSYSTEM_NAME = "keycloak";
public static final String NAMESPACE = "urn:jboss:domain:keycloak:1.2";
public static final String NAMESPACE_1_1 = "urn:jboss:domain:keycloak:1.1";
public static final String NAMESPACE_1_2 = "urn:jboss:domain:keycloak:1.2";
public static final String CURRENT_NAMESPACE = NAMESPACE_1_2;
private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
private static final String RESOURCE_NAME = KeycloakExtension.class.getPackage().getName() + ".LocalDescriptions";
@ -63,7 +65,8 @@ public class KeycloakExtension implements Extension {
*/
@Override
public void initializeParsers(final ExtensionParsingContext context) {
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE, PARSER);
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE_1_1, PARSER);
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE_1_2, PARSER);
}
/**

View file

@ -194,7 +194,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
*/
@Override
public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
context.startSubsystemElement(KeycloakExtension.NAMESPACE, false);
context.startSubsystemElement(KeycloakExtension.CURRENT_NAMESPACE, false);
writeRealms(writer, context);
writeSecureDeployments(writer, context);
writer.writeEndElement();

View file

@ -38,7 +38,9 @@ import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUB
public class KeycloakExtension implements Extension {
public static final String SUBSYSTEM_NAME = "keycloak";
public static final String NAMESPACE = "urn:jboss:domain:keycloak:1.2";
public static final String NAMESPACE_1_1 = "urn:jboss:domain:keycloak:1.1";
public static final String NAMESPACE_1_2 = "urn:jboss:domain:keycloak:1.2";
public static final String CURRENT_NAMESPACE = NAMESPACE_1_2;
private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
private static final String RESOURCE_NAME = KeycloakExtension.class.getPackage().getName() + ".LocalDescriptions";
@ -64,7 +66,8 @@ public class KeycloakExtension implements Extension {
*/
@Override
public void initializeParsers(final ExtensionParsingContext context) {
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE, PARSER);
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE_1_1, PARSER);
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE_1_2, PARSER);
}
/**

View file

@ -244,7 +244,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
*/
@Override
public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
context.startSubsystemElement(KeycloakExtension.NAMESPACE, false);
context.startSubsystemElement(KeycloakExtension.CURRENT_NAMESPACE, false);
writeRealms(writer, context);
writeSecureDeployments(writer, context);
writeSecureServers(writer, context);

View file

@ -21,6 +21,7 @@ import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
import org.jboss.as.subsystem.test.KernelServices;
import org.jboss.dmr.ModelNode;
import org.junit.Assert;
import org.junit.Test;
@ -115,6 +116,20 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
};
}
/**
* Checks if the subsystem is still capable of reading a configuration that uses version 1.1 of the schema.
*
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testSubsystem1_1() throws Exception {
KernelServices servicesA = super.createKernelServicesBuilder(createAdditionalInitialization())
.setSubsystemXml(readResource("keycloak-1.1.xml")).build();
Assert.assertTrue("Subsystem boot failed!", servicesA.isSuccessfulBoot());
ModelNode modelA = servicesA.readWholeModel();
super.validateModel(modelA);
}
/**
* Tests a subsystem configuration that contains a {@code redirect-rewrite-rule}, checking that the resulting JSON
* can be properly used to create an {@link AdapterConfig}.

View file

@ -0,0 +1,99 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<realm name="master">
<realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB</realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<truststore>truststore.jks</truststore>
<truststore-password>secret</truststore-password>
<ssl-required>EXTERNAL</ssl-required>
<confidential-port>443</confidential-port>
<allow-any-hostname>false</allow-any-hostname>
<disable-trust-manager>true</disable-trust-manager>
<connection-pool-size>20</connection-pool-size>
<enable-cors>true</enable-cors>
<client-keystore>keys.jks</client-keystore>
<client-keystore-password>secret</client-keystore-password>
<client-key-password>secret</client-key-password>
<cors-max-age>600</cors-max-age>
<cors-allowed-headers>X-Custom</cors-allowed-headers>
<cors-allowed-methods>PUT,POST,DELETE,GET</cors-allowed-methods>
<expose-token>false</expose-token>
<auth-server-url-for-backend-requests>http://127.0.0.2:8080/auth</auth-server-url-for-backend-requests>
<always-refresh-token>false</always-refresh-token>
<register-node-at-startup>true</register-node-at-startup>
<register-node-period>60</register-node-period>
<token-store>session</token-store>
<principal-attribute>sub</principal-attribute>
<proxy-url>http://localhost:9000</proxy-url>
</realm>
<realm name="jboss-infra">
<realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKoq+a9MgXepmsPJDmo45qswuChW9pWjanX68oIBuI4hGvhQxFHryCow230A+sr7tFdMQMt8f1l/ysmV/fYAuW29WaoY4kI4Ou1yYPuwywKSsxT6PooTs83hKyZ1h4LZMj5DkLGDDDyVRHob2WmPaYg9RGVRw3iGGsD/p+Yb+L/gnBYQnZZ7lYqmN7h36p5CkzzlgXQA1Ha8sQxL+rJNH8+sZm0vBrKsoII3Of7TqHGsm1RwFV3XCuGJ7S61AbjJMXL5DQgJl9Z5scvxGAyoRLKC294UgMnQdzyBTMPw2GybxkRKmiK2KjQKmcopmrJp/Bt6fBR6ZkGSs9qUlxGHgwIDAQAB</realm-public-key>
<auth-server-url>http://localhost:8180/auth</auth-server-url>
</realm>
<secure-deployment name="web-console">
<realm>master</realm>
<resource>web-console</resource>
<use-resource-role-mappings>true</use-resource-role-mappings>
<turn-off-change-session-id-on-login>false</turn-off-change-session-id-on-login>
<token-minimum-time-to-live>10</token-minimum-time-to-live>
<min-time-between-jwks-requests>20</min-time-between-jwks-requests>
<public-key-cache-ttl>3600</public-key-cache-ttl>
<realm-public-key>
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB
</realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<confidential-port>443</confidential-port>
<proxy-url>http://localhost:9000</proxy-url>
<verify-token-audience>true</verify-token-audience>
<credential name="secret">0aa31d98-e0aa-404c-b6e0-e771dba1e798</credential>
<redirect-rewrite-rule name="^/wsmaster/api/(.*)$">api/$1/</redirect-rewrite-rule>
</secure-deployment>
<secure-deployment name="http-endpoint">
<realm>master</realm>
<resource>http-endpoint</resource>
<use-resource-role-mappings>true</use-resource-role-mappings>
<adapter-state-cookie-path>/</adapter-state-cookie-path>
<realm-public-key>
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB
</realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<credential name="jwt">
<client-keystore-file>/tmp/keystore.jks</client-keystore-file>
</credential>
<redirect-rewrite-rule name="^/wsmaster/api/(.*)$">/api/$1/</redirect-rewrite-rule>
</secure-deployment>
<secure-deployment name="wildfly-management">
<realm>jboss-infra</realm>
<resource>wildfly-management</resource>
<bearer-only>true</bearer-only>
<ssl-required>EXTERNAL</ssl-required>
<principal-attribute>preferred_username</principal-attribute>
</secure-deployment>
<secure-server name="wildfly-console">
<realm>jboss-infra</realm>
<resource>wildfly-console</resource>
<public-client>true</public-client>
<adapter-state-cookie-path>/</adapter-state-cookie-path>
<ssl-required>EXTERNAL</ssl-required>
<confidential-port>443</confidential-port>
<proxy-url>http://localhost:9000</proxy-url>
</secure-server>
</subsystem>