diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/HttpClientBuilder.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/HttpClientBuilder.java index 7270ae427e..5d91e985ee 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/HttpClientBuilder.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/HttpClientBuilder.java @@ -18,24 +18,34 @@ package org.keycloak.adapters; import org.apache.http.HttpHost; +import org.apache.http.auth.AuthSchemeProvider; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.Credentials; import org.apache.http.client.CookieStore; import org.apache.http.client.HttpClient; -import org.apache.http.conn.ClientConnectionManager; -import org.apache.http.conn.params.ConnRoutePNames; -import org.apache.http.conn.scheme.PlainSocketFactory; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.client.config.AuthSchemes; +import org.apache.http.client.config.CookieSpecs; +import org.apache.http.client.config.RequestConfig; +import org.apache.http.config.ConnectionConfig; +import org.apache.http.config.Registry; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.config.SocketConfig; +import org.apache.http.conn.HttpClientConnectionManager; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.socket.PlainConnectionSocketFactory; import org.apache.http.conn.ssl.AllowAllHostnameVerifier; import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.conn.ssl.StrictHostnameVerifier; import org.apache.http.conn.ssl.X509HostnameVerifier; import org.apache.http.cookie.Cookie; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.impl.conn.SingleClientConnManager; -import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; -import org.apache.http.params.BasicHttpParams; -import org.apache.http.params.HttpConnectionParams; +import org.apache.http.cookie.CookieSpecProvider; +import org.apache.http.impl.auth.SPNegoSchemeFactory; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CookieSpecRegistries; +import org.apache.http.impl.conn.BasicHttpClientConnectionManager; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.apache.http.impl.cookie.DefaultCookieSpecProvider; import org.keycloak.common.util.EnvUtil; import org.keycloak.common.util.KeystoreUtil; import org.keycloak.representations.adapters.config.AdapterHttpClientConfig; @@ -50,15 +60,15 @@ import javax.net.ssl.X509TrustManager; import java.io.IOException; import java.net.URI; import java.security.KeyStore; +import java.security.Principal; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.List; import java.util.concurrent.TimeUnit; -import org.apache.http.client.params.ClientPNames; -import org.apache.http.client.params.CookiePolicy; /** * Abstraction for creating HttpClients. Allows SSL configuration. @@ -67,6 +77,7 @@ import org.apache.http.client.params.CookiePolicy; * @version $Revision: 1 $ */ public class HttpClientBuilder { + public static enum HostnameVerificationPolicy { /** * Hostname verification is not done on the server's certificate @@ -118,7 +129,8 @@ public class HttpClientBuilder { protected long establishConnectionTimeout = -1; protected TimeUnit establishConnectionTimeoutUnits = TimeUnit.MILLISECONDS; protected HttpHost proxyHost; - + private SPNegoSchemeFactory spNegoSchemeFactory; + private boolean useSpNego; /** * Socket inactivity timeout @@ -240,6 +252,16 @@ public class HttpClientBuilder { } } + public HttpClientBuilder spNegoSchemeFactory(SPNegoSchemeFactory spnegoSchemeFactory) { + this.spNegoSchemeFactory = spnegoSchemeFactory; + return this; + } + + public HttpClientBuilder useSPNego(boolean useSpnego) { + this.useSpNego = useSpnego; + return this; + } + public HttpClient build() { X509HostnameVerifier verifier = null; if (this.verifier != null) verifier = new VerifierWrapper(this.verifier); @@ -257,7 +279,7 @@ public class HttpClientBuilder { } } try { - SSLSocketFactory sslsf = null; + ConnectionSocketFactory sslsf; SSLContext theContext = sslContext; if (disableTrustManager) { theContext = SSLContext.getInstance("SSL"); @@ -274,40 +296,85 @@ public class HttpClientBuilder { tlsContext.init(null, null, null); sslsf = new SniSSLSocketFactory(tlsContext, verifier); } - SchemeRegistry registry = new SchemeRegistry(); - registry.register( - new Scheme("http", 80, PlainSocketFactory.getSocketFactory())); - Scheme httpsScheme = new Scheme("https", 443, sslsf); - registry.register(httpsScheme); - ClientConnectionManager cm = null; + + RegistryBuilder sf = RegistryBuilder.create(); + + sf.register("http", PlainConnectionSocketFactory.getSocketFactory()); + sf.register("https", sslsf); + + HttpClientConnectionManager cm; + if (connectionPoolSize > 0) { - ThreadSafeClientConnManager tcm = new ThreadSafeClientConnManager(registry, connectionTTL, connectionTTLUnit); + PoolingHttpClientConnectionManager tcm = new PoolingHttpClientConnectionManager(sf.build()); tcm.setMaxTotal(connectionPoolSize); if (maxPooledPerRoute == 0) maxPooledPerRoute = connectionPoolSize; tcm.setDefaultMaxPerRoute(maxPooledPerRoute); cm = tcm; } else { - cm = new SingleClientConnManager(registry); + cm = new BasicHttpClientConnectionManager(sf.build()); } - BasicHttpParams params = new BasicHttpParams(); - params.setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY); + + SocketConfig.Builder socketConfig = SocketConfig.copy(SocketConfig.DEFAULT); + ConnectionConfig.Builder connConfig = ConnectionConfig.copy(ConnectionConfig.DEFAULT); + RequestConfig.Builder requestConfig = RequestConfig.copy(RequestConfig.DEFAULT); if (proxyHost != null) { - params.setParameter(ConnRoutePNames.DEFAULT_PROXY, proxyHost); + requestConfig.setProxy(new HttpHost(proxyHost)); } if (socketTimeout > -1) { - HttpConnectionParams.setSoTimeout(params, (int) socketTimeoutUnits.toMillis(socketTimeout)); + requestConfig.setSocketTimeout((int) socketTimeoutUnits.toMillis(socketTimeout)); } if (establishConnectionTimeout > -1) { - HttpConnectionParams.setConnectionTimeout(params, (int) establishConnectionTimeoutUnits.toMillis(establishConnectionTimeout)); + requestConfig.setConnectTimeout((int) establishConnectionTimeoutUnits.toMillis(establishConnectionTimeout)); + } + + Registry cookieSpecs = CookieSpecRegistries.createDefaultBuilder() + .register(CookieSpecs.DEFAULT, new DefaultCookieSpecProvider()).build(); + + if (useSpNego) { + requestConfig.setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.SPNEGO)); + } + + org.apache.http.impl.client.HttpClientBuilder clientBuilder = org.apache.http.impl.client.HttpClientBuilder.create() + .setDefaultSocketConfig(socketConfig.build()) + .setDefaultConnectionConfig(connConfig.build()) + .setDefaultRequestConfig(requestConfig.build()) + .setDefaultCookieSpecRegistry(cookieSpecs) + .setConnectionManager(cm); + + if (spNegoSchemeFactory != null) { + RegistryBuilder authSchemes = RegistryBuilder.create(); + + authSchemes.register(AuthSchemes.SPNEGO, spNegoSchemeFactory); + + clientBuilder.setDefaultAuthSchemeRegistry(authSchemes.build()); + } + + if (useSpNego) { + Credentials fake = new Credentials() { + + @Override + public String getPassword() { + return null; + } + + @Override + public Principal getUserPrincipal() { + return null; + } + + }; + + BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials(AuthScope.ANY, fake); + clientBuilder.setDefaultCredentialsProvider(credentialsProvider); } - DefaultHttpClient client = new DefaultHttpClient(cm, params); if (disableCookieCache) { - client.setCookieStore(new CookieStore() { + clientBuilder.setDefaultCookieStore(new CookieStore() { @Override public void addCookie(Cookie cookie) { //To change body of implemented methods use File | Settings | File Templates. @@ -330,7 +397,7 @@ public class HttpClientBuilder { }); } - return client; + return clientBuilder.build(); } catch (Exception e) { throw new RuntimeException(e); } diff --git a/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java b/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java index 851b008163..b7fac2ee45 100644 --- a/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java +++ b/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java @@ -18,6 +18,8 @@ package org.keycloak.adapters; import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.Configurable; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; import org.apache.http.params.CoreConnectionPNames; import org.hamcrest.CoreMatchers; @@ -37,6 +39,9 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; +import java.lang.reflect.Field; +import java.util.Optional; + /** * @author Stian Thorgersen * @author Brad Culley @@ -69,7 +74,22 @@ public class KeycloakDeploymentBuilderTest { assertFalse(deployment.isOAuthQueryParameterEnabled()); assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret")); assertEquals(ClientIdAndSecretCredentialsProvider.PROVIDER_ID, deployment.getClientAuthenticator().getId()); - assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal()); + HttpClient client = deployment.getClient(); + int maxPoolConnections = -1; + Field connManager = null; + + try { + connManager = client.getClass().getDeclaredField("connManager"); + connManager.setAccessible(true); + maxPoolConnections = ((PoolingHttpClientConnectionManager) connManager.get(client)).getMaxTotal(); + } catch (Exception cause) { + throw new RuntimeException("Failed to get max pool connections", cause); + } finally { + connManager.setAccessible(false); + } + + + assertEquals(20, maxPoolConnections); assertEquals(RelativeUrlsUsed.NEVER, deployment.getRelativeUrls()); assertTrue(deployment.isAlwaysRefreshToken()); assertTrue(deployment.isRegisterNodeAtStartup()); @@ -113,8 +133,8 @@ public class KeycloakDeploymentBuilderTest { HttpClient client = deployment.getClient(); assertThat(client, CoreMatchers.notNullValue()); - long socketTimeout = client.getParams().getIntParameter(CoreConnectionPNames.SO_TIMEOUT, -2); - long connectionTimeout = client.getParams().getIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, -2); + long socketTimeout = ((Configurable) client).getConfig().getSocketTimeout(); + long connectionTimeout = ((Configurable) client).getConfig().getConnectTimeout(); assertThat(socketTimeout, CoreMatchers.is(2000L)); assertThat(connectionTimeout, CoreMatchers.is(6000L)); diff --git a/adapters/oidc/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java b/adapters/oidc/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java index 6b2be22202..3a49fca4ec 100644 --- a/adapters/oidc/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java +++ b/adapters/oidc/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java @@ -567,10 +567,11 @@ public class KeycloakInstalled { } protected ResteasyClient createResteasyClient() { - return new ResteasyClientBuilder() + return ((ResteasyClientBuilder) ResteasyClientBuilder.newBuilder()) .connectionCheckoutTimeout(1, TimeUnit.HOURS) .connectionTTL(1, TimeUnit.HOURS) - .socketTimeout(1, TimeUnit.HOURS) + .connectTimeout(1, TimeUnit.HOURS) + .readTimeout(1, TimeUnit.HOURS) .disableTrustManager().build(); } diff --git a/examples/cors/database-service/pom.xml b/examples/cors/database-service/pom.xml index fa307c05fa..c28833ec50 100755 --- a/examples/cors/database-service/pom.xml +++ b/examples/cors/database-service/pom.xml @@ -35,7 +35,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml index af29f5bd0c..233ebbb7f6 100755 --- a/federation/ldap/pom.xml +++ b/federation/ldap/pom.xml @@ -57,7 +57,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/integration/client-cli/admin-cli/pom.xml b/integration/client-cli/admin-cli/pom.xml index ad1910d9a8..d5d11a2287 100755 --- a/integration/client-cli/admin-cli/pom.xml +++ b/integration/client-cli/admin-cli/pom.xml @@ -135,7 +135,7 @@ - org.jboss.resteasy:resteasy-jaxrs + org.jboss.resteasy:resteasy-core **/** diff --git a/integration/client-cli/admin-cli/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers b/integration/client-cli/admin-cli/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers deleted file mode 100644 index bc2a259057..0000000000 --- a/integration/client-cli/admin-cli/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers +++ /dev/null @@ -1,23 +0,0 @@ -org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider -org.jboss.resteasy.plugins.providers.DataSourceProvider -org.jboss.resteasy.plugins.providers.DocumentProvider -org.jboss.resteasy.plugins.providers.DefaultTextPlain -org.jboss.resteasy.plugins.providers.StringTextStar -org.jboss.resteasy.plugins.providers.SourceProvider -org.jboss.resteasy.plugins.providers.InputStreamProvider -org.jboss.resteasy.plugins.providers.ReaderProvider -org.jboss.resteasy.plugins.providers.ByteArrayProvider -org.jboss.resteasy.plugins.providers.FormUrlEncodedProvider -org.jboss.resteasy.plugins.providers.JaxrsFormProvider -org.jboss.resteasy.plugins.providers.FileProvider -org.jboss.resteasy.plugins.providers.FileRangeWriter -org.jboss.resteasy.plugins.providers.StreamingOutputProvider -org.jboss.resteasy.plugins.providers.IIOImageProvider -org.jboss.resteasy.plugins.providers.SerializableProvider -org.jboss.resteasy.plugins.interceptors.CacheControlFeature -org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor -org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPFilter -org.jboss.resteasy.plugins.interceptors.encoding.ClientContentEncodingAnnotationFeature -org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor -org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor -org.jboss.resteasy.plugins.interceptors.encoding.ServerContentEncodingAnnotationFeature diff --git a/model/jpa/pom.xml b/model/jpa/pom.xml index 95aac2f80c..8090e84d3e 100755 --- a/model/jpa/pom.xml +++ b/model/jpa/pom.xml @@ -90,7 +90,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/model/legacy-private/pom.xml b/model/legacy-private/pom.xml index b45bc1df21..17a51eb061 100644 --- a/model/legacy-private/pom.xml +++ b/model/legacy-private/pom.xml @@ -36,7 +36,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/model/map/pom.xml b/model/map/pom.xml index 3fc65b1efd..cabf124c13 100644 --- a/model/map/pom.xml +++ b/model/map/pom.xml @@ -64,7 +64,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/pom.xml b/pom.xml index ae3ac3b1e9..d17acea669 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ 2.0.1.Final 2.0.0.Final 1.2.17 - 3.15.1.Final + 4.7.4.Final ${resteasy.version} 20211018.2 1.7.30 @@ -400,7 +400,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core ${resteasy.version} diff --git a/server-spi-private/pom.xml b/server-spi-private/pom.xml index 79b10acfa6..9653012d2b 100755 --- a/server-spi-private/pom.xml +++ b/server-spi-private/pom.xml @@ -43,7 +43,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/server-spi/pom.xml b/server-spi/pom.xml index d0cac88eee..9418a684ac 100755 --- a/server-spi/pom.xml +++ b/server-spi/pom.xml @@ -38,7 +38,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/server-spi/src/main/java/org/keycloak/models/KeycloakUriInfo.java b/server-spi/src/main/java/org/keycloak/models/KeycloakUriInfo.java index 56e4993060..6f6cd6179f 100644 --- a/server-spi/src/main/java/org/keycloak/models/KeycloakUriInfo.java +++ b/server-spi/src/main/java/org/keycloak/models/KeycloakUriInfo.java @@ -16,7 +16,7 @@ */ package org.keycloak.models; -import org.jboss.resteasy.specimpl.ResteasyUriBuilder; +import org.jboss.resteasy.spi.ResteasyUriBuilder; import org.keycloak.urls.HostnameProvider; import org.keycloak.urls.UrlType; diff --git a/services/pom.xml b/services/pom.xml index dd1d8cd6ec..01a2e2a0d8 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -107,7 +107,12 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core + provided + + + org.apache.httpcomponents + httpclient provided diff --git a/testsuite/db-allocator-plugin/src/main/java/org/keycloak/testsuite/dballocator/client/DBAllocatorServiceClient.java b/testsuite/db-allocator-plugin/src/main/java/org/keycloak/testsuite/dballocator/client/DBAllocatorServiceClient.java index 1c5cabd17b..48ae74cc1d 100644 --- a/testsuite/db-allocator-plugin/src/main/java/org/keycloak/testsuite/dballocator/client/DBAllocatorServiceClient.java +++ b/testsuite/db-allocator-plugin/src/main/java/org/keycloak/testsuite/dballocator/client/DBAllocatorServiceClient.java @@ -37,7 +37,7 @@ public class DBAllocatorServiceClient { this.allocatorServletURI = URI.create(allocatorServletURI); this.retryPolicy = retryPolicy != null ? retryPolicy : new IncrementalBackoffRetryPolicy(); - this.restClient = new ResteasyClientBuilder().httpEngine(createEngine()).build(); + this.restClient = ((ResteasyClientBuilder) ResteasyClientBuilder.newBuilder()).httpEngine(createEngine()).build(); } private final ApacheHttpClient43Engine createEngine() { diff --git a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml index f106ff8f7b..aa607add69 100644 --- a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml @@ -57,7 +57,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core org.jboss.resteasy diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml index 4962cde6a6..752ea5f6e6 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml @@ -120,12 +120,7 @@ org.jboss.resteasy - resteasy-jaxrs - ${tomcat.resteasy.version} - - - org.jboss.resteasy - resteasy-servlet-initializer + resteasy-core ${tomcat.resteasy.version} diff --git a/testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/UndertowAppServer.java b/testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/UndertowAppServer.java index 2c54684116..5aca1a4c4b 100644 --- a/testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/UndertowAppServer.java +++ b/testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/UndertowAppServer.java @@ -49,6 +49,7 @@ import org.jboss.arquillian.container.spi.client.protocol.metadata.HTTPContext; import org.jboss.arquillian.container.spi.client.protocol.metadata.ProtocolMetaData; import org.jboss.arquillian.container.spi.client.protocol.metadata.Servlet; import org.jboss.logging.Logger; +import org.jboss.resteasy.core.ResteasyDeploymentImpl; import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer; import org.jboss.resteasy.spi.ResteasyDeployment; import org.jboss.shrinkwrap.api.Archive; @@ -139,7 +140,7 @@ public class UndertowAppServer implements DeployableContainer clazz.isAnnotationPresent(Path.class)) .collect(Collectors.toSet()); - ResteasyDeployment deployment = new ResteasyDeployment(); + ResteasyDeployment deployment = new ResteasyDeploymentImpl(); deployment.setApplication(new RestSamlApplicationConfig(classes)); return deployment; } diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml b/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml index 7e5a79e6fc..4d68e0b700 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml @@ -52,7 +52,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java index 06fc109890..bc4faefeb9 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java @@ -38,6 +38,7 @@ import org.jboss.arquillian.container.spi.client.protocol.metadata.HTTPContext; import org.jboss.arquillian.container.spi.client.protocol.metadata.ProtocolMetaData; import org.jboss.arquillian.container.spi.client.protocol.metadata.Servlet; import org.jboss.logging.Logger; +import org.jboss.resteasy.core.ResteasyDeploymentImpl; import org.jboss.resteasy.plugins.server.servlet.ResteasyContextParameters; import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer; import org.jboss.resteasy.spi.ResteasyDeployment; @@ -81,19 +82,17 @@ public class KeycloakOnUndertow implements DeployableContainer deployedArchivesToContextPath = new ConcurrentHashMap<>(); private DeploymentInfo createAuthServerDeploymentInfo() { - ResteasyDeployment deployment = new ResteasyDeployment(); + ResteasyDeployment deployment = new ResteasyDeploymentImpl(); deployment.setApplicationClass(KeycloakApplication.class.getName()); // RESTEASY-2034 deployment.setProperty(ResteasyContextParameters.RESTEASY_DISABLE_HTML_SANITIZER, true); - // Prevent double gzip encoding of resources - deployment.getDisabledProviderClasses().add("org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor"); - DeploymentInfo di = undertow.undertowDeployment(deployment); di.setClassLoader(getClass().getClassLoader()); di.setContextPath("/auth"); di.setDeploymentName("Keycloak"); + di.setDefaultEncoding("UTF-8"); if (configuration.getKeycloakConfigPropertyOverridesMap() != null) { try { di.addInitParameter(JsonConfigProviderFactory.SERVER_CONTEXT_CONFIG_PROPERTY_OVERRIDES, diff --git a/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml b/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml index 3e1c4d7917..1025c157ec 100755 --- a/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml +++ b/testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml @@ -34,7 +34,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core provided diff --git a/testsuite/integration-arquillian/test-apps/servlets/pom.xml b/testsuite/integration-arquillian/test-apps/servlets/pom.xml index a7e8deb541..aeedaa798f 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/pom.xml +++ b/testsuite/integration-arquillian/test-apps/servlets/pom.xml @@ -16,6 +16,9 @@ org.jboss.spec.javax.servlet jboss-servlet-api_3.0_spec + + provided junit @@ -44,7 +47,11 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core + + + org.apache.httpcomponents + httpclient org.keycloak diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java index 2dff1203d6..a4f998919d 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java @@ -45,7 +45,7 @@ public class KeycloakTestingClient implements AutoCloseable { if (resteasyClient != null) { client = resteasyClient; } else { - ResteasyClientBuilder resteasyClientBuilder = new ResteasyClientBuilder(); + ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder(); resteasyClientBuilder.connectionPoolSize(10); if (serverUrl.startsWith("https")) { // Disable PKIX path validation errors when running tests using SSL diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java index 54385efa1a..1b98e1a1bf 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java @@ -35,16 +35,15 @@ import org.apache.http.conn.HttpClientConnectionManager; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContexts; import org.jboss.resteasy.client.jaxrs.ClientHttpEngine; -import org.jboss.resteasy.client.jaxrs.ClientHttpEngineBuilder43; import org.jboss.resteasy.client.jaxrs.ResteasyClient; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; +import org.jboss.resteasy.client.jaxrs.engines.ClientHttpEngineBuilder43; import org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider; import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.models.Constants; -import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine; import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN; import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; import static org.keycloak.testsuite.utils.io.IOUtil.PROJECT_BUILD_DIRECTORY; @@ -117,7 +116,7 @@ public class AdminClientUtil { } public static ResteasyClient createResteasyClient(boolean ignoreUnknownProperties, Boolean followRedirects) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { - ResteasyClientBuilder resteasyClientBuilder = new ResteasyClientBuilder(); + ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder(); if ("true".equals(System.getProperty("auth.server.ssl.required"))) { File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore"); @@ -187,7 +186,7 @@ public class AdminClientUtil { engine = super.createEngine(cm, rcBuilder, defaultProxy, responseBufferSize, verifier, theContext); } if (followRedirects != null) { - ((ApacheHttpClient4Engine) engine).setFollowRedirects(followRedirects); + engine.setFollowRedirects(followRedirects); } return engine; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java index 868f32e994..aaa428a89a 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java @@ -280,7 +280,7 @@ public class ImpersonationTest extends AbstractKeycloakTest { // Return the SSO cookie from the impersonated session protected Set testSuccessfulImpersonation(String admin, String adminRealm) { - ResteasyClientBuilder resteasyClientBuilder = new ResteasyClientBuilder(); + ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder(); resteasyClientBuilder.connectionPoolSize(10); resteasyClientBuilder.httpEngine(AdminClientUtil.getCustomClientHttpEngine(resteasyClientBuilder, 10, null)); ResteasyClient resteasyClient = resteasyClientBuilder.build(); @@ -392,7 +392,7 @@ public class ImpersonationTest extends AbstractKeycloakTest { // Return the SSO cookie from the impersonated session protected Set testSuccessfulServiceAccountImpersonation(UserRepresentation serviceAccount, String serviceAccountRealm) { - ResteasyClientBuilder resteasyClientBuilder = new ResteasyClientBuilder(); + ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder(); resteasyClientBuilder.connectionPoolSize(10); resteasyClientBuilder.httpEngine(AdminClientUtil.getCustomClientHttpEngine(resteasyClientBuilder, 10, null)); ResteasyClient resteasyClient = resteasyClientBuilder.build(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java index 0956865944..a78fc7e7eb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java @@ -21,7 +21,6 @@ import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; import java.net.URI; -import java.security.Principal; import java.util.Hashtable; import java.util.List; import java.util.Map; @@ -35,16 +34,13 @@ import javax.naming.directory.InitialDirContext; import javax.security.sasl.Sasl; import javax.ws.rs.core.Response; import org.apache.http.NameValuePair; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.Credentials; -import org.apache.http.client.config.AuthSchemes; +import org.apache.http.client.HttpClient; import org.apache.http.client.utils.URLEncodedUtils; -import org.apache.http.impl.client.DefaultHttpClient; import org.ietf.jgss.GSSCredential; import org.jboss.arquillian.graphene.page.Page; import org.jboss.resteasy.client.jaxrs.ResteasyClient; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; -import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine; +import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine; import org.junit.After; import org.junit.Before; import org.junit.Rule; @@ -262,33 +258,14 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest { cleanupApacheHttpClient(); } - DefaultHttpClient httpClient = (DefaultHttpClient) new HttpClientBuilder() + HttpClient httpClient = new HttpClientBuilder() .disableCookieCache(false) + .spNegoSchemeFactory(spnegoSchemeFactory) + .useSPNego(useSpnego) .build(); - httpClient.getAuthSchemes().register(AuthSchemes.SPNEGO, spnegoSchemeFactory); - - if (useSpnego) { - Credentials fake = new Credentials() { - - @Override - public String getPassword() { - return null; - } - - @Override - public Principal getUserPrincipal() { - return null; - } - - }; - - httpClient.getCredentialsProvider().setCredentials( - new AuthScope(null, -1, null), - fake); - } - ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient); - client = new ResteasyClientBuilder().httpEngine(engine).build(); + ApacheHttpClient43Engine engine = new ApacheHttpClient43Engine(httpClient); + client = ((ResteasyClientBuilder) ResteasyClientBuilder.newBuilder()).httpEngine(engine).build(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KeycloakSPNegoSchemeFactory.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KeycloakSPNegoSchemeFactory.java index 5133127316..b0c512cc56 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KeycloakSPNegoSchemeFactory.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KeycloakSPNegoSchemeFactory.java @@ -22,6 +22,7 @@ import org.apache.http.auth.Credentials; import org.apache.http.impl.auth.SPNegoScheme; import org.apache.http.impl.auth.SPNegoSchemeFactory; import org.apache.http.params.HttpParams; +import org.apache.http.protocol.HttpContext; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; @@ -66,6 +67,10 @@ public class KeycloakSPNegoSchemeFactory extends SPNegoSchemeFactory { return new KeycloakSPNegoScheme(isStripPort(), isUseCanonicalHostname()); } + @Override + public AuthScheme create(HttpContext context) { + return new KeycloakSPNegoScheme(isStripPort(), isUseCanonicalHostname()); + } public class KeycloakSPNegoScheme extends SPNegoScheme { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java index 78587f7dd1..591575db99 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java @@ -24,7 +24,7 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.hamcrest.Matchers; import org.jboss.resteasy.client.jaxrs.ResteasyClient; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; -import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine; +import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine; import org.junit.Assert; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -126,8 +126,8 @@ public class LoginPageTest extends AbstractI18NTest { ProfileAssume.assumeCommunity(); try(CloseableHttpClient httpClient = (CloseableHttpClient) new HttpClientBuilder().build()) { - ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient); - ResteasyClient client = new ResteasyClientBuilder().httpEngine(engine).build(); + ApacheHttpClient43Engine engine = new ApacheHttpClient43Engine(httpClient); + ResteasyClient client = ((ResteasyClientBuilder) ResteasyClientBuilder.newBuilder()).httpEngine(engine).build(); loginPage.open(); @@ -264,12 +264,12 @@ public class LoginPageTest extends AbstractI18NTest { final String realmLocalizationMessageValue = "Localization Test"; try(CloseableHttpClient httpClient = (CloseableHttpClient) new HttpClientBuilder().build()) { - ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient); + ApacheHttpClient43Engine engine = new ApacheHttpClient43Engine(httpClient); testRealm().localization().saveRealmLocalizationText(locale, realmLocalizationMessageKey, realmLocalizationMessageValue); - ResteasyClient client = new ResteasyClientBuilder().httpEngine(engine).build(); + ResteasyClient client = ((ResteasyClientBuilder) ResteasyClientBuilder.newBuilder()).httpEngine(engine).build(); loginPage.open(); diff --git a/testsuite/model/pom.xml b/testsuite/model/pom.xml index 1a0aa2bf1a..e099eb258f 100644 --- a/testsuite/model/pom.xml +++ b/testsuite/model/pom.xml @@ -35,6 +35,12 @@ junit compile + + net.jcip + jcip-annotations + 1.0 + compile + org.hamcrest hamcrest diff --git a/testsuite/performance/tests/pom.xml b/testsuite/performance/tests/pom.xml index 48c8d93b35..d0e906e045 100644 --- a/testsuite/performance/tests/pom.xml +++ b/testsuite/performance/tests/pom.xml @@ -130,7 +130,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core org.jboss.resteasy diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml index 8828e6825e..da4f76f364 100755 --- a/testsuite/utils/pom.xml +++ b/testsuite/utils/pom.xml @@ -71,10 +71,6 @@ dom4j compile - - org.jboss.spec.javax.servlet - jboss-servlet-api_3.0_spec - org.jboss.spec.javax.ws.rs jboss-jaxrs-api_2.1_spec @@ -85,7 +81,7 @@ org.jboss.resteasy - resteasy-jaxrs + resteasy-core log4j diff --git a/testsuite/utils/src/main/java/org/keycloak/testsuite/JsonConfigProviderFactory.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/JsonConfigProviderFactory.java index aeee5115d9..bd435921f0 100644 --- a/testsuite/utils/src/main/java/org/keycloak/testsuite/JsonConfigProviderFactory.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/JsonConfigProviderFactory.java @@ -23,7 +23,7 @@ import java.util.HashMap; import java.util.Map; import java.util.Properties; import javax.servlet.ServletContext; -import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.common.util.Resteasy; import org.keycloak.common.util.SystemEnvProperties; import org.keycloak.util.JsonSerialization; @@ -38,7 +38,7 @@ public class JsonConfigProviderFactory extends org.keycloak.services.util.JsonCo private Map getPropertyOverrides() { - ServletContext context = ResteasyProviderFactory.getContextData(ServletContext.class); + ServletContext context = Resteasy.getContextData(ServletContext.class); Map propertyOverridesMap = new HashMap<>(); String propertyOverrides = context.getInitParameter(SERVER_CONTEXT_CONFIG_PROPERTY_OVERRIDES); diff --git a/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java index 24f5b07324..4450b29f20 100755 --- a/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java @@ -23,6 +23,7 @@ import io.undertow.servlet.api.DefaultServletConfig; import io.undertow.servlet.api.DeploymentInfo; import io.undertow.servlet.api.FilterInfo; import org.jboss.logging.Logger; +import org.jboss.resteasy.core.ResteasyDeploymentImpl; import org.jboss.resteasy.plugins.server.servlet.ResteasyContextParameters; import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer; import org.jboss.resteasy.spi.ResteasyDeployment; @@ -396,7 +397,7 @@ public class KeycloakServer { public void start() throws Throwable { long start = System.currentTimeMillis(); - ResteasyDeployment deployment = new ResteasyDeployment(); + ResteasyDeployment deployment = new ResteasyDeploymentImpl(); deployment.setApplicationClass(KeycloakApplication.class.getName()); diff --git a/testsuite/utils/src/main/java/org/keycloak/testsuite/Resteasy3Provider.java b/testsuite/utils/src/main/java/org/keycloak/testsuite/Resteasy4Provider.java similarity index 61% rename from testsuite/utils/src/main/java/org/keycloak/testsuite/Resteasy3Provider.java rename to testsuite/utils/src/main/java/org/keycloak/testsuite/Resteasy4Provider.java index e008396e0a..ec26504bfb 100644 --- a/testsuite/utils/src/main/java/org/keycloak/testsuite/Resteasy3Provider.java +++ b/testsuite/utils/src/main/java/org/keycloak/testsuite/Resteasy4Provider.java @@ -1,10 +1,10 @@ package org.keycloak.testsuite; -import org.jboss.resteasy.core.Dispatcher; +import org.jboss.resteasy.core.ResteasyContext; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.common.util.ResteasyProvider; -public class Resteasy3Provider implements ResteasyProvider { +public class Resteasy4Provider implements ResteasyProvider { @Override public R getContextData(Class type) { @@ -13,18 +13,18 @@ public class Resteasy3Provider implements ResteasyProvider { @Override public void pushDefaultContextObject(Class type, Object instance) { - ResteasyProviderFactory.getInstance().getContextData(Dispatcher.class).getDefaultContextObjects() + ResteasyProviderFactory.getInstance().getContextData(org.jboss.resteasy.spi.Dispatcher.class).getDefaultContextObjects() .put(type, instance); } @Override public void pushContext(Class type, Object instance) { - ResteasyProviderFactory.getInstance().pushContext(type, instance); + ResteasyContext.pushContext(type, instance); } @Override public void clearContextData() { - ResteasyProviderFactory.getInstance().clearContextData(); + ResteasyContext.clearContextData(); } } diff --git a/testsuite/utils/src/main/resources/META-INF/services/org.keycloak.common.util.ResteasyProvider b/testsuite/utils/src/main/resources/META-INF/services/org.keycloak.common.util.ResteasyProvider index 81e6d35653..333127ea74 100644 --- a/testsuite/utils/src/main/resources/META-INF/services/org.keycloak.common.util.ResteasyProvider +++ b/testsuite/utils/src/main/resources/META-INF/services/org.keycloak.common.util.ResteasyProvider @@ -1 +1 @@ -org.keycloak.testsuite.Resteasy3Provider \ No newline at end of file +org.keycloak.testsuite.Resteasy4Provider \ No newline at end of file