Remove statically served Keycloak JS from the server (#33083)
Closes #32827 Signed-off-by: Jon Koops <jonkoops@gmail.com>
This commit is contained in:
parent
849ca3efb9
commit
5e2f09f66d
6 changed files with 0 additions and 174 deletions
|
@ -92,8 +92,6 @@ public class Profile {
|
|||
|
||||
UPDATE_EMAIL("Update Email Action", Type.PREVIEW),
|
||||
|
||||
JS_ADAPTER("Host keycloak.js and keycloak-authz.js through the Keycloak server", Type.DEFAULT),
|
||||
|
||||
FIPS("FIPS 140-2 mode", Type.DISABLED_BY_DEFAULT),
|
||||
|
||||
DPOP("OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer", Type.PREVIEW),
|
||||
|
|
|
@ -113,7 +113,6 @@ import org.keycloak.representations.provider.ScriptProviderMetadata;
|
|||
import org.keycloak.representations.userprofile.config.UPConfig;
|
||||
import org.keycloak.services.DefaultKeycloakSessionFactory;
|
||||
import org.keycloak.services.ServicesLogger;
|
||||
import org.keycloak.services.resources.JsResource;
|
||||
import org.keycloak.services.resources.LoadBalancerResource;
|
||||
import org.keycloak.services.resources.admin.AdminRoot;
|
||||
import org.keycloak.theme.ClasspathThemeProviderFactory;
|
||||
|
@ -694,11 +693,6 @@ class KeycloakProcessor {
|
|||
AdminRoot.class.getName())), false));
|
||||
}
|
||||
|
||||
if (!Profile.isFeatureEnabled(Profile.Feature.JS_ADAPTER)) {
|
||||
buildTimeConditionBuildItemBuildProducer.produce(new BuildTimeConditionBuildItem(index.getIndex().getClassByName(DotName.createSimple(
|
||||
JsResource.class.getName())), false));
|
||||
}
|
||||
|
||||
if (!MultiSiteUtils.isMultiSiteEnabled()) {
|
||||
buildTimeConditionBuildItemBuildProducer.produce(new BuildTimeConditionBuildItem(index.getIndex().getClassByName(DotName.createSimple(
|
||||
LoadBalancerResource.class.getName())), false));
|
||||
|
|
|
@ -1,151 +0,0 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.services.resources;
|
||||
|
||||
import org.keycloak.common.Version;
|
||||
import org.keycloak.encoding.ResourceEncodingHelper;
|
||||
import org.keycloak.encoding.ResourceEncodingProvider;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.services.cors.Cors;
|
||||
import org.keycloak.services.util.CacheControlUtil;
|
||||
import org.keycloak.utils.MediaType;
|
||||
|
||||
import jakarta.ws.rs.GET;
|
||||
import jakarta.ws.rs.Path;
|
||||
import jakarta.ws.rs.PathParam;
|
||||
import jakarta.ws.rs.Produces;
|
||||
import jakarta.ws.rs.QueryParam;
|
||||
import jakarta.ws.rs.core.CacheControl;
|
||||
import jakarta.ws.rs.core.Context;
|
||||
import jakarta.ws.rs.core.Response;
|
||||
import jakarta.ws.rs.ext.Provider;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* Get keycloak.js file for javascript clients
|
||||
*
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
@Provider
|
||||
@Path("/js")
|
||||
public class JsResource {
|
||||
|
||||
@Context
|
||||
private KeycloakSession session;
|
||||
|
||||
/**
|
||||
* Get keycloak.js file for javascript clients
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@GET
|
||||
@Path("/keycloak.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakJs(@QueryParam("version") String version) {
|
||||
return getJs("keycloak.js", version);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/{version}/keycloak.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakJsWithVersion(@PathParam("version") String version) {
|
||||
return getJs("keycloak.js", version);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/keycloak.min.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakMinJs(@QueryParam("version") String version) {
|
||||
return getJs("keycloak.min.js", version);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/{version}/keycloak.min.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakMinJsWithVersion(@PathParam("version") String version) {
|
||||
return getJs("keycloak.min.js", version);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get keycloak-authz.js file for javascript clients
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@GET
|
||||
@Path("/keycloak-authz.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakAuthzJs(@QueryParam("version") String version) {
|
||||
return getJs("keycloak-authz.js", version);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/{version}/keycloak-authz.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakAuthzJsWithVersion(@PathParam("version") String version) {
|
||||
return getJs("keycloak-authz.js", version);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/keycloak-authz.min.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakAuthzMinJs(@QueryParam("version") String version) {
|
||||
return getJs("keycloak-authz.min.js", version);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/{version}/keycloak-authz.min.js")
|
||||
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
|
||||
public Response getKeycloakAuthzMinJsWithVersion(@PathParam("version") String version) {
|
||||
return getJs("keycloak-authz.min.js", version);
|
||||
}
|
||||
|
||||
private Response getJs(String name, String version) {
|
||||
CacheControl cacheControl;
|
||||
if (version != null) {
|
||||
if (!version.equals(Version.RESOURCES_VERSION)) {
|
||||
return Response.status(Response.Status.NOT_FOUND).build();
|
||||
}
|
||||
cacheControl = CacheControlUtil.getDefaultCacheControl();
|
||||
} else {
|
||||
cacheControl = CacheControlUtil.noCache();
|
||||
}
|
||||
|
||||
String contentType = "text/javascript";
|
||||
Cors cors = Cors.builder().allowAllOrigins();
|
||||
|
||||
ResourceEncodingProvider encodingProvider = ResourceEncodingHelper.getResourceEncodingProvider(session, contentType);
|
||||
|
||||
InputStream inputStream;
|
||||
if (encodingProvider != null) {
|
||||
inputStream = encodingProvider.getEncodedStream(() -> getClass().getClassLoader().getResourceAsStream(name), "js", name);
|
||||
} else {
|
||||
inputStream = getClass().getClassLoader().getResourceAsStream(name);
|
||||
}
|
||||
|
||||
if (inputStream != null) {
|
||||
Response.ResponseBuilder rb = Response.ok(inputStream).type(contentType).cacheControl(cacheControl);
|
||||
if (encodingProvider != null) {
|
||||
rb.encoding(encodingProvider.getEncoding());
|
||||
}
|
||||
return cors.add(rb);
|
||||
} else {
|
||||
return cors.add(Response.status(Response.Status.NOT_FOUND));
|
||||
}
|
||||
}
|
||||
}
|
|
@ -357,7 +357,6 @@ public class AdminConsole {
|
|||
map.put("consoleBaseUrl", Urls.adminConsoleRoot(adminBaseUri, realm.getName()).getPath());
|
||||
map.put("resourceUrl", Urls.themeRoot(adminBaseUri).getPath() + "/admin/" + theme.getName());
|
||||
map.put("resourceCommonUrl", Urls.themeRoot(adminBaseUri).getPath() + "/common/keycloak");
|
||||
map.put("keycloakJsUrl", adminBaseUrl + "/js/keycloak.js?version=" + Version.RESOURCES_VERSION);
|
||||
map.put("masterRealm", Config.getAdminRealm());
|
||||
map.put("resourceVersion", Version.RESOURCES_VERSION);
|
||||
map.put("loginRealm", realm.getName());
|
||||
|
|
|
@ -25,7 +25,6 @@ import org.keycloak.services.error.KcUnrecognizedPropertyExceptionHandler;
|
|||
import org.keycloak.services.error.KeycloakErrorHandler;
|
||||
import org.keycloak.services.error.KeycloakMismatchedInputExceptionHandler;
|
||||
import org.keycloak.services.filters.KeycloakSecurityHeadersFilter;
|
||||
import org.keycloak.services.resources.JsResource;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.LoadBalancerResource;
|
||||
import org.keycloak.services.resources.RealmsResource;
|
||||
|
@ -50,11 +49,6 @@ public class ResteasyKeycloakApplication extends KeycloakApplication {
|
|||
classes.add(AdminRoot.class);
|
||||
}
|
||||
classes.add(ThemeResource.class);
|
||||
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.JS_ADAPTER)) {
|
||||
classes.add(JsResource.class);
|
||||
}
|
||||
|
||||
classes.add(KeycloakSecurityHeadersFilter.class);
|
||||
classes.add(KeycloakErrorHandler.class);
|
||||
classes.add(KcUnrecognizedPropertyExceptionHandler.class);
|
||||
|
|
|
@ -110,29 +110,21 @@ public class ThemeResourceProviderTest extends AbstractTestRealmKeycloakTest {
|
|||
deleted = file1.delete();
|
||||
}
|
||||
|
||||
File file2 = Paths.get(System.getProperty("java.io.tmpdir"), "kc-gzip-cache", resourcesVersion, "js", "keycloak.js.gz").toFile();
|
||||
if (file2.isFile()) {
|
||||
deleted = deleted && file2.delete();
|
||||
}
|
||||
|
||||
return deleted;
|
||||
}, Boolean.class);
|
||||
|
||||
assertEncoded(suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/resources/" + resourcesVersion + "/welcome/keycloak/css/welcome.css", ".pf-v5-c-background-image");
|
||||
assertEncoded(suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/js/keycloak.js", "function Keycloak (config)");
|
||||
|
||||
// Check no files exists inside "/tmp" directory. We need to skip this test in the rare case when there are thombstone files created by different user
|
||||
if (filesNotExistsInTmp) {
|
||||
testingClient.server().run(session -> {
|
||||
assertFalse(Paths.get(System.getProperty("java.io.tmpdir"), "kc-gzip-cache", resourcesVersion, "welcome", "keycloak", "css", "welcome.css.gz").toFile().isFile());
|
||||
assertFalse(Paths.get(System.getProperty("java.io.tmpdir"), "kc-gzip-cache", resourcesVersion, "js", "keycloak.js.gz").toFile().isFile());
|
||||
});
|
||||
}
|
||||
|
||||
testingClient.server().run(session -> {
|
||||
String serverTmpDir = Platform.getPlatform().getTmpDirectory().toString();
|
||||
assertTrue(Paths.get(serverTmpDir, "kc-gzip-cache", resourcesVersion, "welcome", "keycloak", "css", "welcome.css.gz").toFile().isFile());
|
||||
assertTrue(Paths.get(serverTmpDir, "kc-gzip-cache", resourcesVersion, "js", "keycloak.js.gz").toFile().isFile());
|
||||
});
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue