libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Remove statically served Keycloak JS from the server (#33083)

Browse source 
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
This commit is contained in:
Jon Koops 2024-09-22 19:05:01 +02:00 committed by GitHub
parent 849ca3efb9
commit 5e2f09f66d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 0 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common/src/main/java/org/keycloak/common/Profile.java
View file

@ -92,8 +92,6 @@ public class Profile {
UPDATE_EMAIL("Update Email Action", Type.PREVIEW),
JS_ADAPTER("Host keycloak.js and keycloak-authz.js through the Keycloak server", Type.DEFAULT),
FIPS("FIPS 140-2 mode", Type.DISABLED_BY_DEFAULT),
DPOP("OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer", Type.PREVIEW),

6
quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java
View file

@ -113,7 +113,6 @@ import org.keycloak.representations.provider.ScriptProviderMetadata;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.services.DefaultKeycloakSessionFactory;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.JsResource;
import org.keycloak.services.resources.LoadBalancerResource;
import org.keycloak.services.resources.admin.AdminRoot;
import org.keycloak.theme.ClasspathThemeProviderFactory;
@ -694,11 +693,6 @@ class KeycloakProcessor {
AdminRoot.class.getName())), false));
}
if (!Profile.isFeatureEnabled(Profile.Feature.JS_ADAPTER)) {
buildTimeConditionBuildItemBuildProducer.produce(new BuildTimeConditionBuildItem(index.getIndex().getClassByName(DotName.createSimple(
JsResource.class.getName())), false));
}
if (!MultiSiteUtils.isMultiSiteEnabled()) {
buildTimeConditionBuildItemBuildProducer.produce(new BuildTimeConditionBuildItem(index.getIndex().getClassByName(DotName.createSimple(
LoadBalancerResource.class.getName())), false));

151
services/src/main/java/org/keycloak/services/resources/JsResource.java
View file

@ -1,151 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import org.keycloak.common.Version;
import org.keycloak.encoding.ResourceEncodingHelper;
import org.keycloak.encoding.ResourceEncodingProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.cors.Cors;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.utils.MediaType;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.CacheControl;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;
import java.io.InputStream;
/**
* Get keycloak.js file for javascript clients
*
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@Provider
@Path("/js")
public class JsResource {
@Context
private KeycloakSession session;
/**
* Get keycloak.js file for javascript clients
*
* @return
*/
@GET
@Path("/keycloak.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakJs(@QueryParam("version") String version) {
return getJs("keycloak.js", version);
}
@GET
@Path("/{version}/keycloak.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakJsWithVersion(@PathParam("version") String version) {
return getJs("keycloak.js", version);
}
@GET
@Path("/keycloak.min.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakMinJs(@QueryParam("version") String version) {
return getJs("keycloak.min.js", version);
}
@GET
@Path("/{version}/keycloak.min.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakMinJsWithVersion(@PathParam("version") String version) {
return getJs("keycloak.min.js", version);
}
/**
* Get keycloak-authz.js file for javascript clients
*
* @return
*/
@GET
@Path("/keycloak-authz.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakAuthzJs(@QueryParam("version") String version) {
return getJs("keycloak-authz.js", version);
}
@GET
@Path("/{version}/keycloak-authz.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakAuthzJsWithVersion(@PathParam("version") String version) {
return getJs("keycloak-authz.js", version);
}
@GET
@Path("/keycloak-authz.min.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakAuthzMinJs(@QueryParam("version") String version) {
return getJs("keycloak-authz.min.js", version);
}
@GET
@Path("/{version}/keycloak-authz.min.js")
@Produces(MediaType.TEXT_PLAIN_JAVASCRIPT)
public Response getKeycloakAuthzMinJsWithVersion(@PathParam("version") String version) {
return getJs("keycloak-authz.min.js", version);
}
private Response getJs(String name, String version) {
CacheControl cacheControl;
if (version != null) {
if (!version.equals(Version.RESOURCES_VERSION)) {
return Response.status(Response.Status.NOT_FOUND).build();
}
cacheControl = CacheControlUtil.getDefaultCacheControl();
} else {
cacheControl = CacheControlUtil.noCache();
}
String contentType = "text/javascript";
Cors cors = Cors.builder().allowAllOrigins();
ResourceEncodingProvider encodingProvider = ResourceEncodingHelper.getResourceEncodingProvider(session, contentType);
InputStream inputStream;
if (encodingProvider != null) {
inputStream = encodingProvider.getEncodedStream(() -> getClass().getClassLoader().getResourceAsStream(name), "js", name);
} else {
inputStream = getClass().getClassLoader().getResourceAsStream(name);
}
if (inputStream != null) {
Response.ResponseBuilder rb = Response.ok(inputStream).type(contentType).cacheControl(cacheControl);
if (encodingProvider != null) {
rb.encoding(encodingProvider.getEncoding());
}
return cors.add(rb);
} else {
return cors.add(Response.status(Response.Status.NOT_FOUND));
}
}
}

1
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
View file

@ -357,7 +357,6 @@ public class AdminConsole {
map.put("consoleBaseUrl", Urls.adminConsoleRoot(adminBaseUri, realm.getName()).getPath());
map.put("resourceUrl", Urls.themeRoot(adminBaseUri).getPath() + "/admin/" + theme.getName());
map.put("resourceCommonUrl", Urls.themeRoot(adminBaseUri).getPath() + "/common/keycloak");
map.put("keycloakJsUrl", adminBaseUrl + "/js/keycloak.js?version=" + Version.RESOURCES_VERSION);
map.put("masterRealm", Config.getAdminRealm());
map.put("resourceVersion", Version.RESOURCES_VERSION);
map.put("loginRealm", realm.getName());

6
services/src/test/java/org/keycloak/services/resteasy/ResteasyKeycloakApplication.java
View file

@ -25,7 +25,6 @@ import org.keycloak.services.error.KcUnrecognizedPropertyExceptionHandler;
import org.keycloak.services.error.KeycloakErrorHandler;
import org.keycloak.services.error.KeycloakMismatchedInputExceptionHandler;
import org.keycloak.services.filters.KeycloakSecurityHeadersFilter;
import org.keycloak.services.resources.JsResource;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.resources.LoadBalancerResource;
import org.keycloak.services.resources.RealmsResource;
@ -50,11 +49,6 @@ public class ResteasyKeycloakApplication extends KeycloakApplication {
classes.add(AdminRoot.class);
}
classes.add(ThemeResource.class);
if (Profile.isFeatureEnabled(Profile.Feature.JS_ADAPTER)) {
classes.add(JsResource.class);
}
classes.add(KeycloakSecurityHeadersFilter.class);
classes.add(KeycloakErrorHandler.class);
classes.add(KcUnrecognizedPropertyExceptionHandler.class);

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/theme/ThemeResourceProviderTest.java
View file

@ -110,29 +110,21 @@ public class ThemeResourceProviderTest extends AbstractTestRealmKeycloakTest {
deleted = file1.delete();
}
File file2 = Paths.get(System.getProperty("java.io.tmpdir"), "kc-gzip-cache", resourcesVersion, "js", "keycloak.js.gz").toFile();
if (file2.isFile()) {
deleted = deleted && file2.delete();
}
return deleted;
}, Boolean.class);
assertEncoded(suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/resources/" + resourcesVersion + "/welcome/keycloak/css/welcome.css", ".pf-v5-c-background-image");
assertEncoded(suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/js/keycloak.js", "function Keycloak (config)");
// Check no files exists inside "/tmp" directory. We need to skip this test in the rare case when there are thombstone files created by different user
if (filesNotExistsInTmp) {
testingClient.server().run(session -> {
assertFalse(Paths.get(System.getProperty("java.io.tmpdir"), "kc-gzip-cache", resourcesVersion, "welcome", "keycloak", "css", "welcome.css.gz").toFile().isFile());
assertFalse(Paths.get(System.getProperty("java.io.tmpdir"), "kc-gzip-cache", resourcesVersion, "js", "keycloak.js.gz").toFile().isFile());
});
}
testingClient.server().run(session -> {
String serverTmpDir = Platform.getPlatform().getTmpDirectory().toString();
assertTrue(Paths.get(serverTmpDir, "kc-gzip-cache", resourcesVersion, "welcome", "keycloak", "css", "welcome.css.gz").toFile().isFile());
assertTrue(Paths.get(serverTmpDir, "kc-gzip-cache", resourcesVersion, "js", "keycloak.js.gz").toFile().isFile());
});
}