[KEYCLOAK-3629] - Adding confidential-port attribute to wildfly adapter subsystem

This commit is contained in:
pedroigor 2017-11-27 11:49:01 -02:00 committed by Stian Thorgersen
parent 6587cfa084
commit 5f43a6a342
5 changed files with 17 additions and 1 deletions

View file

@ -186,7 +186,12 @@ public class SharedAttributeDefinitons {
.setDefaultValue(new ModelNode(false)) .setDefaultValue(new ModelNode(false))
.build(); .build();
protected static final SimpleAttributeDefinition CONFIDENTIAL_PORT =
new SimpleAttributeDefinitionBuilder("confidential-port", ModelType.INT, true)
.setXmlName("confidential-port")
.setAllowExpression(true)
.setDefaultValue(new ModelNode(8443))
.build();
protected static final List<SimpleAttributeDefinition> ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>(); protected static final List<SimpleAttributeDefinition> ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
@ -196,6 +201,7 @@ public class SharedAttributeDefinitons {
ATTRIBUTES.add(TRUSTSTORE); ATTRIBUTES.add(TRUSTSTORE);
ATTRIBUTES.add(TRUSTSTORE_PASSWORD); ATTRIBUTES.add(TRUSTSTORE_PASSWORD);
ATTRIBUTES.add(SSL_REQUIRED); ATTRIBUTES.add(SSL_REQUIRED);
ATTRIBUTES.add(CONFIDENTIAL_PORT);
ATTRIBUTES.add(ALLOW_ANY_HOSTNAME); ATTRIBUTES.add(ALLOW_ANY_HOSTNAME);
ATTRIBUTES.add(DISABLE_TRUST_MANAGER); ATTRIBUTES.add(DISABLE_TRUST_MANAGER);
ATTRIBUTES.add(CONNECTION_POOL_SIZE); ATTRIBUTES.add(CONNECTION_POOL_SIZE);

View file

@ -30,6 +30,7 @@ keycloak.realm.realm-public-key=Public key of the realm
keycloak.realm.auth-server-url=Base URL of the Realm Auth Server keycloak.realm.auth-server-url=Base URL of the Realm Auth Server
keycloak.realm.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests keycloak.realm.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests
keycloak.realm.ssl-required=Specify if SSL is required (valid values are all, external and none) keycloak.realm.ssl-required=Specify if SSL is required (valid values are all, external and none)
keycloak.realm.confidential-port=Specify the confidential port (SSL/TLS) used by the Realm Auth Server
keycloak.realm.allow-any-hostname=SSL Setting keycloak.realm.allow-any-hostname=SSL Setting
keycloak.realm.truststore=Truststore used for adapter client HTTPS requests keycloak.realm.truststore=Truststore used for adapter client HTTPS requests
keycloak.realm.truststore-password=Password of the Truststore keycloak.realm.truststore-password=Password of the Truststore
@ -60,6 +61,7 @@ keycloak.secure-deployment.realm-public-key=Public key of the realm
keycloak.secure-deployment.auth-server-url=Base URL of the Realm Auth Server keycloak.secure-deployment.auth-server-url=Base URL of the Realm Auth Server
keycloak.secure-deployment.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests keycloak.secure-deployment.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests
keycloak.secure-deployment.ssl-required=Specify if SSL is required (valid values are all, external and none) keycloak.secure-deployment.ssl-required=Specify if SSL is required (valid values are all, external and none)
keycloak.secure-deployment.confidential-port=Specify the confidential port (SSL/TLS) used by the Realm Auth Server
keycloak.secure-deployment.allow-any-hostname=SSL Setting keycloak.secure-deployment.allow-any-hostname=SSL Setting
keycloak.secure-deployment.truststore=Truststore used for adapter client HTTPS requests keycloak.secure-deployment.truststore=Truststore used for adapter client HTTPS requests
keycloak.secure-deployment.truststore-password=Password of the Truststore keycloak.secure-deployment.truststore-password=Password of the Truststore
@ -100,6 +102,7 @@ keycloak.secure-server.realm-public-key=Public key of the realm
keycloak.secure-server.auth-server-url=Base URL of the Realm Auth Server keycloak.secure-server.auth-server-url=Base URL of the Realm Auth Server
keycloak.secure-server.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests keycloak.secure-server.disable-trust-manager=Adapter will not use a trust manager when making adapter HTTPS requests
keycloak.secure-server.ssl-required=Specify if SSL is required (valid values are all, external and none) keycloak.secure-server.ssl-required=Specify if SSL is required (valid values are all, external and none)
keycloak.secure-server.confidential-port=Specify the confidential port (SSL/TLS) used by the Realm Auth Server
keycloak.secure-server.allow-any-hostname=SSL Setting keycloak.secure-server.allow-any-hostname=SSL Setting
keycloak.secure-server.truststore=Truststore used for adapter client HTTPS requests keycloak.secure-server.truststore=Truststore used for adapter client HTTPS requests
keycloak.secure-server.truststore-password=Password of the Truststore keycloak.secure-server.truststore-password=Password of the Truststore

View file

@ -58,6 +58,7 @@
<xs:element name="expose-token" type="xs:boolean" minOccurs="0" maxOccurs="1"/> <xs:element name="expose-token" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="disable-trust-manager" type="xs:boolean" minOccurs="0" maxOccurs="1" /> <xs:element name="disable-trust-manager" type="xs:boolean" minOccurs="0" maxOccurs="1" />
<xs:element name="ssl-required" type="xs:string" minOccurs="0" maxOccurs="1" /> <xs:element name="ssl-required" type="xs:string" minOccurs="0" maxOccurs="1" />
<xs:element name="confidential-port" type="xs:integer" minOccurs="0" maxOccurs="1" />
<xs:element name="cors-allowed-methods" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="cors-allowed-methods" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="cors-exposed-headers" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="cors-exposed-headers" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="realm-public-key" type="xs:string" minOccurs="1" maxOccurs="1"/> <xs:element name="realm-public-key" type="xs:string" minOccurs="1" maxOccurs="1"/>
@ -100,6 +101,7 @@
<xs:element name="connection-pool-size" type="xs:integer" minOccurs="0" maxOccurs="1"/> <xs:element name="connection-pool-size" type="xs:integer" minOccurs="0" maxOccurs="1"/>
<xs:element name="expose-token" type="xs:boolean" minOccurs="0" maxOccurs="1"/> <xs:element name="expose-token" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="ssl-required" type="xs:string" minOccurs="0" maxOccurs="1" /> <xs:element name="ssl-required" type="xs:string" minOccurs="0" maxOccurs="1" />
<xs:element name="confidential-port" type="xs:integer" minOccurs="0" maxOccurs="1" />
<xs:element name="realm-public-key" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="realm-public-key" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="credential" type="credential-type" minOccurs="0" maxOccurs="1"/> <xs:element name="credential" type="credential-type" minOccurs="0" maxOccurs="1"/>
<xs:element name="redirect-rewrite-rule" type="redirect-rewrite-rule-type" minOccurs="0" maxOccurs="1"/> <xs:element name="redirect-rewrite-rule" type="redirect-rewrite-rule-type" minOccurs="0" maxOccurs="1"/>

View file

@ -51,6 +51,7 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
node.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login"); node.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login");
node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes"); node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
node.get("ssl-required").set("external"); node.get("ssl-required").set("external");
node.get("confidential-port").set(443);
node.get("expose-token").set(true); node.get("expose-token").set(true);
ModelNode jwtCredential = new ModelNode(); ModelNode jwtCredential = new ModelNode();

View file

@ -22,6 +22,7 @@
<truststore>truststore.jks</truststore> <truststore>truststore.jks</truststore>
<truststore-password>secret</truststore-password> <truststore-password>secret</truststore-password>
<ssl-required>EXTERNAL</ssl-required> <ssl-required>EXTERNAL</ssl-required>
<confidential-port>443</confidential-port>
<allow-any-hostname>false</allow-any-hostname> <allow-any-hostname>false</allow-any-hostname>
<disable-trust-manager>true</disable-trust-manager> <disable-trust-manager>true</disable-trust-manager>
<connection-pool-size>20</connection-pool-size> <connection-pool-size>20</connection-pool-size>
@ -56,6 +57,7 @@
</realm-public-key> </realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url> <auth-server-url>http://localhost:8080/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required> <ssl-required>EXTERNAL</ssl-required>
<confidential-port>443</confidential-port>
<credential name="secret">0aa31d98-e0aa-404c-b6e0-e771dba1e798</credential> <credential name="secret">0aa31d98-e0aa-404c-b6e0-e771dba1e798</credential>
<redirect-rewrite-rule name="^/wsmaster/api/(.*)$">api/$1/</redirect-rewrite-rule> <redirect-rewrite-rule name="^/wsmaster/api/(.*)$">api/$1/</redirect-rewrite-rule>
</secure-deployment> </secure-deployment>
@ -84,5 +86,7 @@
<realm>jboss-infra</realm> <realm>jboss-infra</realm>
<resource>wildfly-console</resource> <resource>wildfly-console</resource>
<public-client>true</public-client> <public-client>true</public-client>
<ssl-required>EXTERNAL</ssl-required>
<confidential-port>443</confidential-port>
</secure-server> </secure-server>
</subsystem> </subsystem>