libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-579 Use relative urls in examples

Browse source
This commit is contained in:
Stian Thorgersen 2014-07-25 17:01:10 +01:00
parent a6b38397ea
commit 628c7dd92a
30 changed files with 125 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/src/main/java/org/keycloak/AbstractOAuthClient.java
View file

@ -19,6 +19,7 @@ public class AbstractOAuthClient {
protected String authUrl;
protected String codeUrl;
protected String refreshUrl;
protected boolean relativeUrls;
protected String scope;
protected String stateCookieName = OAUTH_TOKEN_REQUEST_STATE;
protected String stateCookiePath;
@ -100,6 +101,14 @@ public class AbstractOAuthClient {
this.publicClient = publicClient;
}
public boolean isRelativeUrls() {
return relativeUrls;
}
public void setRelativeUrls(boolean relativeUrls) {
this.relativeUrls = relativeUrls;
}
protected String stripOauthParametersFromRedirect(String uri) {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
.replaceQueryParam(OAuth2Constants.CODE, null)

4
examples/cordova/example-realm.json
View file

@ -52,9 +52,7 @@
"name": "cordova",
"enabled": true,
"publicClient": true,
"redirectUris": [
"http://localhost"
]
"redirectUris": []
}
],
"applicationRoleMappings": {

2
examples/cors/angular-product-app/src/main/webapp/js/app.js vendored
View file

@ -18,7 +18,7 @@ angular.element(document).ready(function ($http) {
console.log('here login');
auth.loggedIn = true;
auth.authz = keycloakAuth;
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html";
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=/angular-product/index.html";
module.factory('Auth', function() {
return auth;
});

2
examples/cors/angular-product-app/src/main/webapp/keycloak.json
View file

@ -1,7 +1,7 @@
{
"realm" : "cors",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost-auth:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"resource" : "angular-product",
"public-client" : true

4
examples/cors/cors-realm.json
View file

@ -47,9 +47,9 @@
"name": "angular-product",
"enabled": true,
"publicClient": true,
"baseUrl": "http://localhost:8080/angular-product/index.html",
"baseUrl": "/angular-product/index.html",
"redirectUris": [
"http://localhost:8080/angular-product/*"
"/angular-product/*"
],
"webOrigins": [
"http://localhost:8080"

19
examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
View file

@ -16,6 +16,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.util.JsonSerialization;
import org.keycloak.util.KeycloakUriBuilder;
import javax.servlet.http.HttpServletRequest;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
@ -43,14 +44,14 @@ public class AdminClient {
}
}
public static AccessTokenResponse getToken() throws IOException {
public static AccessTokenResponse getToken(HttpServletRequest request) throws IOException {
HttpClient client = new HttpClientBuilder()
.disableTrustManager().build();
try {
HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri("http://localhost:8080/auth")
HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
.path(ServiceUrlConstants.TOKEN_SERVICE_DIRECT_GRANT_PATH).build("demo"));
List <NameValuePair> formparams = new ArrayList <NameValuePair>();
formparams.add(new BasicNameValuePair("username", "admin"));
@ -94,14 +95,14 @@ public class AdminClient {
}
}
public static void logout(AccessTokenResponse res) throws IOException {
public static void logout(HttpServletRequest request, AccessTokenResponse res) throws IOException {
HttpClient client = new HttpClientBuilder()
.disableTrustManager().build();
try {
HttpGet get = new HttpGet(KeycloakUriBuilder.fromUri("http://localhost:8080/auth")
HttpGet get = new HttpGet(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
.path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("session_state", res.getSessionState())
.build("demo"));
@ -117,12 +118,12 @@ public class AdminClient {
}
}
public static List<RoleRepresentation> getRealmRoles(AccessTokenResponse res) throws Failure {
public static List<RoleRepresentation> getRealmRoles(HttpServletRequest request, AccessTokenResponse res) throws Failure {
HttpClient client = new HttpClientBuilder()
.disableTrustManager().build();
try {
HttpGet get = new HttpGet("http://localhost:8080/auth/admin/realms/demo/roles");
HttpGet get = new HttpGet(getBaseUrl(request) + "/auth/admin/realms/demo/roles");
get.addHeader("Authorization", "Bearer " + res.getToken());
try {
HttpResponse response = client.execute(get);
@ -143,4 +144,10 @@ public class AdminClient {
client.getConnectionManager().shutdown();
}
}
public static String getBaseUrl(HttpServletRequest request) {
String url = request.getRequestURL().toString();
return url.substring(0, url.indexOf('/', 8));
}
}

6
examples/demo-template/admin-access-app/src/main/webapp/admin/admin.jsp
View file

@ -12,9 +12,9 @@
<%
java.util.List<RoleRepresentation> list = null;
try {
AccessTokenResponse res = AdminClient.getToken();
list = AdminClient.getRealmRoles(res);
AdminClient.logout(res);
AccessTokenResponse res = AdminClient.getToken(request);
list = AdminClient.getRealmRoles(request, res);
AdminClient.logout(request, res);
} catch (AdminClient.Failure failure) {
out.println("There was a failure processing request. You either didn't configure Keycloak properly");
out.println("Status from database service invocation was: " + failure.getStatus());

2
examples/demo-template/angular-product-app/src/main/webapp/js/app.js vendored
View file

@ -16,7 +16,7 @@ angular.element(document).ready(function ($http) {
keycloakAuth.init({ onLoad: 'login-required' }).success(function () {
auth.loggedIn = true;
auth.authz = keycloakAuth;
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/demo/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html";
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/demo/tokens/logout?redirect_uri=/angular-product/index.html";
module.factory('Auth', function() {
return auth;
});

2
examples/demo-template/angular-product-app/src/main/webapp/keycloak.json
View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"resource" : "angular-product",
"public-client" : true

5
examples/demo-template/customer-app-cli/src/main/java/org/keycloak/example/CustomerCli.java
View file

@ -115,7 +115,10 @@ public class CustomerCli {
}
public static void customers() throws Exception {
String customersUrl = "http://localhost:8080/database/customers";
String baseUrl = keycloak.getDeployment().getAuthServerBaseUrl();
baseUrl = baseUrl.substring(0, baseUrl.indexOf('/', 8));
String customersUrl = baseUrl + "/database/customers";
HttpGet get = new HttpGet(customersUrl);
get.setHeader("Accept", "application/json");
get.setHeader("Authorization", "Bearer " + keycloak.getTokenString(10, TimeUnit.SECONDS));

2
examples/demo-template/customer-app-js/src/main/webapp/customers/view.html
View file

@ -5,7 +5,7 @@
</head>
<body bgcolor="#E3F6CE">
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="#" onclick="keycloak.logout()">logout</a> | <a href="#" onclick="keycloak.accountManagement()">manage acct</a></p>
<p>Goto: <a href="/product-portal">products</a> | <a href="#" onclick="keycloak.logout()">logout</a> | <a href="#" onclick="keycloak.accountManagement()">manage acct</a></p>
User <b id="subject"></b> made this request.
<p><b>User details (from <span id="profileType"></span>)</b></p>

2
examples/demo-template/customer-app-js/src/main/webapp/keycloak.json
View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"resource" : "customer-portal-js",
"public-client" : true

8
examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java
View file

@ -43,7 +43,7 @@ public class AdminClient {
HttpClient client = new HttpClientBuilder()
.disableTrustManager().build();
try {
HttpGet get = new HttpGet("http://localhost:8080/auth/admin/realms/demo/roles");
HttpGet get = new HttpGet(getBaseUrl(req) + "/auth/admin/realms/demo/roles");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
@ -64,4 +64,10 @@ public class AdminClient {
client.getConnectionManager().shutdown();
}
}
public static String getBaseUrl(HttpServletRequest request) {
String url = request.getRequestURL().toString();
return url.substring(0, url.indexOf('/', 8));
}
}

7
examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
View file

@ -48,7 +48,7 @@ public class CustomerDatabaseClient {
HttpClient client = new HttpClientBuilder()
.disableTrustManager().build();
try {
HttpGet get = new HttpGet("http://localhost:8080/database/customers");
HttpGet get = new HttpGet(getBaseUrl(req) + "/database/customers");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
@ -69,4 +69,9 @@ public class CustomerDatabaseClient {
client.getConnectionManager().shutdown();
}
}
public static String getBaseUrl(HttpServletRequest request) {
String url = request.getRequestURL().toString();
return url.substring(0, url.indexOf('/', 8));
}
}

2
examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
View file

@ -2,7 +2,7 @@
"realm": "demo",
"resource": "customer-portal",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8080/auth",
"auth-server-url": "/auth",
"ssl-not-required": true,
"expose-token": true,
"credentials": {

8
examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
View file

@ -10,13 +10,13 @@
</head>
<body bgcolor="#E3F6CE">
<%
String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
String logoutUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", "/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
.queryParam("referrer", "customer-portal").build("demo").toString();
IDToken idToken = CustomerDatabaseClient.getIDToken(request);
%>
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a
<p>Goto: <a href="/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a
href="<%=acctUri%>">manage acct</a></p>
Servlet User Principal <b><%=request.getUserPrincipal().getName()%>
</b> made this request.

7
examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
View file

@ -39,7 +39,7 @@ public class ProductDatabaseClient
HttpClient client = new HttpClientBuilder()
.disableTrustManager().build();
try {
HttpGet get = new HttpGet("http://localhost:8080/database/products");
HttpGet get = new HttpGet(getBaseUrl(req) + "/database/products");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
@ -61,4 +61,9 @@ public class ProductDatabaseClient
}
}
public static String getBaseUrl(HttpServletRequest request) {
String url = request.getRequestURL().toString();
return url.substring(0, url.indexOf('/', 8));
}
}

2
examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
View file

@ -2,7 +2,7 @@
"realm" : "demo",
"resource" : "product-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"credentials" : {
"secret": "password"

8
examples/demo-template/product-app/src/main/webapp/products/view.jsp
View file

@ -9,13 +9,13 @@
</head>
<body bgcolor="#F5F6CE">
<%
String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
String logoutUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", "/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
.queryParam("referrer", "product-portal").build("demo").toString();
%>
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
<p>Goto: <a href="/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Product Listing</h2>
<%

2
examples/demo-template/subsystem-config.xml
View file

@ -2,7 +2,7 @@
<subsystem xmlns="urn:jboss:domain:keycloak:1.0">
<realm name="demo">
<realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</realm-public-key>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<auth-server-url>/auth</auth-server-url>
<ssl-not-required>true</ssl-not-required>
</realm>
<secure-deployment name="customer-portal.war">

24
examples/demo-template/testrealm.json
View file

@ -89,10 +89,10 @@
{
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal",
"baseUrl": "http://localhost:8080/customer-portal",
"adminUrl": "/customer-portal",
"baseUrl": "/customer-portal",
"redirectUris": [
"http://localhost:8080/customer-portal/*"
"/customer-portal/*"
],
"secret": "password"
},
@ -100,18 +100,18 @@
"name": "customer-portal-js",
"enabled": true,
"publicClient": true,
"baseUrl": "http://localhost:8080/customer-portal-js",
"baseUrl": "/customer-portal-js",
"redirectUris": [
"http://localhost:8080/customer-portal-js/*"
"/customer-portal-js/*"
]
},
{
"name": "angular-product",
"enabled": true,
"publicClient": true,
"baseUrl": "http://localhost:8080/angular-product/index.html",
"baseUrl": "/angular-product/index.html",
"redirectUris": [
"http://localhost:8080/angular-product/*"
"/angular-product/*"
]
},
{
@ -126,10 +126,10 @@
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal",
"baseUrl": "http://localhost:8080/product-portal",
"adminUrl": "/product-portal",
"baseUrl": "/product-portal",
"redirectUris": [
"http://localhost:8080/product-portal/*"
"/product-portal/*"
],
"secret": "password"
}
@ -139,8 +139,8 @@
"name": "third-party",
"enabled": true,
"redirectUris": [
"http://localhost:8080/oauth-client/*",
"http://localhost:8080/oauth-client-cdi/*"
"/oauth-client/*",
"/oauth-client-cdi/*"
],
"secret": "password"
},

11
examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java
View file

@ -58,12 +58,12 @@ public class DatabaseClient {
static class TypedList extends ArrayList<String> {}
public void sendCustomersRequest() {
List<String> customers = sendRequestToDBApplication("http://localhost:8080/database/customers");
List<String> customers = sendRequestToDBApplication(getBaseUrl() + "/database/customers");
userData.setCustomers(customers);
}
public void sendProductsRequest() {
List<String> products = sendRequestToDBApplication("http://localhost:8080/database/products");
List<String> products = sendRequestToDBApplication(getBaseUrl() + "/database/products");
userData.setProducts(products);
}
@ -100,4 +100,11 @@ public class DatabaseClient {
return null;
}
}
public String getBaseUrl() {
String url = request.getRequestURL().toString();
return url.substring(0, url.indexOf('/', 8));
}
}

2
examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"resource" : "third-party",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"credentials" : {
"secret": "password"

8
examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java vendored
View file

@ -78,7 +78,7 @@ public class ProductDatabaseClient {
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
HttpClient client = oAuthClient.getClient();
HttpGet get = new HttpGet("http://localhost:8080/database/products");
HttpGet get = new HttpGet(getBaseUrl(request) + "/database/products");
get.addHeader("Authorization", "Bearer " + accessToken);
try {
HttpResponse response = client.execute(get);
@ -96,4 +96,10 @@ public class ProductDatabaseClient {
throw new RuntimeException(e);
}
}
public static String getBaseUrl(HttpServletRequest request) {
String url = request.getRequestURL().toString();
return url.substring(0, url.indexOf('/', 8));
}
}

2
examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json vendored
View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"resource" : "third-party",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"credentials" : {
"secret": "password"

8
examples/js-console/example-realm.json
View file

@ -46,13 +46,11 @@
"name": "js-console",
"enabled": true,
"publicClient": true,
"baseUrl": "http://localhost:8080/js-console",
"baseUrl": "/js-console",
"redirectUris": [
"http://localhost:8080/js-console/*"
"/js-console/*"
],
"webOrigins": [
"http://localhost:8080"
]
"webOrigins": []
}
],
"applicationScopeMappings": {

2
examples/js-console/src/main/webapp/keycloak.json
View file

@ -1,7 +1,7 @@
{
"realm" : "example",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "/auth",
"ssl-not-required" : true,
"resource" : "js-console",
"public-client" : true

21
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
View file

@ -40,8 +40,8 @@ public class ServletOAuthClient extends AbstractOAuthClient {
this.client = client;
}
public AccessTokenResponse resolveBearerToken(String redirectUri, String code) throws IOException, ServerRequest.HttpFailure {
return ServerRequest.invokeAccessCodeToToken(client, publicClient, code, codeUrl, redirectUri, clientId, credentials);
private AccessTokenResponse resolveBearerToken(HttpServletRequest request, String redirectUri, String code) throws IOException, ServerRequest.HttpFailure {
return ServerRequest.invokeAccessCodeToToken(client, publicClient, code, getUrl(request, codeUrl), redirectUri, clientId, credentials);
}
/**
@ -75,7 +75,7 @@ public class ServletOAuthClient extends AbstractOAuthClient {
public void redirect(String redirectUri, HttpServletRequest request, HttpServletResponse response) throws IOException {
String state = getStateCode();
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(authUrl)
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(getUrl(request, authUrl))
.queryParam(OAuth2Constants.CLIENT_ID, clientId)
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.queryParam(OAuth2Constants.STATE, state);
@ -143,11 +143,11 @@ public class ServletOAuthClient extends AbstractOAuthClient {
throw new IOException("state parameter invalid");
}
if (code == null) throw new IOException("code parameter was null");
return resolveBearerToken(redirectUri, code);
return resolveBearerToken(request, redirectUri, code);
}
public AccessTokenResponse refreshToken(String refreshToken) throws IOException, ServerRequest.HttpFailure {
return ServerRequest.invokeRefresh(client, publicClient, refreshToken, refreshUrl, clientId, credentials);
public AccessTokenResponse refreshToken(HttpServletRequest request, String refreshToken) throws IOException, ServerRequest.HttpFailure {
return ServerRequest.invokeRefresh(client, publicClient, refreshToken, getUrl(request, refreshUrl), clientId, credentials);
}
public static IDToken extractIdToken(String idToken) {
@ -160,5 +160,14 @@ public class ServletOAuthClient extends AbstractOAuthClient {
}
}
private String getUrl(HttpServletRequest request, String url) {
if (relativeUrls) {
String baseUrl = request.getRequestURL().toString();
baseUrl = baseUrl.substring(0, baseUrl.indexOf('/', 8));
return baseUrl + url;
} else {
return url;
}
}
}

2
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
View file

@ -50,6 +50,8 @@ public class ServletOAuthClientBuilder {
throw new RuntimeException("You must specify auth-url");
}
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrl());
oauthClient.setRelativeUrls(serverBuilder.clone().getHost() == null);
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
String tokenUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
String refreshUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();

10
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -222,10 +222,12 @@ public class AccountService {
requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.VIEW_PROFILE);
UserRepresentation rep = ModelToRepresentation.toRepresentation(auth.getUser());
Iterator<String> itr = rep.getAttributes().keySet().iterator();
while (itr.hasNext()) {
if (itr.next().startsWith("keycloak.")) {
itr.remove();
if (rep.getAttributes() != null) {
Iterator<String> itr = rep.getAttributes().keySet().iterator();
while (itr.hasNext()) {
if (itr.next().startsWith("keycloak.")) {
itr.remove();
}
}
}