KEYCLOAK-579 Use relative urls in examples
This commit is contained in:
Stian Thorgersen
parent
a6b38397ea
commit
628c7dd92a
30 changed files with 125 additions and 68 deletions
|
|
@ -19,6 +19,7 @@ public class AbstractOAuthClient {
|
|||
protected String authUrl;
|
||||
protected String codeUrl;
|
||||
protected String refreshUrl;
|
||||
protected boolean relativeUrls;
|
||||
protected String scope;
|
||||
protected String stateCookieName = OAUTH_TOKEN_REQUEST_STATE;
|
||||
protected String stateCookiePath;
|
||||
|
|
@ -100,6 +101,14 @@ public class AbstractOAuthClient {
|
|||
this.publicClient = publicClient;
|
||||
}
|
||||
|
||||
public boolean isRelativeUrls() {
|
||||
return relativeUrls;
|
||||
}
|
||||
|
||||
public void setRelativeUrls(boolean relativeUrls) {
|
||||
this.relativeUrls = relativeUrls;
|
||||
}
|
||||
|
||||
protected String stripOauthParametersFromRedirect(String uri) {
|
||||
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
|
||||
.replaceQueryParam(OAuth2Constants.CODE, null)
|
||||
|
|
|
|||
|
|
@ -52,9 +52,7 @@
|
|||
"name": "cordova",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"redirectUris": [
|
||||
"http://localhost"
|
||||
]
|
||||
"redirectUris": []
|
||||
}
|
||||
],
|
||||
"applicationRoleMappings": {
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ angular.element(document).ready(function ($http) {
|
|||
console.log('here login');
|
||||
auth.loggedIn = true;
|
||||
auth.authz = keycloakAuth;
|
||||
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html";
|
||||
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=/angular-product/index.html";
|
||||
module.factory('Auth', function() {
|
||||
return auth;
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm" : "cors",
|
||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url" : "http://localhost-auth:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"resource" : "angular-product",
|
||||
"public-client" : true
|
||||
|
|
|
|||
|
|
@ -47,9 +47,9 @@
|
|||
"name": "angular-product",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"baseUrl": "http://localhost:8080/angular-product/index.html",
|
||||
"baseUrl": "/angular-product/index.html",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/angular-product/*"
|
||||
"/angular-product/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"http://localhost:8080"
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
|
|||
import org.keycloak.util.JsonSerialization;
|
||||
import org.keycloak.util.KeycloakUriBuilder;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
|
@ -43,14 +44,14 @@ public class AdminClient {
|
|||
}
|
||||
}
|
||||
|
||||
public static AccessTokenResponse getToken() throws IOException {
|
||||
public static AccessTokenResponse getToken(HttpServletRequest request) throws IOException {
|
||||
|
||||
HttpClient client = new HttpClientBuilder()
|
||||
.disableTrustManager().build();
|
||||
|
||||
|
||||
try {
|
||||
HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri("http://localhost:8080/auth")
|
||||
HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
|
||||
.path(ServiceUrlConstants.TOKEN_SERVICE_DIRECT_GRANT_PATH).build("demo"));
|
||||
List <NameValuePair> formparams = new ArrayList <NameValuePair>();
|
||||
formparams.add(new BasicNameValuePair("username", "admin"));
|
||||
|
|
@ -94,14 +95,14 @@ public class AdminClient {
|
|||
}
|
||||
}
|
||||
|
||||
public static void logout(AccessTokenResponse res) throws IOException {
|
||||
public static void logout(HttpServletRequest request, AccessTokenResponse res) throws IOException {
|
||||
|
||||
HttpClient client = new HttpClientBuilder()
|
||||
.disableTrustManager().build();
|
||||
|
||||
|
||||
try {
|
||||
HttpGet get = new HttpGet(KeycloakUriBuilder.fromUri("http://localhost:8080/auth")
|
||||
HttpGet get = new HttpGet(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
|
||||
.path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
|
||||
.queryParam("session_state", res.getSessionState())
|
||||
.build("demo"));
|
||||
|
|
@ -117,12 +118,12 @@ public class AdminClient {
|
|||
}
|
||||
}
|
||||
|
||||
public static List<RoleRepresentation> getRealmRoles(AccessTokenResponse res) throws Failure {
|
||||
public static List<RoleRepresentation> getRealmRoles(HttpServletRequest request, AccessTokenResponse res) throws Failure {
|
||||
|
||||
HttpClient client = new HttpClientBuilder()
|
||||
.disableTrustManager().build();
|
||||
try {
|
||||
HttpGet get = new HttpGet("http://localhost:8080/auth/admin/realms/demo/roles");
|
||||
HttpGet get = new HttpGet(getBaseUrl(request) + "/auth/admin/realms/demo/roles");
|
||||
get.addHeader("Authorization", "Bearer " + res.getToken());
|
||||
try {
|
||||
HttpResponse response = client.execute(get);
|
||||
|
|
@ -143,4 +144,10 @@ public class AdminClient {
|
|||
client.getConnectionManager().shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
public static String getBaseUrl(HttpServletRequest request) {
|
||||
String url = request.getRequestURL().toString();
|
||||
return url.substring(0, url.indexOf('/', 8));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@
|
|||
<%
|
||||
java.util.List<RoleRepresentation> list = null;
|
||||
try {
|
||||
AccessTokenResponse res = AdminClient.getToken();
|
||||
list = AdminClient.getRealmRoles(res);
|
||||
AdminClient.logout(res);
|
||||
AccessTokenResponse res = AdminClient.getToken(request);
|
||||
list = AdminClient.getRealmRoles(request, res);
|
||||
AdminClient.logout(request, res);
|
||||
} catch (AdminClient.Failure failure) {
|
||||
out.println("There was a failure processing request. You either didn't configure Keycloak properly");
|
||||
out.println("Status from database service invocation was: " + failure.getStatus());
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ angular.element(document).ready(function ($http) {
|
|||
keycloakAuth.init({ onLoad: 'login-required' }).success(function () {
|
||||
auth.loggedIn = true;
|
||||
auth.authz = keycloakAuth;
|
||||
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/demo/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html";
|
||||
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/demo/tokens/logout?redirect_uri=/angular-product/index.html";
|
||||
module.factory('Auth', function() {
|
||||
return auth;
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm" : "demo",
|
||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"resource" : "angular-product",
|
||||
"public-client" : true
|
||||
|
|
|
|||
|
|
@ -115,7 +115,10 @@ public class CustomerCli {
|
|||
}
|
||||
|
||||
public static void customers() throws Exception {
|
||||
String customersUrl = "http://localhost:8080/database/customers";
|
||||
String baseUrl = keycloak.getDeployment().getAuthServerBaseUrl();
|
||||
baseUrl = baseUrl.substring(0, baseUrl.indexOf('/', 8));
|
||||
|
||||
String customersUrl = baseUrl + "/database/customers";
|
||||
HttpGet get = new HttpGet(customersUrl);
|
||||
get.setHeader("Accept", "application/json");
|
||||
get.setHeader("Authorization", "Bearer " + keycloak.getTokenString(10, TimeUnit.SECONDS));
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
</head>
|
||||
<body bgcolor="#E3F6CE">
|
||||
|
||||
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="#" onclick="keycloak.logout()">logout</a> | <a href="#" onclick="keycloak.accountManagement()">manage acct</a></p>
|
||||
<p>Goto: <a href="/product-portal">products</a> | <a href="#" onclick="keycloak.logout()">logout</a> | <a href="#" onclick="keycloak.accountManagement()">manage acct</a></p>
|
||||
|
||||
User <b id="subject"></b> made this request.
|
||||
<p><b>User details (from <span id="profileType"></span>)</b></p>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm" : "demo",
|
||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"resource" : "customer-portal-js",
|
||||
"public-client" : true
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ public class AdminClient {
|
|||
HttpClient client = new HttpClientBuilder()
|
||||
.disableTrustManager().build();
|
||||
try {
|
||||
HttpGet get = new HttpGet("http://localhost:8080/auth/admin/realms/demo/roles");
|
||||
HttpGet get = new HttpGet(getBaseUrl(req) + "/auth/admin/realms/demo/roles");
|
||||
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
||||
try {
|
||||
HttpResponse response = client.execute(get);
|
||||
|
|
@ -64,4 +64,10 @@ public class AdminClient {
|
|||
client.getConnectionManager().shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
public static String getBaseUrl(HttpServletRequest request) {
|
||||
String url = request.getRequestURL().toString();
|
||||
return url.substring(0, url.indexOf('/', 8));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ public class CustomerDatabaseClient {
|
|||
HttpClient client = new HttpClientBuilder()
|
||||
.disableTrustManager().build();
|
||||
try {
|
||||
HttpGet get = new HttpGet("http://localhost:8080/database/customers");
|
||||
HttpGet get = new HttpGet(getBaseUrl(req) + "/database/customers");
|
||||
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
||||
try {
|
||||
HttpResponse response = client.execute(get);
|
||||
|
|
@ -69,4 +69,9 @@ public class CustomerDatabaseClient {
|
|||
client.getConnectionManager().shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
public static String getBaseUrl(HttpServletRequest request) {
|
||||
String url = request.getRequestURL().toString();
|
||||
return url.substring(0, url.indexOf('/', 8));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
"realm": "demo",
|
||||
"resource": "customer-portal",
|
||||
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url": "http://localhost:8080/auth",
|
||||
"auth-server-url": "/auth",
|
||||
"ssl-not-required": true,
|
||||
"expose-token": true,
|
||||
"credentials": {
|
||||
|
|
|
|||
|
|
@ -10,13 +10,13 @@
|
|||
</head>
|
||||
<body bgcolor="#E3F6CE">
|
||||
<%
|
||||
String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
|
||||
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build("demo").toString();
|
||||
String acctUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
|
||||
String logoutUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
|
||||
.queryParam("redirect_uri", "/customer-portal").build("demo").toString();
|
||||
String acctUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
|
||||
.queryParam("referrer", "customer-portal").build("demo").toString();
|
||||
IDToken idToken = CustomerDatabaseClient.getIDToken(request);
|
||||
%>
|
||||
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a
|
||||
<p>Goto: <a href="/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a
|
||||
href="<%=acctUri%>">manage acct</a></p>
|
||||
Servlet User Principal <b><%=request.getUserPrincipal().getName()%>
|
||||
</b> made this request.
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ public class ProductDatabaseClient
|
|||
HttpClient client = new HttpClientBuilder()
|
||||
.disableTrustManager().build();
|
||||
try {
|
||||
HttpGet get = new HttpGet("http://localhost:8080/database/products");
|
||||
HttpGet get = new HttpGet(getBaseUrl(req) + "/database/products");
|
||||
get.addHeader("Authorization", "Bearer " + session.getTokenString());
|
||||
try {
|
||||
HttpResponse response = client.execute(get);
|
||||
|
|
@ -61,4 +61,9 @@ public class ProductDatabaseClient
|
|||
}
|
||||
}
|
||||
|
||||
public static String getBaseUrl(HttpServletRequest request) {
|
||||
String url = request.getRequestURL().toString();
|
||||
return url.substring(0, url.indexOf('/', 8));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
"realm" : "demo",
|
||||
"resource" : "product-portal",
|
||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"credentials" : {
|
||||
"secret": "password"
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@
|
|||
</head>
|
||||
<body bgcolor="#F5F6CE">
|
||||
<%
|
||||
String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
|
||||
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build("demo").toString();
|
||||
String acctUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
|
||||
String logoutUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
|
||||
.queryParam("redirect_uri", "/customer-portal").build("demo").toString();
|
||||
String acctUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
|
||||
.queryParam("referrer", "product-portal").build("demo").toString();
|
||||
%>
|
||||
|
||||
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
|
||||
<p>Goto: <a href="/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
|
||||
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
|
||||
<h2>Product Listing</h2>
|
||||
<%
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
<subsystem xmlns="urn:jboss:domain:keycloak:1.0">
|
||||
<realm name="demo">
|
||||
<realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</realm-public-key>
|
||||
<auth-server-url>http://localhost:8080/auth</auth-server-url>
|
||||
<auth-server-url>/auth</auth-server-url>
|
||||
<ssl-not-required>true</ssl-not-required>
|
||||
</realm>
|
||||
<secure-deployment name="customer-portal.war">
|
||||
|
|
|
|||
|
|
@ -89,10 +89,10 @@
|
|||
{
|
||||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/customer-portal",
|
||||
"baseUrl": "http://localhost:8080/customer-portal",
|
||||
"adminUrl": "/customer-portal",
|
||||
"baseUrl": "/customer-portal",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/customer-portal/*"
|
||||
"/customer-portal/*"
|
||||
],
|
||||
"secret": "password"
|
||||
},
|
||||
|
|
@ -100,18 +100,18 @@
|
|||
"name": "customer-portal-js",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"baseUrl": "http://localhost:8080/customer-portal-js",
|
||||
"baseUrl": "/customer-portal-js",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/customer-portal-js/*"
|
||||
"/customer-portal-js/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "angular-product",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"baseUrl": "http://localhost:8080/angular-product/index.html",
|
||||
"baseUrl": "/angular-product/index.html",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/angular-product/*"
|
||||
"/angular-product/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -126,10 +126,10 @@
|
|||
{
|
||||
"name": "product-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/product-portal",
|
||||
"baseUrl": "http://localhost:8080/product-portal",
|
||||
"adminUrl": "/product-portal",
|
||||
"baseUrl": "/product-portal",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/product-portal/*"
|
||||
"/product-portal/*"
|
||||
],
|
||||
"secret": "password"
|
||||
}
|
||||
|
|
@ -139,8 +139,8 @@
|
|||
"name": "third-party",
|
||||
"enabled": true,
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/oauth-client/*",
|
||||
"http://localhost:8080/oauth-client-cdi/*"
|
||||
"/oauth-client/*",
|
||||
"/oauth-client-cdi/*"
|
||||
],
|
||||
"secret": "password"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -58,12 +58,12 @@ public class DatabaseClient {
|
|||
static class TypedList extends ArrayList<String> {}
|
||||
|
||||
public void sendCustomersRequest() {
|
||||
List<String> customers = sendRequestToDBApplication("http://localhost:8080/database/customers");
|
||||
List<String> customers = sendRequestToDBApplication(getBaseUrl() + "/database/customers");
|
||||
userData.setCustomers(customers);
|
||||
}
|
||||
|
||||
public void sendProductsRequest() {
|
||||
List<String> products = sendRequestToDBApplication("http://localhost:8080/database/products");
|
||||
List<String> products = sendRequestToDBApplication(getBaseUrl() + "/database/products");
|
||||
userData.setProducts(products);
|
||||
}
|
||||
|
||||
|
|
@ -100,4 +100,11 @@ public class DatabaseClient {
|
|||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public String getBaseUrl() {
|
||||
String url = request.getRequestURL().toString();
|
||||
return url.substring(0, url.indexOf('/', 8));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm" : "demo",
|
||||
"resource" : "third-party",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"credentials" : {
|
||||
"secret": "password"
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ public class ProductDatabaseClient {
|
|||
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
|
||||
HttpClient client = oAuthClient.getClient();
|
||||
|
||||
HttpGet get = new HttpGet("http://localhost:8080/database/products");
|
||||
HttpGet get = new HttpGet(getBaseUrl(request) + "/database/products");
|
||||
get.addHeader("Authorization", "Bearer " + accessToken);
|
||||
try {
|
||||
HttpResponse response = client.execute(get);
|
||||
|
|
@ -96,4 +96,10 @@ public class ProductDatabaseClient {
|
|||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String getBaseUrl(HttpServletRequest request) {
|
||||
String url = request.getRequestURL().toString();
|
||||
return url.substring(0, url.indexOf('/', 8));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm" : "demo",
|
||||
"resource" : "third-party",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"credentials" : {
|
||||
"secret": "password"
|
||||
|
|
|
|||
|
|
@ -46,13 +46,11 @@
|
|||
"name": "js-console",
|
||||
"enabled": true,
|
||||
"publicClient": true,
|
||||
"baseUrl": "http://localhost:8080/js-console",
|
||||
"baseUrl": "/js-console",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/js-console/*"
|
||||
"/js-console/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"http://localhost:8080"
|
||||
]
|
||||
"webOrigins": []
|
||||
}
|
||||
],
|
||||
"applicationScopeMappings": {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm" : "example",
|
||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"auth-server-url" : "/auth",
|
||||
"ssl-not-required" : true,
|
||||
"resource" : "js-console",
|
||||
"public-client" : true
|
||||
|
|
|
|||
|
|
@ -40,8 +40,8 @@ public class ServletOAuthClient extends AbstractOAuthClient {
|
|||
this.client = client;
|
||||
}
|
||||
|
||||
public AccessTokenResponse resolveBearerToken(String redirectUri, String code) throws IOException, ServerRequest.HttpFailure {
|
||||
return ServerRequest.invokeAccessCodeToToken(client, publicClient, code, codeUrl, redirectUri, clientId, credentials);
|
||||
private AccessTokenResponse resolveBearerToken(HttpServletRequest request, String redirectUri, String code) throws IOException, ServerRequest.HttpFailure {
|
||||
return ServerRequest.invokeAccessCodeToToken(client, publicClient, code, getUrl(request, codeUrl), redirectUri, clientId, credentials);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -75,7 +75,7 @@ public class ServletOAuthClient extends AbstractOAuthClient {
|
|||
public void redirect(String redirectUri, HttpServletRequest request, HttpServletResponse response) throws IOException {
|
||||
String state = getStateCode();
|
||||
|
||||
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(authUrl)
|
||||
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(getUrl(request, authUrl))
|
||||
.queryParam(OAuth2Constants.CLIENT_ID, clientId)
|
||||
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
||||
.queryParam(OAuth2Constants.STATE, state);
|
||||
|
|
@ -143,11 +143,11 @@ public class ServletOAuthClient extends AbstractOAuthClient {
|
|||
throw new IOException("state parameter invalid");
|
||||
}
|
||||
if (code == null) throw new IOException("code parameter was null");
|
||||
return resolveBearerToken(redirectUri, code);
|
||||
return resolveBearerToken(request, redirectUri, code);
|
||||
}
|
||||
|
||||
public AccessTokenResponse refreshToken(String refreshToken) throws IOException, ServerRequest.HttpFailure {
|
||||
return ServerRequest.invokeRefresh(client, publicClient, refreshToken, refreshUrl, clientId, credentials);
|
||||
public AccessTokenResponse refreshToken(HttpServletRequest request, String refreshToken) throws IOException, ServerRequest.HttpFailure {
|
||||
return ServerRequest.invokeRefresh(client, publicClient, refreshToken, getUrl(request, refreshUrl), clientId, credentials);
|
||||
}
|
||||
|
||||
public static IDToken extractIdToken(String idToken) {
|
||||
|
|
@ -160,5 +160,14 @@ public class ServletOAuthClient extends AbstractOAuthClient {
|
|||
}
|
||||
}
|
||||
|
||||
private String getUrl(HttpServletRequest request, String url) {
|
||||
if (relativeUrls) {
|
||||
String baseUrl = request.getRequestURL().toString();
|
||||
baseUrl = baseUrl.substring(0, baseUrl.indexOf('/', 8));
|
||||
return baseUrl + url;
|
||||
} else {
|
||||
return url;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@ public class ServletOAuthClientBuilder {
|
|||
throw new RuntimeException("You must specify auth-url");
|
||||
}
|
||||
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrl());
|
||||
oauthClient.setRelativeUrls(serverBuilder.clone().getHost() == null);
|
||||
|
||||
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
|
||||
String tokenUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
|
||||
String refreshUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
|
||||
|
|
|
|||
|
|
@ -222,12 +222,14 @@ public class AccountService {
|
|||
requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.VIEW_PROFILE);
|
||||
|
||||
UserRepresentation rep = ModelToRepresentation.toRepresentation(auth.getUser());
|
||||
if (rep.getAttributes() != null) {
|
||||
Iterator<String> itr = rep.getAttributes().keySet().iterator();
|
||||
while (itr.hasNext()) {
|
||||
if (itr.next().startsWith("keycloak.")) {
|
||||
itr.remove();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return Cors.add(request, Response.ok(rep)).auth().allowedOrigins(auth.getToken()).build();
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in a new issue