From 65dc7ddb4457e3cd6ba8d2488380c7d71ca6bca0 Mon Sep 17 00:00:00 2001 From: mposolda Date: Tue, 5 Apr 2016 10:39:03 +0200 Subject: [PATCH] KEYCLOAK-2623 Remove auth-server-url-for-backend-requests from adapters --- .../adapters/AdapterDeploymentContext.java | 6 +-- .../org/keycloak/adapters/AdapterUtils.java | 28 ++---------- .../keycloak/adapters/KeycloakDeployment.java | 45 +++---------------- .../KeycloakDeploymentBuilderTest.java | 2 +- .../src/test/resources/keycloak.json | 1 - .../ServletOAuthClientBuilderTest.java | 2 +- .../src/test/resources/keycloak.json | 1 - .../common/enums/RelativeUrlsUsed.java | 21 +-------- .../adapters/config/AdapterConfig.java | 12 +---- .../modules/MigrationFromOlderVersions.xml | 17 +++++++ .../en-US/modules/application-clustering.xml | 33 -------------- .../org/keycloak/example/AdminClient.java | 16 +++---- .../src/main/webapp/WEB-INF/web.xml | 5 --- .../example/CustomerDatabaseClient.java | 4 +- .../org/keycloak/example/AdminClient.java | 3 +- .../example/CustomerDatabaseClient.java | 4 +- .../example/oauth/ProductDatabaseClient.java | 4 +- .../example/oauth/DatabaseClient.java | 4 +- .../example/oauth/ProductDatabaseClient.java | 18 +------- 19 files changed, 49 insertions(+), 177 deletions(-) diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java index e4f4a63474..7ff049a5fa 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java @@ -169,11 +169,7 @@ public class AdapterDeploymentContext { public void setAuthServerBaseUrl(String authServerBaseUrl) { this.authServerBaseUrl = authServerBaseUrl; KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl); - resolveBrowserUrls(serverBuilder); - - if (delegate.getRelativeUrls() == RelativeUrlsUsed.ALL_REQUESTS) { - resolveNonBrowserUrls(serverBuilder); - } + resolveUrls(serverBuilder); } @Override diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java index aa3b5b4d51..ca35970761 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java @@ -39,34 +39,14 @@ public class AdapterUtils { } /** - * Best effort to find origin for REST request calls from web UI application to REST application. In case of relative or absolute - * "auth-server-url" is returned the URL from request. In case of "auth-server-url-for-backend-request" used in configuration, it returns - * the origin of auth server. - * - * This may be the optimization in cluster, so if you have keycloak and applications on same host, the REST request doesn't need to - * go through loadbalancer, but can be sent directly to same host. + * Find origin for REST request calls from web UI application to REST application (assuming the REST application + * is deployed on same host like current UI application) * * @param browserRequestURL - * @param session * @return */ - public static String getOriginForRestCalls(String browserRequestURL, KeycloakSecurityContext session) { - if (session instanceof RefreshableKeycloakSecurityContext) { - KeycloakDeployment deployment = ((RefreshableKeycloakSecurityContext)session).getDeployment(); - switch (deployment.getRelativeUrls()) { - case ALL_REQUESTS: - case NEVER: - // Resolve baseURI from the request - return UriUtils.getOrigin(browserRequestURL); - case BROWSER_ONLY: - // Resolve baseURI from the codeURL (This is already non-relative and based on our hostname) - return UriUtils.getOrigin(deployment.getTokenUrl()); - default: - return ""; - } - } else { - return UriUtils.getOrigin(browserRequestURL); - } + public static String getOriginForRestCalls(String browserRequestURL) { + return UriUtils.getOrigin(browserRequestURL); } public static Set getRolesFromSecurityContext(RefreshableKeycloakSecurityContext session) { diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java index ef3c5c674c..cca0adf4fe 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java @@ -111,39 +111,17 @@ public class KeycloakDeployment { public void setAuthServerBaseUrl(AdapterConfig config) { this.authServerBaseUrl = config.getAuthServerUrl(); - String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests(); - if (authServerBaseUrl == null && authServerURLForBackendReqs == null) return; + if (authServerBaseUrl == null) return; - URI authServerUri = null; - if (authServerBaseUrl != null) { - authServerUri = URI.create(authServerBaseUrl); - } + URI authServerUri = URI.create(authServerBaseUrl); - if (authServerUri == null || authServerUri.getHost() == null) { - if (authServerURLForBackendReqs != null) { - relativeUrls = RelativeUrlsUsed.BROWSER_ONLY; - - KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs); - if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) { - throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: " - + authServerURLForBackendReqs + ", Client: " + config.getResource()); - } - resolveNonBrowserUrls(serverBuilder); - } else { - relativeUrls = RelativeUrlsUsed.ALL_REQUESTS; - } + if (authServerUri.getHost() == null) { + relativeUrls = RelativeUrlsUsed.ALWAYS; } else { // We have absolute URI in config relativeUrls = RelativeUrlsUsed.NEVER; KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl); - resolveBrowserUrls(serverBuilder); - - if (authServerURLForBackendReqs == null) { - resolveNonBrowserUrls(serverBuilder); - } else { - serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs); - resolveNonBrowserUrls(serverBuilder); - } + resolveUrls(serverBuilder); } } @@ -152,23 +130,14 @@ public class KeycloakDeployment { /** * @param authUrlBuilder absolute URI */ - protected void resolveBrowserUrls(KeycloakUriBuilder authUrlBuilder) { + protected void resolveUrls(KeycloakUriBuilder authUrlBuilder) { if (log.isDebugEnabled()) { - log.debug("resolveBrowserUrls"); + log.debug("resolveUrls"); } String login = authUrlBuilder.clone().path(ServiceUrlConstants.AUTH_PATH).build(getRealm()).toString(); authUrl = KeycloakUriBuilder.fromUri(login); realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString(); - } - - /** - * @param authUrlBuilder absolute URI - */ - protected void resolveNonBrowserUrls(KeycloakUriBuilder authUrlBuilder) { - if (log.isDebugEnabled()) { - log.debug("resolveNonBrowserUrls"); - } tokenUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_PATH).build(getRealm()).toString(); logoutUrl = KeycloakUriBuilder.fromUri(authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(getRealm()).toString()); diff --git a/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java b/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java index 342f925683..93d1ea7896 100644 --- a/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java +++ b/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java @@ -54,7 +54,7 @@ public class KeycloakDeploymentBuilderTest { assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret")); assertEquals(ClientIdAndSecretCredentialsProvider.PROVIDER_ID, deployment.getClientAuthenticator().getId()); assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal()); - assertEquals("https://backend:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl()); + assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl()); assertEquals(RelativeUrlsUsed.NEVER, deployment.getRelativeUrls()); assertTrue(deployment.isAlwaysRefreshToken()); assertTrue(deployment.isRegisterNodeAtStartup()); diff --git a/adapters/oidc/adapter-core/src/test/resources/keycloak.json b/adapters/oidc/adapter-core/src/test/resources/keycloak.json index afa00f505a..5a41841efa 100644 --- a/adapters/oidc/adapter-core/src/test/resources/keycloak.json +++ b/adapters/oidc/adapter-core/src/test/resources/keycloak.json @@ -24,7 +24,6 @@ "client-keystore": "classpath:/keystore.jks", "client-keystore-password": "storepass", "client-key-password": "keypass", - "auth-server-url-for-backend-requests": "https://backend:8443/auth", "always-refresh-token": true, "register-node-at-startup": true, "register-node-period": 1000, diff --git a/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java b/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java index ee106fab16..50f1421463 100644 --- a/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java +++ b/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java @@ -33,7 +33,7 @@ public class ServletOAuthClientBuilderTest { public void testBuilder() { ServletOAuthClient oauthClient = ServletOAuthClientBuilder.build(getClass().getResourceAsStream("/keycloak.json")); Assert.assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/auth", oauthClient.getDeployment().getAuthUrl().clone().build().toString()); - Assert.assertEquals("https://backend:8443/auth/realms/demo/protocol/openid-connect/token", oauthClient.getDeployment().getTokenUrl()); + Assert.assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/token", oauthClient.getDeployment().getTokenUrl()); assertEquals(RelativeUrlsUsed.NEVER, oauthClient.getRelativeUrlsUsed()); Assert.assertEquals("customer-portal", oauthClient.getClientId()); Assert.assertEquals("234234-234234-234234", oauthClient.getCredentials().get(CredentialRepresentation.SECRET)); diff --git a/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json b/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json index d952196c03..090b3695c3 100644 --- a/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json +++ b/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json @@ -19,7 +19,6 @@ "connection-pool-size": 20, "disable-trust-manager": true, "allow-any-hostname": true, - "auth-server-url-for-backend-requests": "https://backend:8443/auth", "always-refresh-token": true, "register-node-at-startup": true, "register-node-period": 1000, diff --git a/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java b/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java index b07babe87f..61f1a0f9d1 100644 --- a/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java +++ b/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java @@ -25,29 +25,10 @@ public enum RelativeUrlsUsed { /** * Always use relative URI and resolve them later based on browser HTTP request */ - ALL_REQUESTS, - - /** - * Use relative Uris just for browser requests and resolve those based on browser HTTP requests. - * Backend request (like refresh token request, codeToToken request etc) will use the URI based on current hostname - */ - BROWSER_ONLY, + ALWAYS, /** * Relative Uri not used. Configuration contains absolute URI */ NEVER; - - public boolean useRelative(boolean isBrowserReq) { - switch (this) { - case ALL_REQUESTS: - return true; - case NEVER: - return false; - case BROWSER_ONLY: - return isBrowserReq; - default: - return true; - } - } } diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java index daf19ff2af..fc3607861d 100755 --- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java +++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java @@ -34,7 +34,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; "connection-pool-size", "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", "client-keystore", "client-keystore-password", "client-key-password", - "auth-server-url-for-backend-requests", "always-refresh-token", + "always-refresh-token", "register-node-at-startup", "register-node-period", "token-store", "principal-attribute" }) public class AdapterConfig extends BaseAdapterConfig { @@ -55,8 +55,6 @@ public class AdapterConfig extends BaseAdapterConfig { protected String clientKeyPassword; @JsonProperty("connection-pool-size") protected int connectionPoolSize = 20; - @JsonProperty("auth-server-url-for-backend-requests") - protected String authServerUrlForBackendRequests; @JsonProperty("always-refresh-token") protected boolean alwaysRefreshToken = false; @JsonProperty("register-node-at-startup") @@ -134,14 +132,6 @@ public class AdapterConfig extends BaseAdapterConfig { this.connectionPoolSize = connectionPoolSize; } - public String getAuthServerUrlForBackendRequests() { - return authServerUrlForBackendRequests; - } - - public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) { - this.authServerUrlForBackendRequests = authServerUrlForBackendRequests; - } - public boolean isAlwaysRefreshToken() { return alwaysRefreshToken; } diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml index afce17a83b..69c8c8d056 100755 --- a/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml +++ b/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml @@ -96,6 +96,23 @@
Version specific migration + +
+ Migrating to 1.9.2 + + Adapter option auth-server-url-for-backend-requests removed + + We've removed the option auth-server-url-for-backend-requests as there were issues in some scenarios when it was used. + In more details, it was possible to access the Keycloak server from 2 different contexts (internal and external), which was + causing issues in token validations etc. + + + If you still want to use the optimization of network, which this option provided (avoid the application to send backchannel requests + through loadbalancer but send them to local Keycloak server directly) you may need to handle it at hosts configuration (DNS) level. + + +
+
Migrating to 1.9.0 diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml b/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml index 8e2d6625f8..d38fdf59e2 100644 --- a/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml +++ b/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml @@ -102,39 +102,6 @@
-
- Relative URI optimization - - In many deployment scenarios will be Keycloak and secured applications deployed on same cluster hosts. For this case Keycloak - already provides option to use relative URI as value of option auth-server-url in WEB-INF/keycloak.json . - In this case, the URI of Keycloak server is resolved from the URI of current request. - - - For example if your loadbalancer is on https://loadbalancer.com/myapp and auth-server-url is /auth, - then relative URI of Keycloak is resolved to be https://loadbalancer.com/auth . - - - For cluster setup, it may be even better to use option auth-server-url-for-backend-request . This allows to configure - that backend requests between Keycloak and your application will be sent directly to same cluster host without additional - round-trip through loadbalancer. So for this, it's good to configure values in WEB-INF/keycloak.json like this: - - - - - - This would mean that browser requests (like redirecting to Keycloak login screen) will be still resolved relatively - to current request URI like https://loadbalancer.com/myapp, but backend (out-of-bound) requests between keycloak - and your app are sent always to same cluster host with application . - - - Note that additionally to network optimization, - you may not need "https" in this case as application and keycloak are communicating directly within same cluster host. - -
-
Admin URL configuration diff --git a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java index 022781a385..11c9b04abc 100755 --- a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java +++ b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java @@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants; import org.keycloak.constants.ServiceUrlConstants; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.idm.RoleRepresentation; -import org.keycloak.common.util.HostUtils; import org.keycloak.util.JsonSerialization; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.common.util.UriUtils; @@ -91,7 +90,7 @@ public class AdminClient { try { - HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth") + HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getRequestOrigin(request) + "/auth") .path(ServiceUrlConstants.TOKEN_PATH).build("demo")); List formparams = new ArrayList (); formparams.add(new BasicNameValuePair("username", "admin")); @@ -124,7 +123,7 @@ public class AdminClient { try { - HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth") + HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(UriUtils.getOrigin(request.getRequestURL().toString()) + "/auth") .path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH) .build("demo")); List formparams = new ArrayList(); @@ -152,7 +151,7 @@ public class AdminClient { HttpClient client = new DefaultHttpClient(); try { - HttpGet get = new HttpGet(getBaseUrl(request) + "/auth/admin/realms/demo/roles"); + HttpGet get = new HttpGet(UriUtils.getOrigin(request.getRequestURL().toString()) + "/auth/admin/realms/demo/roles"); get.addHeader("Authorization", "Bearer " + res.getToken()); try { HttpResponse response = client.execute(get); @@ -174,13 +173,8 @@ public class AdminClient { } } - public static String getBaseUrl(HttpServletRequest request) { - String useHostname = request.getServletContext().getInitParameter("useHostname"); - if (useHostname != null && "true".equalsIgnoreCase(useHostname)) { - return "http://" + HostUtils.getHostName() + ":8080"; - } else { - return UriUtils.getOrigin(request.getRequestURL().toString()); - } + public static String getRequestOrigin(HttpServletRequest request) { + return UriUtils.getOrigin(request.getRequestURL().toString()); } } diff --git a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml index b494dbaf50..fafc162ea7 100755 --- a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml +++ b/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml @@ -23,9 +23,4 @@ admin-access - - useHostname - false - - diff --git a/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java index cbc46c169c..e19b24da96 100755 --- a/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java +++ b/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java @@ -23,7 +23,7 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterUtils; +import org.keycloak.common.util.UriUtils; import org.keycloak.representations.IDToken; import org.keycloak.util.JsonSerialization; @@ -66,7 +66,7 @@ public class CustomerDatabaseClient { HttpClient client = new DefaultHttpClient(); try { - HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/customers"); + HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/database/customers"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java index 77193e90b9..681675194f 100755 --- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java +++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java @@ -24,6 +24,7 @@ import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.AdapterUtils; +import org.keycloak.common.util.UriUtils; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.util.JsonSerialization; @@ -59,7 +60,7 @@ public class AdminClient { HttpClient client = new DefaultHttpClient(); try { - HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/auth/admin/realms/demo/roles"); + HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/auth/admin/realms/demo/roles"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java index cbc46c169c..e19b24da96 100755 --- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java +++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java @@ -23,7 +23,7 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterUtils; +import org.keycloak.common.util.UriUtils; import org.keycloak.representations.IDToken; import org.keycloak.util.JsonSerialization; @@ -66,7 +66,7 @@ public class CustomerDatabaseClient { HttpClient client = new DefaultHttpClient(); try { - HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/customers"); + HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/database/customers"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java index c28e92ef6f..825e56836b 100755 --- a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java +++ b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java @@ -23,7 +23,7 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterUtils; +import org.keycloak.common.util.UriUtils; import org.keycloak.util.JsonSerialization; import javax.servlet.http.HttpServletRequest; @@ -57,7 +57,7 @@ public class ProductDatabaseClient HttpClient client = new DefaultHttpClient(); try { - HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/products"); + HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/database/products"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try { HttpResponse response = client.execute(get); diff --git a/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java b/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java index e37becf8a6..d4cb130817 100755 --- a/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java +++ b/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java @@ -24,7 +24,7 @@ import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.jboss.logging.Logger; import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterUtils; +import org.keycloak.common.util.UriUtils; import org.keycloak.servlet.ServletOAuthClient; import org.keycloak.util.JsonSerialization; @@ -123,7 +123,7 @@ public class DatabaseClient { public String getBaseUrl() { KeycloakSecurityContext session = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); - return AdapterUtils.getOriginForRestCalls(request.getRequestURL().toString(), session); + return UriUtils.getOrigin(request.getRequestURL().toString()); } } diff --git a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java index c380ce5ff3..11f9559f6e 100755 --- a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java +++ b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java @@ -23,7 +23,6 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterUtils; import org.keycloak.adapters.ServerRequest; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.servlet.ServletOAuthClient; @@ -100,7 +99,7 @@ public class ProductDatabaseClient { ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName()); HttpClient client = new DefaultHttpClient(); - HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(request.getRequestURL().toString(), session) + "/database/products"); + HttpGet get = new HttpGet(UriUtils.getOrigin(request.getRequestURL().toString()) + "/database/products"); get.addHeader("Authorization", "Bearer " + accessToken); try { HttpResponse response = client.execute(get); @@ -119,19 +118,4 @@ public class ProductDatabaseClient { } } - public static String getBaseUrl(ServletOAuthClient oAuthClient, HttpServletRequest request) { - switch (oAuthClient.getRelativeUrlsUsed()) { - case ALL_REQUESTS: - // Resolve baseURI from the request - return UriUtils.getOrigin(request.getRequestURL().toString()); - case BROWSER_ONLY: - // Resolve baseURI from the codeURL (This is already non-relative and based on our hostname) - return UriUtils.getOrigin(oAuthClient.getTokenUrl()); - case NEVER: - return ""; - default: - return ""; - } - } - }