Merge pull request #437 from mposolda/master

Improve PropertiesAuthenticationProvider to support retrieving user pass...
This commit is contained in:
Stian Thorgersen 2014-05-29 16:10:11 +01:00
commit 8573c13b8c
3 changed files with 58 additions and 18 deletions

View file

@ -1,20 +1,31 @@
Example Authentication Provider based on property file values
=============================================================
* To deploy copy "target/authentication-properties-example.jar" to "standalone/deployments/auth-server.war/WEB-INF/lib" . Then edit "standalone/configuration/keycloak-server.json" and add this:
````shell
"authentication": {
* To deploy copy "target/authentication-properties-example.jar" to "standalone/deployments/auth-server.war/WEB-INF/lib" .
* Then you can configure location of property file, from which will be users and their passwords retrieved. If you omit it and won't configure, provider will use default "users.properties" file bundled inside this example.
So for custom location, edit "standalone/configuration/keycloak-server.json" and add this:
````
"authentication": {
"properties": {
"propertiesFileLocation": "users.properties"
}
"propertiesFileLocation": "/tmp/your-own-property-file.properties"
}
}
````
Assumption is that your file has format like:
````
username1=password1
username2=password2
````
* Then start (or restart)the server. Once started open the admin console, select your realm, then click on "Authentication" and then "Add provider" and select "properties" from the list.
This will mean that realm will use PropertiesAuthenticationProvider for authentication.
* Once you try to login to realm, you can login with username/password like "joe/password1" or "james/password2" . Once joe is authenticated,
* Once you try to login to realm, you can login with username/password like "joe/password1" or "james/password2" (In case that you use default users.properties file) . Once joe is authenticated,
you can see in Keycloak admin console in "Users" list that user "joe" was added to the list.
* You can try to login as joe and then go to [http://localhost:8080/auth/realms/keycloak-admin/account/password](http://localhost:8080/auth/realms/keycloak-admin/account/password) and change the password.
You will then be able to logout and login with new password because properties were updated. But this is just in memory-properties, so after server restart the password will be again "password1" .
* You can try to login as joe and then go to [http://localhost:8080/auth/realms/demo/account/password](http://localhost:8080/auth/realms/demo/account/password) and change the password.
You will then be able to logout and login with new password because properties were updated.
WARNING: If you use default location, properties will be updated just in memory and won't survive server restart. So in this case, you will have again "joe" with password "password1" after restart.

View file

@ -62,7 +62,6 @@ public class PropertiesAuthenticationProvider implements AuthenticationProvider
@Override
public boolean updateCredential(RealmModel realm, Map<String, String> configuration, String username, String password) throws AuthenticationProviderException {
// Just update in memory (Won't survive restart)
log.info("Going to update password for user " + username + " in PropertiesAuthenticationProvider");
properties.put(username, password);
return true;

View file

@ -1,7 +1,10 @@
package org.keycloak.examples.providers.authentication;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Properties;
import org.jboss.logging.Logger;
@ -18,6 +21,7 @@ public class PropertiesAuthenticationProviderFactory implements AuthenticationPr
private static final Logger log = Logger.getLogger(PropertiesAuthenticationProviderFactory.class);
private Properties properties;
private String propsFileLocation;
@Override
public AuthenticationProvider create(ProviderSession providerSession) {
@ -26,17 +30,20 @@ public class PropertiesAuthenticationProviderFactory implements AuthenticationPr
@Override
public void init(Config.Scope config) {
String propsFileLocation = config.get("propertiesFileLocation");
this.propsFileLocation = config.get("propertiesFileLocation");
InputStream propertiesStream = null;
this.properties = new Properties();
try {
if (propsFileLocation == null) {
throw new IllegalStateException("Properties file location is not configured in PropertiesAuthenticationProviderFactory");
log.info("propertiesFileLocation not configured. Using default users.properties file from classpath.");
log.warn("Password updates won't be persisted!");
propertiesStream = getClass().getClassLoader().getResourceAsStream("users.properties");
} else {
log.info("Using properties file: " + propsFileLocation);
log.info("Using properties file from location: " + propsFileLocation);
propertiesStream = new FileInputStream(propsFileLocation);
}
this.properties = new Properties();
InputStream propertiesStream = null;
try {
propertiesStream = getClass().getClassLoader().getResourceAsStream(propsFileLocation);
this.properties.load(propertiesStream);
} catch (IOException ioException) {
throw new RuntimeException(ioException);
@ -53,6 +60,29 @@ public class PropertiesAuthenticationProviderFactory implements AuthenticationPr
@Override
public void close() {
// Update properties file now, just in case that we are using custom location from filesystem
if (propsFileLocation != null) {
storePasswords();
}
}
private void storePasswords() {
log.info("Going to store passwords back to file: " + propsFileLocation);
OutputStream propertiesStream = null;
try {
OutputStream stream = new FileOutputStream(propsFileLocation);
this.properties.store(stream, "User passwords");
} catch (IOException ioException) {
throw new RuntimeException(ioException);
} finally {
if (propertiesStream != null) {
try {
propertiesStream.close();
} catch (IOException e) {
log.error("Error when closing InputStream", e);
}
}
}
}
@Override