diff --git a/adapters/oidc/pom.xml b/adapters/oidc/pom.xml index a2dfffe458..d4a044a56f 100755 --- a/adapters/oidc/pom.xml +++ b/adapters/oidc/pom.xml @@ -33,6 +33,5 @@ adapter-core js - undertow diff --git a/adapters/oidc/undertow/pom.xml b/adapters/oidc/undertow/pom.xml deleted file mode 100755 index 6d179ae84d..0000000000 --- a/adapters/oidc/undertow/pom.xml +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - keycloak-parent - org.keycloak - 999.0.0-SNAPSHOT - ../../../pom.xml - - 4.0.0 - - keycloak-undertow-adapter - Keycloak Undertow Integration - - - - - org.keycloak.adapters.undertow.* - - - io.undertow.*;version="[1.4,3)", - javax.servlet.*;version="[3.1,5)";resolution:=optional, - *;resolution:=optional - - - - - - org.jboss.logging - jboss-logging - provided - - - org.keycloak - keycloak-core - - - org.keycloak - keycloak-adapter-spi - - - org.keycloak - keycloak-undertow-adapter-spi - - - org.keycloak - keycloak-adapter-core - - - org.apache.httpcomponents - httpclient - - - org.bouncycastle - bcprov-jdk18on - - - com.fasterxml.jackson.core - jackson-core - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.core - jackson-annotations - - - org.jboss.spec.javax.servlet - jboss-servlet-api_3.0_spec - provided - - - - io.undertow - undertow-servlet - provided - - - io.undertow - undertow-core - provided - - - junit - junit - test - - - - - - - maven-jar-plugin - - - ${project.build.outputDirectory}/META-INF/MANIFEST.MF - - - - - org.apache.felix - maven-bundle-plugin - true - - - bundle-manifest - process-classes - - manifest - - - - - - . - ${project.name} - ${project.groupId}.${project.artifactId} - ${keycloak.osgi.import} - ${keycloak.osgi.export} - - - - - - - diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java deleted file mode 100755 index 2398c95c83..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.AuthenticationMechanism; -import io.undertow.security.api.NotificationReceiver; -import io.undertow.security.api.SecurityContext; -import io.undertow.security.api.SecurityNotification; -import io.undertow.server.HttpServerExchange; -import io.undertow.util.AttachmentKey; -import io.undertow.util.Headers; -import io.undertow.util.StatusCodes; -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.RequestAuthenticator; -import org.keycloak.adapters.spi.AuthChallenge; -import org.keycloak.adapters.spi.AuthOutcome; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.enums.TokenStore; - -/** - * Abstract base class for a Keycloak-enabled Undertow AuthenticationMechanism. - * - * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. - */ -public abstract class AbstractUndertowKeycloakAuthMech implements AuthenticationMechanism { - public static final AttachmentKey KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class); - protected AdapterDeploymentContext deploymentContext; - protected UndertowUserSessionManagement sessionManagement; - protected String errorPage; - - public AbstractUndertowKeycloakAuthMech(AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement sessionManagement, String errorPage) { - this.deploymentContext = deploymentContext; - this.sessionManagement = sessionManagement; - this.errorPage = errorPage; - } - - @Override - public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { - AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY); - if (challenge != null) { - UndertowHttpFacade facade = createFacade(exchange); - if (challenge.challenge(facade)) { - return new ChallengeResult(true, exchange.getResponseCode()); - } - } - return new ChallengeResult(false); - } - - public UndertowHttpFacade createFacade(HttpServerExchange exchange) { - return new OIDCUndertowHttpFacade(exchange); - } - - protected Integer servePage(final HttpServerExchange exchange, final String location) { - sendRedirect(exchange, location); - return StatusCodes.TEMPORARY_REDIRECT; - } - - static void sendRedirect(final HttpServerExchange exchange, final String location) { - // TODO - String concatenation to construct URLS is extremely error prone - switch to a URI which will better handle this. - String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + location; - exchange.getResponseHeaders().put(Headers.LOCATION, loc); - } - - - - protected void registerNotifications(final SecurityContext securityContext) { - - final NotificationReceiver logoutReceiver = new NotificationReceiver() { - @Override - public void handleNotification(SecurityNotification notification) { - if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; - - HttpServerExchange exchange = notification.getExchange(); - UndertowHttpFacade facade = createFacade(exchange); - KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); - KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); - if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { - ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); - } - AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); - tokenStore.logout(); - } - }; - - securityContext.registerNotificationReceiver(logoutReceiver); - } - - /** - * Call this inside your authenticate method. - */ - protected AuthenticationMechanismOutcome keycloakAuthenticate(HttpServerExchange exchange, SecurityContext securityContext, RequestAuthenticator authenticator) { - AuthOutcome outcome = authenticator.authenticate(); - if (outcome == AuthOutcome.AUTHENTICATED) { - registerNotifications(securityContext); - return AuthenticationMechanismOutcome.AUTHENTICATED; - } - AuthChallenge challenge = authenticator.getChallenge(); - if (challenge != null) { - exchange.putAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY, challenge); - } - - if (outcome == AuthOutcome.FAILED) { - return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; - } - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - - protected AdapterTokenStore getTokenStore(HttpServerExchange exchange, HttpFacade facade, KeycloakDeployment deployment, SecurityContext securityContext) { - if (deployment.getTokenStore() == TokenStore.SESSION) { - return new UndertowSessionTokenStore(exchange, deployment, sessionManagement, securityContext); - } else { - return new UndertowCookieTokenStore(facade, deployment, securityContext); - } - } - -} \ No newline at end of file diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java deleted file mode 100755 index 8e2da9388b..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import io.undertow.server.session.Session; -import io.undertow.util.Sessions; -import org.keycloak.KeycloakPrincipal; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OAuthRequestAuthenticator; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.RequestAuthenticator; -import org.keycloak.adapters.spi.HttpFacade; - -/** - * @author Bill Burke - * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. - * @version $Revision: 1 $ - */ -public abstract class AbstractUndertowRequestAuthenticator extends RequestAuthenticator { - protected SecurityContext securityContext; - protected HttpServerExchange exchange; - - - public AbstractUndertowRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort, - SecurityContext securityContext, HttpServerExchange exchange, - AdapterTokenStore tokenStore) { - super(facade, deployment, tokenStore, sslRedirectPort); - this.securityContext = securityContext; - this.exchange = exchange; - } - - protected void propagateKeycloakContext(KeycloakUndertowAccount account) { - exchange.putAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY, account.getKeycloakSecurityContext()); - } - - @Override - protected OAuthRequestAuthenticator createOAuthAuthenticator() { - return new OAuthRequestAuthenticator(this, facade, deployment, sslRedirectPort, tokenStore); - } - - @Override - protected void completeOAuthAuthentication(KeycloakPrincipal principal) { - KeycloakUndertowAccount account = createAccount(principal); - securityContext.authenticationComplete(account, "KEYCLOAK", false); - propagateKeycloakContext(account); - tokenStore.saveAccountInfo(account); - } - - @Override - protected void completeBearerAuthentication(KeycloakPrincipal principal, String method) { - KeycloakUndertowAccount account = createAccount(principal); - securityContext.authenticationComplete(account, method, false); - propagateKeycloakContext(account); - } - - @Override - protected String changeHttpSessionId(boolean create) { - if (create) { - Session session = Sessions.getOrCreateSession(exchange); - return session.getId(); - } else { - Session session = Sessions.getSession(exchange); - return session != null ? session.getId() : null; - } - } - - /** - * Subclasses need to be able to create their own version of the KeycloakUndertowAccount - * @return The account - */ - protected abstract KeycloakUndertowAccount createAccount(KeycloakPrincipal principal); - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java deleted file mode 100755 index 2a22d49ef3..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.AuthenticationMechanism; -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public interface KeycloakChallenge { - public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext); -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java deleted file mode 100755 index b73832192a..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.AuthenticationMechanism; -import io.undertow.security.api.AuthenticationMechanismFactory; -import io.undertow.security.idm.Account; -import io.undertow.security.idm.Credential; -import io.undertow.security.idm.IdentityManager; -import io.undertow.server.handlers.form.FormParserFactory; -import io.undertow.servlet.ServletExtension; -import io.undertow.servlet.api.AuthMethodConfig; -import io.undertow.servlet.api.DeploymentInfo; -import io.undertow.servlet.api.InstanceFactory; -import io.undertow.servlet.api.InstanceHandle; -import io.undertow.servlet.api.ListenerInfo; -import io.undertow.servlet.api.LoginConfig; -import io.undertow.servlet.api.ServletSessionConfig; -import io.undertow.servlet.util.ImmediateInstanceHandle; -import org.jboss.logging.Logger; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.KeycloakConfigResolver; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.KeycloakDeploymentBuilder; -import org.keycloak.adapters.NodesRegistrationManagement; -import org.keycloak.constants.AdapterConstants; - -import javax.servlet.ServletContext; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.InputStream; -import java.util.Map; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class KeycloakServletExtension implements ServletExtension { - - protected static Logger log = Logger.getLogger(KeycloakServletExtension.class); - private final AdapterDeploymentContext deploymentContext; - - public KeycloakServletExtension() { - this(null); - } - - public KeycloakServletExtension(AdapterDeploymentContext deploymentContext) { - this.deploymentContext = deploymentContext; - } - - // todo when this DeploymentInfo method of the same name is fixed. - public boolean isAuthenticationMechanismPresent(DeploymentInfo deploymentInfo, final String mechanismName) { - LoginConfig loginConfig = deploymentInfo.getLoginConfig(); - if (loginConfig != null) { - for (AuthMethodConfig method : loginConfig.getAuthMethods()) { - if (method.getName().equalsIgnoreCase(mechanismName)) { - return true; - } - } - } - return false; - } - - private static InputStream getJSONFromServletContext(ServletContext servletContext) { - String json = servletContext.getInitParameter(AdapterConstants.AUTH_DATA_PARAM_NAME); - if (json == null) { - return null; - } - return new ByteArrayInputStream(json.getBytes()); - } - - private static InputStream getConfigInputStream(ServletContext context) { - InputStream is = getJSONFromServletContext(context); - if (is == null) { - String path = context.getInitParameter("keycloak.config.file"); - if (path == null) { - log.debug("using /WEB-INF/keycloak.json"); - is = context.getResourceAsStream("/WEB-INF/keycloak.json"); - } else { - try { - is = new FileInputStream(path); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } - } - } - return is; - } - - - @Override - @SuppressWarnings("UseSpecificCatch") - public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) { - if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK") && deploymentContext == null) { - log.debug("auth-method is not keycloak!"); - return; - } - log.debug("KeycloakServletException initialization"); - - // Possible scenarios: - // 1) The deployment has a keycloak.config.resolver specified and it exists: - // Outcome: adapter uses the resolver - // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) : - // Outcome: adapter is left unconfigured - // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent) - // Outcome: adapter uses it - // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent) - // Outcome: adapter is left unconfigured - AdapterDeploymentContext deploymentContext = this.deploymentContext; - - if (deploymentContext == null) { - KeycloakConfigResolver configResolver; - String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver"); - if (configResolverClass != null) { - try { - configResolver = (KeycloakConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance(); - deploymentContext = new AdapterDeploymentContext(configResolver); - log.info("Using " + configResolverClass + " to resolve Keycloak configuration on a per-request basis."); - } catch (Exception ex) { - log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage()); - deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment()); - } - } else { - InputStream is = getConfigInputStream(servletContext); - final KeycloakDeployment deployment; - if (is == null) { - log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests."); - deployment = new KeycloakDeployment(); - } else { - deployment = KeycloakDeploymentBuilder.build(is); - } - deploymentContext = new AdapterDeploymentContext(deployment); - log.debug("Keycloak is using a per-deployment configuration."); - } - } else { - deploymentContext = this.deploymentContext; - } - - servletContext.setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext); - UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement(); - final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement(); - final ServletKeycloakAuthMech mech = createAuthenticationMechanism(deploymentInfo, deploymentContext, userSessionManagement, nodesRegistrationManagement); - - UndertowAuthenticatedActionsHandler.Wrapper actions = new UndertowAuthenticatedActionsHandler.Wrapper(deploymentContext); - - // setup handlers - - deploymentInfo.addOuterHandlerChainWrapper(new ServletPreAuthActionsHandler.Wrapper(deploymentContext, userSessionManagement)); - deploymentInfo.addAuthenticationMechanism("KEYCLOAK", new AuthenticationMechanismFactory() { - @Override - public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map stringStringMap) { - return mech; - } - }); // authentication - deploymentInfo.addInnerHandlerChainWrapper(actions); // handles authenticated actions and cors. - - deploymentInfo.setIdentityManager(new IdentityManager() { - @Override - public Account verify(Account account) { - return account; - } - - @Override - public Account verify(String id, Credential credential) { - throw new IllegalStateException("Should never be called in Keycloak flow"); - } - - @Override - public Account verify(Credential credential) { - throw new IllegalStateException("Should never be called in Keycloak flow"); - } - }); - - ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig(); - if (cookieConfig == null) { - cookieConfig = new ServletSessionConfig(); - } - if (cookieConfig.getPath() == null) { - log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath()); - cookieConfig.setPath(deploymentInfo.getContextPath()); - deploymentInfo.setServletSessionConfig(cookieConfig); - } - ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo); - deploymentInfo.addListener(new ListenerInfo(UndertowNodesRegistrationManagementWrapper.class, new InstanceFactory() { - - @Override - public InstanceHandle createInstance() throws InstantiationException { - UndertowNodesRegistrationManagementWrapper listener = new UndertowNodesRegistrationManagementWrapper(nodesRegistrationManagement); - return new ImmediateInstanceHandle(listener); - } - - })); - } - - protected ServletKeycloakAuthMech createAuthenticationMechanism(DeploymentInfo deploymentInfo, AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement, - NodesRegistrationManagement nodesRegistrationManagement) { - log.debug("creating ServletKeycloakAuthMech"); - String errorPage = getErrorPage(deploymentInfo); - return new ServletKeycloakAuthMech(deploymentContext, userSessionManagement, nodesRegistrationManagement, deploymentInfo.getConfidentialPortManager(), errorPage); - } - - protected String getErrorPage(DeploymentInfo deploymentInfo) { - LoginConfig loginConfig = deploymentInfo.getLoginConfig(); - String errorPage = null; - if (loginConfig != null) { - errorPage = loginConfig.getErrorPage(); - } - return errorPage; - } - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java deleted file mode 100755 index 3532312f68..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.idm.Account; -import org.jboss.logging.Logger; -import org.keycloak.KeycloakPrincipal; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.AdapterUtils; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OidcKeycloakAccount; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; - -import java.io.Serializable; -import java.security.Principal; -import java.util.Set; - -/** -* @author Bill Burke -* @version $Revision: 1 $ -*/ -public class KeycloakUndertowAccount implements Account, Serializable, OidcKeycloakAccount { - protected static Logger log = Logger.getLogger(KeycloakUndertowAccount.class); - protected KeycloakPrincipal principal; - protected Set accountRoles; - - public KeycloakUndertowAccount(KeycloakPrincipal principal) { - this.principal = principal; - setRoles(principal.getKeycloakSecurityContext()); - } - - protected void setRoles(RefreshableKeycloakSecurityContext session) { - Set roles = AdapterUtils.getRolesFromSecurityContext(session); - this.accountRoles = roles; - } - - @Override - public Principal getPrincipal() { - return principal; - } - - @Override - public Set getRoles() { - return accountRoles; - } - - @Override - public RefreshableKeycloakSecurityContext getKeycloakSecurityContext() { - return principal.getKeycloakSecurityContext(); - } - - public void setCurrentRequestInfo(KeycloakDeployment deployment, AdapterTokenStore tokenStore) { - principal.getKeycloakSecurityContext().setCurrentRequestInfo(deployment, tokenStore); - } - - // Check if accessToken is active and try to refresh if it's not - public boolean checkActive() { - // this object may have been serialized, so we need to reset realm config/metadata - RefreshableKeycloakSecurityContext session = getKeycloakSecurityContext(); - if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) { - log.debug("session is active"); - return true; - } - - log.debug("session is not active or refresh is enforced. Try refresh"); - boolean success = session.refreshExpiredToken(false); - if (!success || !session.isActive()) { - log.debug("session is not active return with failure"); - - return false; - } - log.debug("refresh succeeded"); - - setRoles(session); - return true; - } - - @Override - public boolean equals(Object other) { - if (this == other) - return true; - - if (!(other instanceof KeycloakUndertowAccount)) - return false; - - KeycloakUndertowAccount otherAccount = (KeycloakUndertowAccount) other; - - return (this.principal != null ? this.principal.equals(otherAccount.principal) : otherAccount.principal == null) && - (this.accountRoles != null ? this.accountRoles.equals(otherAccount.accountRoles) : otherAccount.accountRoles == null); - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + (this.principal == null ? 0 : this.principal.hashCode()); - result = prime * result + (this.accountRoles == null ? 0 : this.accountRoles.hashCode()); - return result; - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/OIDCServletUndertowHttpFacade.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/OIDCServletUndertowHttpFacade.java deleted file mode 100755 index 27ddae82b6..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/OIDCServletUndertowHttpFacade.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.server.HttpServerExchange; -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.OIDCHttpFacade; - -import static org.keycloak.adapters.undertow.OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class OIDCServletUndertowHttpFacade extends ServletHttpFacade implements OIDCHttpFacade { - - public OIDCServletUndertowHttpFacade(HttpServerExchange exchange) { - super(exchange); - } - - @Override - public KeycloakSecurityContext getSecurityContext() { - return exchange.getAttachment(KEYCLOAK_SECURITY_CONTEXT_KEY); - } - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/OIDCUndertowHttpFacade.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/OIDCUndertowHttpFacade.java deleted file mode 100755 index 78bd1c9192..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/OIDCUndertowHttpFacade.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.server.HttpServerExchange; -import io.undertow.util.AttachmentKey; -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.OIDCHttpFacade; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class OIDCUndertowHttpFacade extends UndertowHttpFacade implements OIDCHttpFacade { - public static final AttachmentKey KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class); - - public OIDCUndertowHttpFacade(HttpServerExchange exchange) { - super(exchange); - } - - @Override - public KeycloakSecurityContext getSecurityContext() { - return exchange.getAttachment(KEYCLOAK_SECURITY_CONTEXT_KEY); - } - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java deleted file mode 100755 index 6e076568e4..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import io.undertow.servlet.api.ConfidentialPortManager; -import io.undertow.servlet.handlers.ServletRequestContext; -import io.undertow.util.Headers; -import org.jboss.logging.Logger; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.NodesRegistrationManagement; -import org.keycloak.adapters.RequestAuthenticator; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.enums.TokenStore; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import java.io.IOException; - -/** - * @author Bill Burke - * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. - * @version $Revision: 1 $ - */ -public class ServletKeycloakAuthMech extends AbstractUndertowKeycloakAuthMech { - private static final Logger log = Logger.getLogger(ServletKeycloakAuthMech.class); - - protected NodesRegistrationManagement nodesRegistrationManagement; - protected ConfidentialPortManager portManager; - - public ServletKeycloakAuthMech(AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement, - NodesRegistrationManagement nodesRegistrationManagement, ConfidentialPortManager portManager, - String errorPage) { - super(deploymentContext, userSessionManagement, errorPage); - this.nodesRegistrationManagement = nodesRegistrationManagement; - this.portManager = portManager; - } - - @Override - protected Integer servePage(HttpServerExchange exchange, String location) { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - ServletRequest req = servletRequestContext.getServletRequest(); - ServletResponse resp = servletRequestContext.getServletResponse(); - RequestDispatcher disp = req.getRequestDispatcher(location); - //make sure the login page is never cached - exchange.getResponseHeaders().add(Headers.CACHE_CONTROL, "no-cache, no-store, must-revalidate"); - exchange.getResponseHeaders().add(Headers.PRAGMA, "no-cache"); - exchange.getResponseHeaders().add(Headers.EXPIRES, "0"); - - - try { - disp.forward(req, resp); - } catch (ServletException e) { - throw new RuntimeException(e); - } catch (IOException e) { - throw new RuntimeException(e); - } - return null; - } - - @Override - public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { - UndertowHttpFacade facade = createFacade(exchange); - KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); - if (!deployment.isConfigured()) { - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - - nodesRegistrationManagement.tryRegister(deployment); - - RequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade); - - return keycloakAuthenticate(exchange, securityContext, authenticator); - } - - protected RequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) { - - int confidentialPort = getConfidentilPort(exchange); - AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); - return new ServletRequestAuthenticator(facade, deployment, - confidentialPort, securityContext, exchange, tokenStore); - } - - protected int getConfidentilPort(HttpServerExchange exchange) { - int confidentialPort = 8443; - if (exchange.getRequestScheme().equalsIgnoreCase("HTTPS")) { - confidentialPort = exchange.getHostPort(); - } else if (portManager != null) { - confidentialPort = portManager.getConfidentialPort(exchange); - } - return confidentialPort; - } - - @Override - protected AdapterTokenStore getTokenStore(HttpServerExchange exchange, HttpFacade facade, KeycloakDeployment deployment, SecurityContext securityContext) { - if (deployment.getTokenStore() == TokenStore.SESSION) { - return new ServletSessionTokenStore(exchange, deployment, sessionManagement, securityContext); - } else { - return new UndertowCookieTokenStore(facade, deployment, securityContext); - } - } - - @Override - public UndertowHttpFacade createFacade(HttpServerExchange exchange) { - return new OIDCServletUndertowHttpFacade(exchange); - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java deleted file mode 100755 index 20a8dd8839..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.server.HandlerWrapper; -import io.undertow.server.HttpHandler; -import io.undertow.server.HttpServerExchange; -import io.undertow.servlet.handlers.ServletRequestContext; -import org.jboss.logging.Logger; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.PreAuthActionsHandler; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class ServletPreAuthActionsHandler implements HttpHandler { - - private static final Logger log = Logger.getLogger(ServletPreAuthActionsHandler.class); - protected HttpHandler next; - protected UndertowUserSessionManagement userSessionManagement; - protected AdapterDeploymentContext deploymentContext; - - public static class Wrapper implements HandlerWrapper { - protected AdapterDeploymentContext deploymentContext; - protected UndertowUserSessionManagement userSessionManagement; - - - public Wrapper(AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement) { - this.deploymentContext = deploymentContext; - this.userSessionManagement = userSessionManagement; - } - - @Override - public HttpHandler wrap(HttpHandler handler) { - return new ServletPreAuthActionsHandler(deploymentContext, userSessionManagement, handler); - } - } - - protected ServletPreAuthActionsHandler(AdapterDeploymentContext deploymentContext, - UndertowUserSessionManagement userSessionManagement, - HttpHandler next) { - this.next = next; - this.deploymentContext = deploymentContext; - this.userSessionManagement = userSessionManagement; - } - - @Override - public void handleRequest(HttpServerExchange exchange) throws Exception { - UndertowHttpFacade facade = new OIDCServletUndertowHttpFacade(exchange); - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - SessionManagementBridge bridge = new SessionManagementBridge(userSessionManagement, servletRequestContext.getDeployment().getSessionManager()); - PreAuthActionsHandler handler = new PreAuthActionsHandler(bridge, deploymentContext, facade); - if (handler.handleRequest()) return; - next.handleRequest(exchange); - } - - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java deleted file mode 100755 index 7f23b3bbd7..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import io.undertow.servlet.handlers.ServletRequestContext; -import org.keycloak.KeycloakPrincipal; -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OAuthRequestAuthenticator; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.spi.HttpFacade; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -/** - * @author Bill Burke - * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. - * @version $Revision: 1 $ - */ -public class ServletRequestAuthenticator extends AbstractUndertowRequestAuthenticator { - - - public ServletRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort, - SecurityContext securityContext, HttpServerExchange exchange, - AdapterTokenStore tokenStore) { - super(facade, deployment, sslRedirectPort, securityContext, exchange, tokenStore); - } - - @Override - protected OAuthRequestAuthenticator createOAuthAuthenticator() { - return new OAuthRequestAuthenticator(this, facade, deployment, sslRedirectPort, tokenStore); - } - - @Override - protected void propagateKeycloakContext(KeycloakUndertowAccount account) { - super.propagateKeycloakContext(account); - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); - req.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); - } - - @Override - protected KeycloakUndertowAccount createAccount(KeycloakPrincipal principal) { - return new KeycloakUndertowAccount(principal); - } - - @Override - protected String changeHttpSessionId(boolean create) { - if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create); - else return getHttpSessionId(create); - } - - protected String getHttpSessionId(boolean create) { - HttpSession session = getSession(create); - return session != null ? session.getId() : null; - } - - protected HttpSession getSession(boolean create) { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); - return req.getSession(create); - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletSessionTokenStore.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletSessionTokenStore.java deleted file mode 100755 index ef6081a21a..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletSessionTokenStore.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import io.undertow.servlet.handlers.ServletRequestContext; -import org.jboss.logging.Logger; -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OidcKeycloakAccount; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.RequestAuthenticator; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -/** - * Per-request object. Storage of tokens in servlet HTTP session. - * - * @author Marek Posolda - */ -public class ServletSessionTokenStore implements AdapterTokenStore { - - protected static Logger log = Logger.getLogger(ServletSessionTokenStore.class); - - private final HttpServerExchange exchange; - private final KeycloakDeployment deployment; - private final UndertowUserSessionManagement sessionManagement; - private final SecurityContext securityContext; - - public ServletSessionTokenStore(HttpServerExchange exchange, KeycloakDeployment deployment, UndertowUserSessionManagement sessionManagement, - SecurityContext securityContext) { - this.exchange = exchange; - this.deployment = deployment; - this.sessionManagement = sessionManagement; - this.securityContext = securityContext; - } - - @Override - public void checkCurrentToken() { - // no-op on undertow - } - - @Override - public boolean isCached(RequestAuthenticator authenticator) { - HttpSession session = getSession(false); - if (session == null) { - log.debug("session was null, returning null"); - return false; - } - KeycloakUndertowAccount account = null; - try { - account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); - } catch (IllegalStateException e) { - log.debug("session was invalidated. Return false."); - return false; - } - if (account == null) { - log.debug("Account was not in session, returning null"); - return false; - } - - if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { - log.debug("Account in session belongs to a different realm than for this request."); - return false; - } - - account.setCurrentRequestInfo(deployment, this); - if (account.checkActive()) { - log.debug("Cached account found"); - securityContext.authenticationComplete(account, "KEYCLOAK", false); - ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); - restoreRequest(); - return true; - } else { - log.debug("Refresh failed. Account was not active. Returning null and invalidating Http session"); - try { - session.removeAttribute(KeycloakUndertowAccount.class.getName()); - session.removeAttribute(KeycloakSecurityContext.class.getName()); - session.invalidate(); - } catch (Exception e) { - log.debug("Failed to invalidate session, might already be invalidated"); - } - return false; - } - } - - @Override - public void saveAccountInfo(OidcKeycloakAccount account) { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpSession session = getSession(true); - session.setAttribute(KeycloakUndertowAccount.class.getName(), account); - session.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); - sessionManagement.login(servletRequestContext.getDeployment().getSessionManager()); - } - - @Override - public void logout() { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); - req.removeAttribute(KeycloakUndertowAccount.class.getName()); - req.removeAttribute(KeycloakSecurityContext.class.getName()); - HttpSession session = req.getSession(false); - if (session == null) return; - try { - KeycloakUndertowAccount account = (KeycloakUndertowAccount) session.getAttribute(KeycloakUndertowAccount.class.getName()); - if (account == null) return; - session.removeAttribute(KeycloakSecurityContext.class.getName()); - session.removeAttribute(KeycloakUndertowAccount.class.getName()); - } catch (IllegalStateException ise) { - // Session may be already logged-out in case that app has adminUrl - log.debugf("Session %s logged-out already", session.getId()); - } - } - - @Override - public void refreshCallback(RefreshableKeycloakSecurityContext securityContext) { - // no-op - } - - @Override - public void saveRequest() { - SavedRequest.trySaveRequest(exchange); - - } - - @Override - public boolean restoreRequest() { - HttpSession session = getSession(false); - if (session == null) return false; - SavedRequest.tryRestoreRequest(exchange, session); - return false; - } - - protected HttpSession getSession(boolean create) { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); - return req.getSession(create); - } - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java deleted file mode 100755 index b7ed15400a..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.server.HandlerWrapper; -import io.undertow.server.HttpHandler; -import io.undertow.server.HttpServerExchange; -import org.jboss.logging.Logger; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.AuthenticatedActionsHandler; -import org.keycloak.adapters.KeycloakDeployment; - -/** - * Bridge for authenticated Keycloak adapter actions - * - * @author Bill Burke - * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. - * @version $Revision: 1 $ - */ -public class UndertowAuthenticatedActionsHandler implements HttpHandler { - private static final Logger log = Logger.getLogger(UndertowAuthenticatedActionsHandler.class); - protected AdapterDeploymentContext deploymentContext; - protected HttpHandler next; - - public static class Wrapper implements HandlerWrapper { - protected AdapterDeploymentContext deploymentContext; - - public Wrapper(AdapterDeploymentContext deploymentContext) { - this.deploymentContext = deploymentContext; - } - - @Override - public HttpHandler wrap(HttpHandler handler) { - return new UndertowAuthenticatedActionsHandler(deploymentContext, handler); - } - } - - - public UndertowAuthenticatedActionsHandler(AdapterDeploymentContext deploymentContext, HttpHandler next) { - this.deploymentContext = deploymentContext; - this.next = next; - } - - @Override - public void handleRequest(HttpServerExchange exchange) throws Exception { - OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(exchange); - KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); - if (deployment != null && deployment.isConfigured()) { - AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, facade); - if (handler.handledRequest()) return; - } - next.handleRequest(exchange); - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticationMechanism.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticationMechanism.java deleted file mode 100755 index 1bc5f370db..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticationMechanism.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.NodesRegistrationManagement; -import org.keycloak.adapters.RequestAuthenticator; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class UndertowAuthenticationMechanism extends AbstractUndertowKeycloakAuthMech { - protected NodesRegistrationManagement nodesRegistrationManagement; - protected int confidentialPort; - - public UndertowAuthenticationMechanism(AdapterDeploymentContext deploymentContext, UndertowUserSessionManagement sessionManagement, - NodesRegistrationManagement nodesRegistrationManagement, int confidentialPort, String errorPage) { - super(deploymentContext, sessionManagement, errorPage); - this.nodesRegistrationManagement = nodesRegistrationManagement; - this.confidentialPort = confidentialPort; - } - - @Override - public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { - UndertowHttpFacade facade = createFacade(exchange); - KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); - if (!deployment.isConfigured()) { - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - - nodesRegistrationManagement.tryRegister(deployment); - - AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); - RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore); - - return keycloakAuthenticate(exchange, securityContext, authenticator); - } - -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java deleted file mode 100755 index a5287d5e0a..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import org.jboss.logging.Logger; -import org.keycloak.KeycloakPrincipal; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.CookieTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OidcKeycloakAccount; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.RequestAuthenticator; -import org.keycloak.adapters.spi.HttpFacade; - -/** - * Per-request object. Storage of tokens in cookie - * - * @author Marek Posolda - */ -public class UndertowCookieTokenStore implements AdapterTokenStore { - - protected static Logger log = Logger.getLogger(UndertowCookieTokenStore.class); - - private final HttpFacade facade; - private final KeycloakDeployment deployment; - private final SecurityContext securityContext; - - public UndertowCookieTokenStore(HttpFacade facade, KeycloakDeployment deployment, - SecurityContext securityContext) { - this.facade = facade; - this.deployment = deployment; - this.securityContext = securityContext; - } - - @Override - public void checkCurrentToken() { - // no-op on undertow - } - - @Override - public boolean isCached(RequestAuthenticator authenticator) { - KeycloakPrincipal principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); - if (principal == null) { - log.debug("Account was not in cookie or was invalid, returning null"); - return false; - } - KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); - - if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { - log.debug("Account in session belongs to a different realm than for this request."); - return false; - } - - if (account.checkActive()) { - log.debug("Cached account found"); - securityContext.authenticationComplete(account, "KEYCLOAK", false); - ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); - return true; - } else { - log.debug("Account was not active, removing cookie and returning false"); - CookieTokenStore.removeCookie(deployment, facade); - return false; - } - } - - @Override - public void saveAccountInfo(OidcKeycloakAccount account) { - RefreshableKeycloakSecurityContext secContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); - CookieTokenStore.setTokenCookie(deployment, facade, secContext); - } - - @Override - public void logout() { - KeycloakPrincipal principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); - if (principal == null) return; - - CookieTokenStore.removeCookie(deployment, facade); - } - - @Override - public void refreshCallback(RefreshableKeycloakSecurityContext securityContext) { - CookieTokenStore.setTokenCookie(deployment, facade, securityContext); - } - - @Override - public void saveRequest() { - - } - - @Override - public boolean restoreRequest() { - return false; - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowNodesRegistrationManagementWrapper.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowNodesRegistrationManagementWrapper.java deleted file mode 100644 index 6978ea5493..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowNodesRegistrationManagementWrapper.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.undertow; - -import org.keycloak.adapters.NodesRegistrationManagement; - -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -/** - * @author Marek Posolda - */ -public class UndertowNodesRegistrationManagementWrapper implements ServletContextListener { - - private final NodesRegistrationManagement delegate; - - public UndertowNodesRegistrationManagementWrapper(NodesRegistrationManagement delegate) { - this.delegate = delegate; - } - - @Override - public void contextInitialized(ServletContextEvent sce) { - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { - delegate.stop(); - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowPreAuthActionsHandler.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowPreAuthActionsHandler.java deleted file mode 100755 index 9f44746926..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowPreAuthActionsHandler.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.undertow; - -import io.undertow.server.HttpHandler; -import io.undertow.server.HttpServerExchange; -import io.undertow.server.session.SessionManager; -import org.jboss.logging.Logger; -import org.keycloak.adapters.AdapterDeploymentContext; -import org.keycloak.adapters.PreAuthActionsHandler; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class UndertowPreAuthActionsHandler implements HttpHandler { - - private static final Logger log = Logger.getLogger(UndertowPreAuthActionsHandler.class); - protected HttpHandler next; - protected SessionManager sessionManager; - protected UndertowUserSessionManagement userSessionManagement; - protected AdapterDeploymentContext deploymentContext; - - public UndertowPreAuthActionsHandler(AdapterDeploymentContext deploymentContext, - UndertowUserSessionManagement userSessionManagement, - SessionManager sessionManager, - HttpHandler next) { - this.next = next; - this.deploymentContext = deploymentContext; - this.sessionManager = sessionManager; - this.userSessionManagement = userSessionManagement; - } - - @Override - public void handleRequest(HttpServerExchange exchange) throws Exception { - UndertowHttpFacade facade = createFacade(exchange); - SessionManagementBridge bridge = new SessionManagementBridge(userSessionManagement, sessionManager); - PreAuthActionsHandler handler = new PreAuthActionsHandler(bridge, deploymentContext, facade); - if (handler.handleRequest()) return; - next.handleRequest(exchange); - } - - public UndertowHttpFacade createFacade(HttpServerExchange exchange) { - return new OIDCUndertowHttpFacade(exchange); - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java deleted file mode 100755 index 26f3583783..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import org.keycloak.KeycloakPrincipal; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.spi.HttpFacade; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class UndertowRequestAuthenticator extends AbstractUndertowRequestAuthenticator { - public UndertowRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort, - SecurityContext securityContext, HttpServerExchange exchange, AdapterTokenStore tokenStore) { - super(facade, deployment, sslRedirectPort, securityContext, exchange, tokenStore); - } - - @Override - protected KeycloakUndertowAccount createAccount(KeycloakPrincipal principal) { - return new KeycloakUndertowAccount(principal); - } -} diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java deleted file mode 100755 index 80a71099ff..0000000000 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import io.undertow.server.session.Session; -import io.undertow.util.Sessions; -import org.jboss.logging.Logger; -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OidcKeycloakAccount; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.adapters.RequestAuthenticator; - -/** - * Per-request object. Storage of tokens in undertow session. - * - * @author Marek Posolda - */ -public class UndertowSessionTokenStore implements AdapterTokenStore { - - protected static Logger log = Logger.getLogger(UndertowSessionTokenStore.class); - - private final HttpServerExchange exchange; - private final KeycloakDeployment deployment; - private final UndertowUserSessionManagement sessionManagement; - private final SecurityContext securityContext; - - public UndertowSessionTokenStore(HttpServerExchange exchange, KeycloakDeployment deployment, UndertowUserSessionManagement sessionManagement, - SecurityContext securityContext) { - this.exchange = exchange; - this.deployment = deployment; - this.sessionManagement = sessionManagement; - this.securityContext = securityContext; - } - - @Override - public void checkCurrentToken() { - // no-op on undertow - } - - @Override - public boolean isCached(RequestAuthenticator authenticator) { - Session session = Sessions.getSession(exchange); - if (session == null) { - log.debug("session was null, returning null"); - return false; - } - KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); - if (account == null) { - log.debug("Account was not in session, returning null"); - return false; - } - - if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { - log.debug("Account in session belongs to a different realm than for this request."); - return false; - } - - account.setCurrentRequestInfo(deployment, this); - if (account.checkActive()) { - log.debug("Cached account found"); - securityContext.authenticationComplete(account, "KEYCLOAK", false); - ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); - return true; - } else { - log.debug("Account was not active, returning false"); - session.removeAttribute(KeycloakUndertowAccount.class.getName()); - session.removeAttribute(KeycloakSecurityContext.class.getName()); - session.invalidate(exchange); - return false; - } - } - - @Override - public void saveRequest() { - - } - - @Override - public boolean restoreRequest() { - return false; - } - - @Override - public void saveAccountInfo(OidcKeycloakAccount account) { - Session session = Sessions.getOrCreateSession(exchange); - session.setAttribute(KeycloakUndertowAccount.class.getName(), account); - session.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); - sessionManagement.login(session.getSessionManager()); - } - - @Override - public void logout() { - Session session = Sessions.getSession(exchange); - if (session == null) return; - KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); - if (account == null) return; - session.removeAttribute(KeycloakUndertowAccount.class.getName()); - session.removeAttribute(KeycloakSecurityContext.class.getName()); - } - - @Override - public void refreshCallback(RefreshableKeycloakSecurityContext securityContext) { - // no-op - } -} diff --git a/adapters/oidc/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension b/adapters/oidc/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension deleted file mode 100755 index 88f1892fa9..0000000000 --- a/adapters/oidc/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension +++ /dev/null @@ -1,18 +0,0 @@ -# -# Copyright 2016 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -org.keycloak.adapters.undertow.KeycloakServletExtension diff --git a/boms/adapter/pom.xml b/boms/adapter/pom.xml index 7e297ed125..f0aba284cc 100644 --- a/boms/adapter/pom.xml +++ b/boms/adapter/pom.xml @@ -64,11 +64,6 @@ keycloak-saml-adapter-api-public ${project.version} - - org.keycloak - keycloak-undertow-adapter - ${project.version} - org.keycloak keycloak-authz-client diff --git a/distribution/feature-packs/adapter-feature-pack/pom.xml b/distribution/feature-packs/adapter-feature-pack/pom.xml index 6ab61c8e21..6562edc7ed 100755 --- a/distribution/feature-packs/adapter-feature-pack/pom.xml +++ b/distribution/feature-packs/adapter-feature-pack/pom.xml @@ -112,16 +112,6 @@ - - org.keycloak - keycloak-undertow-adapter - - - * - * - - - diff --git a/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-undertow-adapter/main/module.xml b/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-undertow-adapter/main/module.xml deleted file mode 100755 index 6dcf78156b..0000000000 --- a/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-undertow-adapter/main/module.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/pom.xml b/pom.xml index 98ada6cdba..c932429405 100644 --- a/pom.xml +++ b/pom.xml @@ -1061,11 +1061,6 @@ keycloak-undertow-adapter-spi ${project.version} - - org.keycloak - keycloak-undertow-adapter - ${project.version} - org.keycloak keycloak-saml-wildfly-elytron-adapter diff --git a/testsuite/integration-arquillian/servers/adapter-spi/README.md b/testsuite/integration-arquillian/servers/adapter-spi/README.md index 608f9cebcb..513209eda5 100644 --- a/testsuite/integration-arquillian/servers/adapter-spi/README.md +++ b/testsuite/integration-arquillian/servers/adapter-spi/README.md @@ -5,7 +5,6 @@ This module is primarily used for custom adapters in the testsuite. ## Undertow Modules related to Undertow: * Keycloak Undertow Adapter SPI (`undertow-adapter-spi-jakarta`) -* Keycloak Undertow OIDC adapter (`undertow-adapter-jakarta`) * Keycloak Undertow SAML adapter (`undertow-adapter-saml-jakarta`) These modules are automatically generated from the Keycloak adapters module (`/adapters`) and converted to adapters supporting JakartaEE. diff --git a/testsuite/integration-arquillian/servers/adapter-spi/pom.xml b/testsuite/integration-arquillian/servers/adapter-spi/pom.xml index 7f641d8734..9d9cf35eec 100644 --- a/testsuite/integration-arquillian/servers/adapter-spi/pom.xml +++ b/testsuite/integration-arquillian/servers/adapter-spi/pom.xml @@ -15,7 +15,6 @@ undertow-adapter-spi-jakarta - undertow-adapter-jakarta undertow-adapter-saml-jakarta diff --git a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-jakarta/.gitignore b/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-jakarta/.gitignore deleted file mode 100644 index aa8e45f12b..0000000000 --- a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-jakarta/.gitignore +++ /dev/null @@ -1 +0,0 @@ -src/ \ No newline at end of file diff --git a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-jakarta/pom.xml b/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-jakarta/pom.xml deleted file mode 100644 index 7539a2caf5..0000000000 --- a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-jakarta/pom.xml +++ /dev/null @@ -1,151 +0,0 @@ - - - - integration-arquillian-servers-adapter-spi - org.keycloak.testsuite - 999.0.0-SNAPSHOT - ../pom.xml - - 4.0.0 - - keycloak-undertow-adapter-jakarta - Undertow OIDC Adapter (JakartaEE) - jar - - - - org.keycloak.adapters.undertow.* - - - io.undertow.*;version="[1.4,3)", - javax.servlet.*;version="[3.1,5)";resolution:=optional, - *;resolution:=optional - - - ${project.basedir}/../../../../../adapters/oidc/undertow - ${project.basedir} - - - - - org.keycloak.testsuite - keycloak-undertow-adapter-spi-jakarta - ${project.version} - - - org.jboss.logging - jboss-logging - provided - - - org.keycloak - keycloak-core - - - org.keycloak - keycloak-adapter-spi - - - org.keycloak - keycloak-adapter-core - - - org.apache.httpcomponents - httpclient - - - org.bouncycastle - bcprov-jdk18on - - - com.fasterxml.jackson.core - jackson-core - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.core - jackson-annotations - - - - jakarta.servlet - jakarta.servlet-api - - - - io.undertow - undertow-servlet - - - io.undertow - undertow-core - - - junit - junit - test - - - - - - - maven-antrun-plugin - - - transform - initialize - - run - - - - - - - - - - - - - - - - - - - - - - - - - - - org.eclipse.transformer - org.eclipse.transformer.cli - 0.2.0 - - - ant-contrib - ant-contrib - 1.0b3 - - - ant - ant - - - - - - - - - \ No newline at end of file diff --git a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml b/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml index 2745582341..20060e8fd7 100644 --- a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml +++ b/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml @@ -50,11 +50,6 @@ keycloak-undertow-adapter-spi-jakarta ${project.version} - - org.keycloak.testsuite - keycloak-undertow-adapter-jakarta - ${project.version} - org.jboss.logging jboss-logging diff --git a/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml b/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml index 99878ebfff..db333880a1 100644 --- a/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml @@ -28,11 +28,6 @@ App Server - Undertow - - org.keycloak.testsuite - keycloak-undertow-adapter-jakarta - ${project.version} - org.keycloak.testsuite keycloak-saml-undertow-adapter-jakarta diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml b/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml index 7aabe5ba57..85fbfdb300 100644 --- a/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml +++ b/testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml @@ -65,11 +65,6 @@ keycloak-dependencies-server-all pom - - org.keycloak.testsuite - keycloak-undertow-adapter-jakarta - ${project.version} - org.keycloak.testsuite integration-arquillian-testsuite-providers diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml index 9c271b2f81..217c90f02b 100755 --- a/testsuite/utils/pom.xml +++ b/testsuite/utils/pom.xml @@ -164,11 +164,6 @@ org.keycloak keycloak-kerberos-federation - - org.keycloak.testsuite - keycloak-undertow-adapter-jakarta - ${project.version} - io.undertow undertow-servlet