libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-8397 Remove deprecated Keycloak Proxy

Browse source
This commit is contained in:
stianst 2019-02-20 08:53:27 +01:00 committed by Bruno Oliveira da Silva
parent b5fbc04e5e
commit 8dfd07662c
29 changed files with 1 additions and 2890 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
distribution/downloads/src/main/resources/files
View file

@ -1,7 +1,6 @@
./ ./
keycloak-server-dist:keycloak keycloak-server-dist:keycloak
keycloak-server-overlay:keycloak-overlay keycloak-server-overlay:keycloak-overlay
keycloak-proxy-dist:keycloak-proxy
keycloak-api-docs-dist:keycloak-api-docs keycloak-api-docs-dist:keycloak-api-docs
keycloak-examples-dist:keycloak-examples keycloak-examples-dist:keycloak-examples

1
distribution/pom.xml
View file

@ -51,7 +51,6 @@
<modules> <modules>
<module>api-docs-dist</module> <module>api-docs-dist</module>
<module>examples-dist</module> <module>examples-dist</module>
<module>proxy-dist</module>
<module>downloads</module> <module>downloads</module>
</modules> </modules>
</profile> </profile>

58
distribution/proxy-dist/assembly.xml
View file

@ -1,58 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<assembly>
<id>proxy-dist</id>
<formats>
<format>zip</format>
</formats>
<includeBaseDirectory>true</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>../../</directory>
<includes>
<include>License.html</include>
</includes>
<outputDirectory></outputDirectory>
</fileSet>
</fileSets>
<dependencySets>
<dependencySet>
<unpack>false</unpack>
<useTransitiveDependencies>true</useTransitiveDependencies>
<useTransitiveFiltering>true</useTransitiveFiltering>
<includes>
<include>org.keycloak:launcher</include>
</includes>
<outputFileNameMapping>${artifact.artifactId}.${artifact.extension}</outputFileNameMapping>
<outputDirectory>bin</outputDirectory>
</dependencySet>
<dependencySet>
<unpack>false</unpack>
<useTransitiveDependencies>true</useTransitiveDependencies>
<useTransitiveFiltering>true</useTransitiveFiltering>
<includes>
<include>org.keycloak:keycloak-proxy-server</include>
</includes>
<outputDirectory>lib</outputDirectory>
</dependencySet>
</dependencySets>
</assembly>

83
distribution/proxy-dist/pom.xml
View file

@ -1,83 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-distribution-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<artifactId>keycloak-proxy-dist</artifactId>
<packaging>pom</packaging>
<name>Proxy Distro</name>
<description/>
<profiles>
<profile>
<id>community</id>
<activation>
<property>
<name>!product</name>
</property>
</activation>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>launcher</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-proxy-server</artifactId>
</dependency>
</dependencies>
<build>
<finalName>keycloak-proxy-${project.version}</finalName>
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
<outputDirectory>
target
</outputDirectory>
<workDirectory>
target/assembly/work
</workDirectory>
<appendAssemblyId>false</appendAssemblyId>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

14
pom.xml
View file

@ -1081,11 +1081,6 @@
<artifactId>launcher</artifactId> <artifactId>launcher</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-proxy-server</artifactId>
<version>${project.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core</artifactId> <artifactId>keycloak-saml-core</artifactId>
@ -1269,12 +1264,6 @@
<version>${project.version}</version> <version>${project.version}</version>
<type>zip</type> <type>zip</type>
</dependency> </dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-proxy-dist</artifactId>
<version>${project.version}</version>
<type>zip</type>
</dependency>
<dependency> <dependency>
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-examples-dist</artifactId> <artifactId>keycloak-examples-dist</artifactId>
@ -1666,9 +1655,6 @@
<product.version>${project.version}</product.version> <product.version>${project.version}</product.version>
<product.default-profile>community</product.default-profile> <product.default-profile>community</product.default-profile>
</properties> </properties>
<modules>
<module>proxy</module>
</modules>
</profile> </profile>
<profile> <profile>

52
proxy/launcher/pom.xml
View file

@ -1,52 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>launcher</artifactId>
<name>Keycloak Launcher</name>
<description/>
<dependencies>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifest>
<mainClass>org.keycloak.Launcher</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
</plugins>
</build>
</project>

83
proxy/launcher/src/main/java/org/keycloak/Launcher.java
View file

@ -1,83 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak;
import java.io.File;
import java.lang.reflect.Method;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class Launcher {
public static File getHome() {
String launcherPath = Launcher.class.getName().replace('.', '/') + ".class";
URL jarfile = Launcher.class.getClassLoader().getResource(launcherPath);
if (jarfile != null) {
Matcher m = Pattern.compile("jar:(file:.*)!/" + launcherPath).matcher(jarfile.toString());
if (m.matches()) {
try {
File jarPath = new File(new URI(m.group(1)));
File libPath = jarPath.getParentFile().getParentFile();
System.out.println("Home directory: " + libPath.toString());
if (!libPath.exists()) {
System.exit(1);
}
return libPath;
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
} else {
System.err.println("jar file null: " + launcherPath);
}
return null;
}
public static void main(String[] args) throws Exception {
File home = getHome();
File lib = new File(home, "lib");
if (!lib.exists()) {
System.err.println("Could not find lib directory: " + lib.toString());
System.exit(1);
}
List<URL> jars = new ArrayList<URL>();
for (File file : lib.listFiles()) {
jars.add(file.toURI().toURL());
}
URL[] urls = jars.toArray(new URL[jars.size()]);
URLClassLoader loader = new URLClassLoader(urls, Launcher.class.getClassLoader());
Class mainClass = loader.loadClass("org.keycloak.proxy.Main");
Method mainMethod = null;
for (Method m : mainClass.getMethods()) if (m.getName().equals("main")) { mainMethod = m; break; }
Object obj = args;
mainMethod.invoke(null, obj);
}
}

48
proxy/pom.xml
View file

@ -1,48 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak Proxy</name>
<description/>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-proxy-pom</artifactId>
<packaging>pom</packaging>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
<modules>
<module>launcher</module>
<module>proxy-server</module>
</modules>
</project>

81
proxy/proxy-server/pom.xml
View file

@ -1,81 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-proxy-server</artifactId>
<name>Keycloak Proxy Server</name>
<description/>
<dependencies>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>

124
proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintAuthorizationHandler.java
View file

@ -1,124 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HttpString;
import org.keycloak.adapters.undertow.KeycloakUndertowAccount;
import org.keycloak.representations.IDToken;
import java.util.HashMap;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ConstraintAuthorizationHandler implements HttpHandler {
public static final String KEYCLOAK_SUBJECT = "KEYCLOAK_SUBJECT";
public static final String KEYCLOAK_USERNAME = "KEYCLOAK_USERNAME";
public static final String KEYCLOAK_EMAIL = "KEYCLOAK_EMAIL";
public static final String KEYCLOAK_NAME = "KEYCLOAK_NAME";
public static final String KEYCLOAK_ACCESS_TOKEN = "KEYCLOAK_ACCESS_TOKEN";
private final Map<String, HttpString> httpHeaderNames;
protected HttpHandler next;
protected String errorPage;
protected boolean sendAccessToken;
public ConstraintAuthorizationHandler(HttpHandler next, String errorPage, boolean sendAccessToken, Map<String, String> headerNames) {
this.next = next;
this.errorPage = errorPage;
this.sendAccessToken = sendAccessToken;
this.httpHeaderNames = new HashMap<>();
this.httpHeaderNames.put(KEYCLOAK_SUBJECT, new HttpString(getOrDefault(headerNames, "keycloak-subject", KEYCLOAK_SUBJECT)));
this.httpHeaderNames.put(KEYCLOAK_USERNAME, new HttpString(getOrDefault(headerNames, "keycloak-username", KEYCLOAK_USERNAME)));
this.httpHeaderNames.put(KEYCLOAK_EMAIL, new HttpString(getOrDefault(headerNames, "keycloak-email", KEYCLOAK_EMAIL)));
this.httpHeaderNames.put(KEYCLOAK_NAME, new HttpString(getOrDefault(headerNames, "keycloak-name", KEYCLOAK_NAME)));
this.httpHeaderNames.put(KEYCLOAK_ACCESS_TOKEN, new HttpString(getOrDefault(headerNames, "keycloak-access-token", KEYCLOAK_ACCESS_TOKEN)));
}
private String getOrDefault(Map<String, String> map, String key, String defaultValue) {
return map.containsKey(key) ? map.get(key) : defaultValue;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
KeycloakUndertowAccount account = (KeycloakUndertowAccount)exchange.getSecurityContext().getAuthenticatedAccount();
SingleConstraintMatch match = exchange.getAttachment(ConstraintMatcherHandler.CONSTRAINT_KEY);
if (match == null || (match.getRequiredRoles().isEmpty() && match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.AUTHENTICATE)) {
authenticatedRequest(account, exchange);
return;
}
if (match != null) {
if(SecurityInfo.EmptyRoleSemantic.PERMIT_AND_INJECT_IF_AUTHENTICATED.equals(match.getEmptyRoleSemantic())) {
authenticatedRequest(account, exchange);
return;
} else {
for (String role : match.getRequiredRoles()) {
if (account.getRoles().contains(role)) {
authenticatedRequest(account, exchange);
return;
}
}
}
}
if (errorPage != null) {
exchange.setRequestPath(errorPage);
exchange.setRelativePath(errorPage);
exchange.setResolvedPath(errorPage);
next.handleRequest(exchange);
return;
}
exchange.setResponseCode(403);
exchange.endExchange();
}
public void authenticatedRequest(KeycloakUndertowAccount account, HttpServerExchange exchange) throws Exception {
if (account != null) {
IDToken idToken = account.getKeycloakSecurityContext().getToken();
if (idToken == null) return;
if (idToken.getSubject() != null) {
exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_SUBJECT), idToken.getSubject());
}
if (idToken.getPreferredUsername() != null) {
exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_USERNAME), idToken.getPreferredUsername());
}
if (idToken.getEmail() != null) {
exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_EMAIL), idToken.getEmail());
}
if (idToken.getName() != null) {
exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_NAME), idToken.getName());
}
if (sendAccessToken) {
exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_ACCESS_TOKEN), account.getKeycloakSecurityContext().getTokenString());
}
}
next.handleRequest(exchange);
}
}

106
proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintMatcherHandler.java
View file

@ -1,106 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.AttachmentKey;
import org.jboss.logging.Logger;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ConstraintMatcherHandler implements HttpHandler {
protected static Logger log = Logger.getLogger(ConstraintMatcherHandler.class);
public static final AttachmentKey<SingleConstraintMatch> CONSTRAINT_KEY = AttachmentKey.create(SingleConstraintMatch.class);
protected SecurityPathMatches matcher;
protected HttpHandler securedHandler;
protected HttpHandler unsecuredHandler;
protected String errorPage;
public ConstraintMatcherHandler(SecurityPathMatches matcher, HttpHandler securedHandler, HttpHandler unsecuredHandler, String errorPage) {
this.matcher = matcher;
this.securedHandler = securedHandler;
this.unsecuredHandler = unsecuredHandler;
this.errorPage = errorPage;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
log.debugv("ConstraintMatcherHandler: {0}", exchange.getRelativePath());
SingleConstraintMatch match = matcher.getSecurityInfo(exchange.getRelativePath(), exchange.getRequestMethod().toString());
if (match == null || (match.getRequiredRoles().isEmpty() && match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.PERMIT)) {
unsecuredHandler.handleRequest(exchange);
return;
}
if (match.getRequiredRoles().isEmpty() && match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.DENY) {
if (errorPage != null) {
exchange.setRequestPath(errorPage);
exchange.setRelativePath(errorPage);
exchange.setResolvedPath(errorPage);
unsecuredHandler.handleRequest(exchange);
} else {
exchange.setResponseCode(403);
exchange.endExchange();
}
return;
}
if (match.getRequiredRoles().isEmpty()
&& match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.PERMIT_AND_INJECT_IF_AUTHENTICATED) {
boolean successfulAuthenticatedMethodFound = isSuccessfulAuthenticatedMethodFound(exchange);
if(successfulAuthenticatedMethodFound) {
//in case of authenticated we go for injecting headers
exchange.putAttachment(CONSTRAINT_KEY, match);
securedHandler.handleRequest(exchange);
return;
} else {
//in case of not authenticated we just show the resource
unsecuredHandler.handleRequest(exchange);
return;
}
}
log.debug("found constraint");
exchange.getSecurityContext().setAuthenticationRequired();
exchange.putAttachment(CONSTRAINT_KEY, match);
securedHandler.handleRequest(exchange);
}
private boolean isSuccessfulAuthenticatedMethodFound(HttpServerExchange exchange) {
boolean successfulAuthenticatedMethodFound = false;
List<AuthenticationMechanism> authenticationMechanisms = exchange.getSecurityContext().getAuthenticationMechanisms();
for (AuthenticationMechanism authenticationMechanism : authenticationMechanisms) {
AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome =
authenticationMechanism.authenticate(exchange, exchange.getSecurityContext());
if(authenticationMechanismOutcome.equals(AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED)) {
successfulAuthenticatedMethodFound = true;
}
}
return successfulAuthenticatedMethodFound;
}
}

45
proxy/proxy-server/src/main/java/org/keycloak/proxy/Main.java
View file

@ -1,45 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import io.undertow.Undertow;
import java.io.File;
import java.io.FileInputStream;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class Main {
public static void main(String[] args) throws Exception {
String jsonConfig = "proxy.json";
if (args.length > 0) jsonConfig = args[0];
File file = new File(jsonConfig);
if (!file.exists()) {
System.err.println("No proxy config argument and could not find default file proxy.json");
System.exit(1);
return;
}
FileInputStream fis = new FileInputStream(file);
Undertow proxyServer = ProxyServerBuilder.build(fis);
proxyServer.start();
}
}

52
proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyAuthenticationCallHandler.java
View file

@ -1,52 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProxyAuthenticationCallHandler implements HttpHandler {
private final HttpHandler next;
public ProxyAuthenticationCallHandler(final HttpHandler next) {
this.next = next;
}
/**
* Only allow the request through if successfully authenticated or if authentication is not required.
*
* @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
*/
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
SecurityContext context = exchange.getSecurityContext();
if (context.authenticate()) {
if(!exchange.isComplete()) {
next.handleRequest(exchange);
}
} else {
exchange.endExchange();
}
}
}

332
proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
View file

@ -1,332 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.keycloak.representations.adapters.config.AdapterConfig;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProxyConfig {
@JsonProperty("bind-address")
protected String bindAddress = "localhost";
@JsonProperty("http-port")
protected Integer httpPort;
@JsonProperty("https-port")
protected Integer httpsPort;
@JsonProperty("keystore")
protected String keystore;
@JsonProperty("keystore-password")
protected String keystorePassword;
@JsonProperty("key-password")
protected String keyPassword;
@JsonProperty("buffer-size")
protected Integer bufferSize;
@JsonProperty("buffers-per-region")
protected Integer buffersPerRegion;
@JsonProperty("io-threads")
protected Integer ioThreads;
@JsonProperty("worker-threads")
protected Integer workerThreads;
@JsonProperty("direct-buffers")
protected Boolean directBuffers;
@JsonProperty("target-url")
protected String targetUrl;
/** Defaults to 30 seconds */
@JsonProperty("target-request-timeout")
protected Integer targetRequestTimeout = 30000;
@JsonProperty("send-access-token")
protected boolean sendAccessToken;
@JsonProperty("applications")
protected List<Application> applications = new LinkedList<Application>();
@JsonProperty("header-names")
private Map<String,String> headerNames = new HashMap<>();
public String getBindAddress() {
return bindAddress;
}
public void setBindAddress(String bindAddress) {
this.bindAddress = bindAddress;
}
public Integer getHttpPort() {
return httpPort;
}
public void setHttpPort(Integer httpPort) {
this.httpPort = httpPort;
}
public Integer getHttpsPort() {
return httpsPort;
}
public void setHttpsPort(Integer httpsPort) {
this.httpsPort = httpsPort;
}
public String getKeystore() {
return keystore;
}
public void setKeystore(String keystore) {
this.keystore = keystore;
}
public String getKeystorePassword() {
return keystorePassword;
}
public void setKeystorePassword(String keystorePassword) {
this.keystorePassword = keystorePassword;
}
public String getKeyPassword() {
return keyPassword;
}
public void setKeyPassword(String keyPassword) {
this.keyPassword = keyPassword;
}
public Integer getBufferSize() {
return bufferSize;
}
public void setBufferSize(Integer bufferSize) {
this.bufferSize = bufferSize;
}
public Integer getBuffersPerRegion() {
return buffersPerRegion;
}
public void setBuffersPerRegion(Integer buffersPerRegion) {
this.buffersPerRegion = buffersPerRegion;
}
public Integer getIoThreads() {
return ioThreads;
}
public void setIoThreads(Integer ioThreads) {
this.ioThreads = ioThreads;
}
public Integer getWorkerThreads() {
return workerThreads;
}
public void setWorkerThreads(Integer workerThreads) {
this.workerThreads = workerThreads;
}
public Boolean getDirectBuffers() {
return directBuffers;
}
public void setDirectBuffers(Boolean directBuffers) {
this.directBuffers = directBuffers;
}
public String getTargetUrl() {
return targetUrl;
}
public void setTargetUrl(String targetUrl) {
this.targetUrl = targetUrl;
}
public Integer getTargetRequestTimeout() {
return targetRequestTimeout;
}
public void setTargetRequestTimeout(Integer targetRequestTimeout) {
this.targetRequestTimeout = targetRequestTimeout;
}
public List<Application> getApplications() {
return applications;
}
public void setApplications(List<Application> applications) {
this.applications = applications;
}
public boolean isSendAccessToken() {
return sendAccessToken;
}
public void setSendAccessToken(boolean sendAccessToken) {
this.sendAccessToken = sendAccessToken;
}
public void setHeaderNames(Map<String, String> headerNames) {
this.headerNames = headerNames;
}
public Map<String, String> getHeaderNames() {
return headerNames;
}
public static class Application {
@JsonProperty("base-path")
protected String basePath;
@JsonProperty("adapter-config")
protected AdapterConfig adapterConfig;
@JsonProperty("error-page")
protected String errorPage;
@JsonProperty("proxy-address-forwarding")
protected boolean proxyAddressForwarding;
@JsonProperty("constraints")
protected List<Constraint> constraints = new LinkedList<Constraint>();
public String getBasePath() {
return basePath;
}
public void setBasePath(String basePath) {
this.basePath = basePath;
}
public AdapterConfig getAdapterConfig() {
return adapterConfig;
}
public void setAdapterConfig(AdapterConfig adapterConfig) {
this.adapterConfig = adapterConfig;
}
public String getErrorPage() {
return errorPage;
}
public void setErrorPage(String errorPage) {
this.errorPage = errorPage;
}
public boolean isProxyAddressForwarding() {
return proxyAddressForwarding;
}
public void setProxyAddressForwarding(boolean proxyAddressForwarding) {
this.proxyAddressForwarding = proxyAddressForwarding;
}
public List<Constraint> getConstraints() {
return constraints;
}
public void setConstraints(List<Constraint> constraints) {
this.constraints = constraints;
}
}
public static class Constraint {
@JsonProperty("pattern")
protected String pattern;
@JsonProperty("roles-allowed")
protected Set<String> rolesAllowed = new HashSet<String>();
@JsonProperty("methods")
protected Set<String> methods = new HashSet<String>();
@JsonProperty("excluded-methods")
protected Set<String> excludedMethods = new HashSet<String>();
@JsonProperty("deny")
protected boolean deny;
@JsonProperty("permit")
protected boolean permit;
@JsonProperty("authenticate")
protected boolean authenticate;
@JsonProperty("permit-and-inject")
protected boolean permitAndInject;
public String getPattern() {
return pattern;
}
public void setPattern(String pattern) {
this.pattern = pattern;
}
public Set<String> getRolesAllowed() {
return rolesAllowed;
}
public void setRolesAllowed(Set<String> rolesAllowed) {
this.rolesAllowed = rolesAllowed;
}
public boolean isDeny() {
return deny;
}
public void setDeny(boolean deny) {
this.deny = deny;
}
public boolean isPermit() {
return permit;
}
public void setPermit(boolean permit) {
this.permit = permit;
}
public boolean isAuthenticate() {
return authenticate;
}
public void setAuthenticate(boolean authenticate) {
this.authenticate = authenticate;
}
public boolean isPermitAndInject() {
return permitAndInject;
}
public void setPermitAndInject(boolean permitAndInject) {
this.permitAndInject = permitAndInject;
}
public Set<String> getMethods() {
return methods;
}
public void setMethods(Set<String> methods) {
this.methods = methods;
}
public Set<String> getExcludedMethods() {
return excludedMethods;
}
public void setExcludedMethods(Set<String> excludedMethods) {
this.excludedMethods = excludedMethods;
}
}
}

493
proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
View file

@ -1,493 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.undertow.Undertow;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.handlers.AuthenticationMechanismsHandler;
import io.undertow.security.handlers.SecurityInitialHandler;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.impl.CachedAuthenticatedSessionMechanism;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.PathHandler;
import io.undertow.server.handlers.ProxyPeerAddressHandler;
import io.undertow.server.handlers.ResponseCodeHandler;
import io.undertow.server.handlers.proxy.ProxyHandler;
import io.undertow.server.handlers.proxy.SimpleProxyClientProvider;
import io.undertow.server.session.InMemorySessionManager;
import io.undertow.server.session.SessionAttachmentHandler;
import io.undertow.server.session.SessionCookieConfig;
import io.undertow.server.session.SessionManager;
import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.NodesRegistrationManagement;
import org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler;
import org.keycloak.adapters.undertow.UndertowAuthenticationMechanism;
import org.keycloak.adapters.undertow.UndertowPreAuthActionsHandler;
import org.keycloak.adapters.undertow.UndertowUserSessionManagement;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.FindFile;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.SystemPropertiesJsonParserFactory;
import org.xnio.Option;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProxyServerBuilder {
protected static Logger log = Logger.getLogger(ProxyServerBuilder.class);
public static final HttpHandler NOT_FOUND = new HttpHandler() {
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
exchange.setResponseCode(404);
exchange.endExchange();
}
};
protected Undertow.Builder builder = Undertow.builder();
protected PathHandler root = new PathHandler(NOT_FOUND);
protected HttpHandler proxyHandler;
protected boolean sendAccessToken;
protected Map<String, String> headerNameConfig;
public ProxyServerBuilder target(ProxyConfig config) {
SimpleProxyClientProvider provider = null;
try {
provider = new SimpleProxyClientProvider(new URI(config.getTargetUrl()));
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
final HttpHandler handler = new ProxyHandler(provider, config.getTargetRequestTimeout(), ResponseCodeHandler.HANDLE_404);
proxyHandler = new HttpHandler() {
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
exchange.setRelativePath(exchange.getRequestPath()); // need this otherwise proxy forwards to chopped off path
handler.handleRequest(exchange);
}
};
return this;
}
public ProxyServerBuilder sendAccessToken(boolean flag) {
this.sendAccessToken = flag;
return this;
}
public ProxyServerBuilder headerNameConfig(Map<String, String> headerNameConfig) {
this.headerNameConfig = headerNameConfig;
return this;
}
public ApplicationBuilder application(AdapterConfig config) {
return new ApplicationBuilder(config);
}
public class ApplicationBuilder {
protected NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement();
protected UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
protected AdapterDeploymentContext deploymentContext;
protected KeycloakDeployment deployment;
SessionManager sessionManager = new InMemorySessionManager(
"SESSION_MANAGER");
protected String base;
protected SecurityPathMatches.Builder constraintBuilder = new SecurityPathMatches.Builder();
protected SecurityPathMatches matches;
protected String errorPage;
protected boolean proxyAddressForwarding;
public ApplicationBuilder base(String base) {
this.base = base;
return this;
}
public ApplicationBuilder errorPage(String errorPage) {
if (errorPage != null && errorPage.startsWith("/")) {
errorPage = errorPage.substring(1);
}
this.errorPage = errorPage;
return this;
}
public ApplicationBuilder proxyAddressForwarding(boolean proxyAddressForwarding) {
this.proxyAddressForwarding = proxyAddressForwarding;
return this;
}
public ApplicationBuilder(AdapterConfig config) {
this.deployment = KeycloakDeploymentBuilder.build(config);
this.deploymentContext = new AdapterDeploymentContext(deployment);
}
public ProxyServerBuilder add() {
matches = constraintBuilder.build();
HttpHandler handler = sessionHandling(addSecurity(proxyHandler));
root.addPrefixPath(base, handler);
return ProxyServerBuilder.this;
}
public ConstraintBuilder constraint(String pattern) {
log.debugv("add constraint: {0}", pattern);
return new ConstraintBuilder(pattern);
}
public class ConstraintBuilder {
protected String pattern;
protected Set<String> rolesAllowed = new HashSet<String>();
protected Set<String> methods = new HashSet<String>();
protected Set<String> excludedMethods = new HashSet<String>();
protected SecurityInfo.EmptyRoleSemantic semantic = SecurityInfo.EmptyRoleSemantic.AUTHENTICATE;
public ConstraintBuilder(String pattern) {
this.pattern = pattern;
}
public ConstraintBuilder deny() {
semantic = SecurityInfo.EmptyRoleSemantic.DENY;
return this;
}
public ConstraintBuilder permit() {
semantic = SecurityInfo.EmptyRoleSemantic.PERMIT;
return this;
}
public ConstraintBuilder authenticate() {
semantic = SecurityInfo.EmptyRoleSemantic.AUTHENTICATE;
return this;
}
public ConstraintBuilder injectIfAuthenticated() {
semantic = SecurityInfo.EmptyRoleSemantic.PERMIT_AND_INJECT_IF_AUTHENTICATED;
return this;
}
public ConstraintBuilder excludedMethods(Set<String> excludedMethods) {
this.excludedMethods = excludedMethods;
return this;
}
public ConstraintBuilder methods(Set<String> methods) {
this.methods = methods;
return this;
}
public ConstraintBuilder method(String method) {
methods.add(method);
return this;
}
public ConstraintBuilder excludeMethod(String method) {
excludedMethods.add(method);
return this;
}
public ConstraintBuilder roles(String... roles) {
for (String role : roles) role(role);
return this;
}
public ConstraintBuilder roles(Set<String> roles) {
for (String role : roles) role(role);
return this;
}
public ConstraintBuilder role(String role) {
rolesAllowed.add(role);
return this;
}
public ApplicationBuilder add() {
constraintBuilder.addSecurityConstraint(rolesAllowed, semantic, pattern, methods, excludedMethods);
return ApplicationBuilder.this;
}
}
private HttpHandler addSecurity(final HttpHandler toWrap) {
HttpHandler handler = new UndertowAuthenticatedActionsHandler(deploymentContext, toWrap);
if (errorPage != null) {
if (base.endsWith("/")) {
errorPage = base + errorPage;
} else {
errorPage = base + "/" + errorPage;
}
}
handler = new TokenRequestPreHandler(handler);
handler = new ConstraintAuthorizationHandler(handler, errorPage, sendAccessToken, headerNameConfig);
handler = new ProxyAuthenticationCallHandler(handler);
handler = new ConstraintMatcherHandler(matches, handler, toWrap, errorPage);
final List<AuthenticationMechanism> mechanisms = new LinkedList<AuthenticationMechanism>();
mechanisms.add(new CachedAuthenticatedSessionMechanism());
mechanisms.add(new UndertowAuthenticationMechanism(deploymentContext, userSessionManagement, nodesRegistrationManagement, -1, null));
handler = new AuthenticationMechanismsHandler(handler, mechanisms);
IdentityManager identityManager = new IdentityManager() {
@Override
public Account verify(Account account) {
return account;
}
@Override
public Account verify(String id, Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
@Override
public Account verify(Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
};
handler = new UndertowPreAuthActionsHandler(deploymentContext, userSessionManagement, sessionManager, handler);
handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
if (proxyAddressForwarding) handler = new ProxyPeerAddressHandler(handler);
return handler;
}
private HttpHandler sessionHandling(HttpHandler toWrap) {
SessionCookieConfig sessionConfig = new SessionCookieConfig();
sessionConfig.setCookieName("keycloak." + deployment.getResourceName() + ".session");
sessionConfig.setPath(base);
if (deployment.getSslRequired() == SslRequired.ALL) sessionConfig.setSecure(true);
toWrap = new SessionAttachmentHandler(
toWrap, sessionManager, sessionConfig);
return toWrap;
}
}
public Undertow build() {
builder.setHandler(root);
return builder.build();
}
public ProxyServerBuilder addHttpListener(int port, String host) {
builder.addHttpListener(port, host);
return this;
}
public ProxyServerBuilder addHttpsListener(int port, String host, KeyManager[] keyManagers, TrustManager[] trustManagers) {
builder.addHttpsListener(port, host, keyManagers, trustManagers);
return this;
}
public ProxyServerBuilder addHttpsListener(int port, String host, SSLContext sslContext) {
builder.addHttpsListener(port, host, sslContext);
return this;
}
public ProxyServerBuilder setBufferSize(int bufferSize) {
builder.setBufferSize(bufferSize);
return this;
}
public ProxyServerBuilder setBuffersPerRegion(int buffersPerRegion) {
builder.setBuffersPerRegion(buffersPerRegion);
return this;
}
public ProxyServerBuilder setIoThreads(int ioThreads) {
builder.setIoThreads(ioThreads);
return this;
}
public ProxyServerBuilder setWorkerThreads(int workerThreads) {
builder.setWorkerThreads(workerThreads);
return this;
}
public ProxyServerBuilder setDirectBuffers(boolean directBuffers) {
builder.setDirectBuffers(directBuffers);
return this;
}
public <T> ProxyServerBuilder setServerOption(Option<T> option, T value) {
builder.setServerOption(option, value);
return this;
}
public <T> ProxyServerBuilder setSocketOption(Option<T> option, T value) {
builder.setSocketOption(option, value);
return this;
}
public <T> ProxyServerBuilder setWorkerOption(Option<T> option, T value) {
builder.setWorkerOption(option, value);
return this;
}
public static ProxyConfig loadConfig(InputStream is) {
ObjectMapper mapper = new ObjectMapper(new SystemPropertiesJsonParserFactory());
mapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT);
ProxyConfig proxyConfig;
try {
proxyConfig = mapper.readValue(is, ProxyConfig.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
return proxyConfig;
}
public static Undertow build(InputStream configStream) {
ProxyConfig config = loadConfig(configStream);
return build(config);
}
public static Undertow build(ProxyConfig config) {
ProxyServerBuilder builder = new ProxyServerBuilder();
if (config.getTargetUrl() == null) {
log.error("Must set Target URL");
return null;
}
builder.target(config);
if (config.getApplications() == null || config.getApplications().size() == 0) {
log.error("No applications defined");
return null;
}
initConnections(config, builder);
initOptions(config, builder);
for (ProxyConfig.Application application : config.getApplications()) {
ApplicationBuilder applicationBuilder = builder.application(application.getAdapterConfig())
.base(application.getBasePath())
.errorPage(application.getErrorPage())
.proxyAddressForwarding(application.isProxyAddressForwarding());
if (application.getConstraints() != null) {
for (ProxyConfig.Constraint constraint : application.getConstraints()) {
ApplicationBuilder.ConstraintBuilder constraintBuilder = applicationBuilder.constraint(constraint.getPattern());
if (constraint.getRolesAllowed() != null) {
constraintBuilder.roles(constraint.getRolesAllowed());
}
if (constraint.getMethods() != null) {
constraintBuilder.methods(constraint.getMethods());
}
if (constraint.getExcludedMethods() != null) {
constraintBuilder.excludedMethods(constraint.getExcludedMethods());
}
if (constraint.isDeny()) constraintBuilder.deny();
if (constraint.isPermit()) constraintBuilder.permit();
if (constraint.isAuthenticate()) constraintBuilder.authenticate();
if (constraint.isPermitAndInject()) constraintBuilder.injectIfAuthenticated();
constraintBuilder.add();
}
}
applicationBuilder.add();
}
return builder.build();
}
public static void initOptions(ProxyConfig config, ProxyServerBuilder builder) {
builder.sendAccessToken(config.isSendAccessToken());
builder.headerNameConfig(config.getHeaderNames());
if (config.getBufferSize() != null) builder.setBufferSize(config.getBufferSize());
if (config.getBuffersPerRegion() != null) builder.setBuffersPerRegion(config.getBuffersPerRegion());
if (config.getIoThreads() != null) builder.setIoThreads(config.getIoThreads());
if (config.getWorkerThreads() != null) builder.setWorkerThreads(config.getWorkerThreads());
if (config.getDirectBuffers() != null) builder.setDirectBuffers(config.getDirectBuffers());
}
public static void initConnections(ProxyConfig config, ProxyServerBuilder builder) {
if (config.getHttpPort() == null && config.getHttpsPort() == null) {
log.warn("You have not set up HTTP or HTTPS");
}
if (config.getHttpPort() != null) {
String bindAddress = "localhost";
if (config.getBindAddress() != null) bindAddress = config.getBindAddress();
builder.addHttpListener(config.getHttpPort(), bindAddress);
}
if (config.getHttpsPort() != null) {
String bindAddress = "localhost";
if (config.getBindAddress() != null) bindAddress = config.getBindAddress();
if (config.getKeystore() != null) {
InputStream is = FindFile.findFile(config.getKeystore());
SSLContext sslContext = null;
try {
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(is, config.getKeystorePassword().toCharArray());
sslContext = SslUtil.createSSLContext(keystore, config.getKeyPassword(), null);
} catch (Exception e) {
throw new RuntimeException(e);
}
builder.addHttpsListener(config.getHttpsPort().intValue(), bindAddress, sslContext);
} else {
log.warn("Generating temporary SSL cert");
KeyPair keyPair = null;
try {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
keyPair = generator.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
X509Certificate certificate = null;
try {
certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, bindAddress);
} catch (Exception e) {
throw new RuntimeException(e);
}
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
PrivateKey privateKey = keyPair.getPrivate();
Certificate[] chain = {certificate};
keyStore.setKeyEntry(bindAddress, privateKey, "password".toCharArray(), chain);
SSLContext sslContext = SslUtil.createSSLContext(keyStore, "password", null);
builder.addHttpsListener(config.getHttpsPort().intValue(), bindAddress, sslContext);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
}
}

96
proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityInfo.java
View file

@ -1,96 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* @author Stuart Douglas
*/
public class SecurityInfo<T extends SecurityInfo> implements Cloneable {
/**
* Equivalent to {@see ServletSecurity.EmptyRoleSemantic} but with an additional mode to require authentication but no role
* check.
*/
public enum EmptyRoleSemantic {
/**
* Permit access to the resource without requiring authentication or role membership.
*/
PERMIT,
/**
* Deny access to the resource regardless of the authentication state.
*/
DENY,
/**
* Mandate authentication but authorize access as no roles to check against.
*/
AUTHENTICATE,
/**
* Permit access in any case, but provide authorization info only if authorized.
*/
PERMIT_AND_INJECT_IF_AUTHENTICATED;
}
private volatile EmptyRoleSemantic emptyRoleSemantic = EmptyRoleSemantic.DENY;
private final Set<String> rolesAllowed = new HashSet<String>();
public EmptyRoleSemantic getEmptyRoleSemantic() {
return emptyRoleSemantic;
}
public T setEmptyRoleSemantic(final EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
return (T)this;
}
public T addRoleAllowed(final String role) {
this.rolesAllowed.add(role);
return (T) this;
}
public T addRolesAllowed(final String ... roles) {
this.rolesAllowed.addAll(Arrays.asList(roles));
return (T) this;
}
public T addRolesAllowed(final Collection<String> roles) {
this.rolesAllowed.addAll(roles);
return (T) this;
}
public Set<String> getRolesAllowed() {
return new HashSet<String>(rolesAllowed);
}
@Override
public T clone() {
final SecurityInfo info = createInstance();
info.emptyRoleSemantic = emptyRoleSemantic;
info.rolesAllowed.addAll(rolesAllowed);
return (T) info;
}
protected T createInstance() {
return (T) new SecurityInfo();
}
}

249
proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityPathMatches.java
View file

@ -1,249 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author Stuart Douglas
*/
public class SecurityPathMatches {
private final boolean denyUncoveredHttpMethods;
private final PathSecurityInformation defaultPathSecurityInformation;
private final Map<String, PathSecurityInformation> exactPathRoleInformation;
private final Map<String, PathSecurityInformation> prefixPathRoleInformation;
private final Map<String, PathSecurityInformation> extensionRoleInformation;
private SecurityPathMatches(final boolean denyUncoveredHttpMethods, final PathSecurityInformation defaultPathSecurityInformation, final Map<String, PathSecurityInformation> exactPathRoleInformation, final Map<String, PathSecurityInformation> prefixPathRoleInformation, final Map<String, PathSecurityInformation> extensionRoleInformation) {
this.denyUncoveredHttpMethods = denyUncoveredHttpMethods;
this.defaultPathSecurityInformation = defaultPathSecurityInformation;
this.exactPathRoleInformation = exactPathRoleInformation;
this.prefixPathRoleInformation = prefixPathRoleInformation;
this.extensionRoleInformation = extensionRoleInformation;
}
/**
*
* @return <code>true</code> If no security path information has been defined
*/
public boolean isEmpty() {
return defaultPathSecurityInformation.excludedMethodRoles.isEmpty() &&
defaultPathSecurityInformation.perMethodRequiredRoles.isEmpty() &&
defaultPathSecurityInformation.defaultRequiredRoles.isEmpty() &&
exactPathRoleInformation.isEmpty() &&
prefixPathRoleInformation.isEmpty() &&
extensionRoleInformation.isEmpty();
}
public SingleConstraintMatch getSecurityInfo(final String path, final String method) {
RuntimeMatch currentMatch = new RuntimeMatch();
handleMatch(method, defaultPathSecurityInformation, currentMatch);
PathSecurityInformation match = exactPathRoleInformation.get(path);
if (match != null) {
handleMatch(method, match, currentMatch);
return mergeConstraints(currentMatch);
}
match = prefixPathRoleInformation.get(path);
if (match != null) {
handleMatch(method, match, currentMatch);
return mergeConstraints(currentMatch);
}
int qsPos = -1;
boolean extension = false;
for (int i = path.length() - 1; i >= 0; --i) {
final char c = path.charAt(i);
if (c == '?') {
//there was a query string, check the exact matches again
final String part = path.substring(0, i);
match = exactPathRoleInformation.get(part);
if (match != null) {
handleMatch(method, match, currentMatch);
return mergeConstraints(currentMatch);
}
qsPos = i;
extension = false;
} else if (c == '/') {
extension = true;
final String part = path.substring(0, i);
match = prefixPathRoleInformation.get(part);
if (match != null) {
handleMatch(method, match, currentMatch);
return mergeConstraints(currentMatch);
}
} else if (c == '.') {
if (!extension) {
extension = true;
final String ext;
if (qsPos == -1) {
ext = path.substring(i + 1, path.length());
} else {
ext = path.substring(i + 1, qsPos);
}
match = extensionRoleInformation.get(ext);
if (match != null) {
handleMatch(method, match, currentMatch);
return mergeConstraints(currentMatch);
}
}
}
}
return mergeConstraints(currentMatch);
}
/**
* merge all constraints, as per 13.8.1 Combining Constraints
*/
private SingleConstraintMatch mergeConstraints(final RuntimeMatch currentMatch) {
if(currentMatch.uncovered && denyUncoveredHttpMethods) {
return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.DENY, Collections.<String>emptySet());
}
final Set<String> allowedRoles = new HashSet<String>();
for(SingleConstraintMatch match : currentMatch.constraints) {
if(match.getRequiredRoles().isEmpty()) {
return new SingleConstraintMatch(match.getEmptyRoleSemantic(), Collections.<String>emptySet());
} else {
allowedRoles.addAll(match.getRequiredRoles());
}
}
return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.PERMIT, allowedRoles);
}
private void handleMatch(final String method, final PathSecurityInformation exact, RuntimeMatch currentMatch) {
List<SecurityInformation> roles = exact.defaultRequiredRoles;
for (SecurityInformation role : roles) {
currentMatch.constraints.add(new SingleConstraintMatch(role.emptyRoleSemantic, role.roles));
if(role.emptyRoleSemantic == SecurityInfo.EmptyRoleSemantic.DENY || !role.roles.isEmpty()) {
currentMatch.uncovered = false;
}
}
List<SecurityInformation> methodInfo = exact.perMethodRequiredRoles.get(method);
if (methodInfo != null) {
currentMatch.uncovered = false;
for (SecurityInformation role : methodInfo) {
currentMatch.constraints.add(new SingleConstraintMatch(role.emptyRoleSemantic, role.roles));
}
}
for (ExcludedMethodRoles excluded : exact.excludedMethodRoles) {
if (!excluded.methods.contains(method)) {
currentMatch.uncovered = false;
currentMatch.constraints.add(new SingleConstraintMatch(excluded.securityInformation.emptyRoleSemantic, excluded.securityInformation.roles));
}
}
}
public static class Builder {
private final PathSecurityInformation defaultPathSecurityInformation = new PathSecurityInformation();
private final Map<String, PathSecurityInformation> exactPathRoleInformation = new HashMap<String, PathSecurityInformation>();
private final Map<String, PathSecurityInformation> prefixPathRoleInformation = new HashMap<String, PathSecurityInformation>();
private final Map<String, PathSecurityInformation> extensionRoleInformation = new HashMap<String, PathSecurityInformation>();
public void addSecurityConstraint(Set<String> roles, SecurityInfo.EmptyRoleSemantic emptyRoleSemantic, String pattern, Set<String> httpMethods, Set<String> excludedMethods) {
final SecurityInformation securityInformation = new SecurityInformation(roles, emptyRoleSemantic);
if (pattern.endsWith("/*") || pattern.endsWith("/")) {
String part = pattern.substring(0, pattern.lastIndexOf('/'));
PathSecurityInformation info = prefixPathRoleInformation.get(part);
if (info == null) {
prefixPathRoleInformation.put(part, info = new PathSecurityInformation());
}
setupPathSecurityInformation(info, securityInformation, httpMethods, excludedMethods);
} else if (pattern.startsWith("*.")) {
String part = pattern.substring(2, pattern.length());
PathSecurityInformation info = extensionRoleInformation.get(part);
if (info == null) {
extensionRoleInformation.put(part, info = new PathSecurityInformation());
}
setupPathSecurityInformation(info, securityInformation, httpMethods, excludedMethods);
} else {
PathSecurityInformation info = exactPathRoleInformation.get(pattern);
if (info == null) {
exactPathRoleInformation.put(pattern, info = new PathSecurityInformation());
}
setupPathSecurityInformation(info, securityInformation, httpMethods, excludedMethods);
}
}
private Set<String> expandRolesAllowed(final Set<String> rolesAllowed) {
final Set<String> roles = new HashSet<String>(rolesAllowed);
return roles;
}
private void setupPathSecurityInformation(final PathSecurityInformation info, final SecurityInformation securityConstraint,
Set<String> httpMethods, Set<String> excludedMethods) {
if (httpMethods.isEmpty() &&
excludedMethods.isEmpty()) {
info.defaultRequiredRoles.add(securityConstraint);
} else if (!httpMethods.isEmpty()) {
for (String method : httpMethods) {
List<SecurityInformation> securityInformations = info.perMethodRequiredRoles.get(method);
if (securityInformations == null) {
info.perMethodRequiredRoles.put(method, securityInformations = new ArrayList<SecurityInformation>());
}
securityInformations.add(securityConstraint);
}
} else if (!excludedMethods.isEmpty()) {
info.excludedMethodRoles.add(new ExcludedMethodRoles(excludedMethods, securityConstraint));
}
}
public SecurityPathMatches build() {
return new SecurityPathMatches(false, defaultPathSecurityInformation, exactPathRoleInformation, prefixPathRoleInformation, extensionRoleInformation);
}
}
private static class PathSecurityInformation {
final List<SecurityInformation> defaultRequiredRoles = new ArrayList<SecurityInformation>();
final Map<String, List<SecurityInformation>> perMethodRequiredRoles = new HashMap<String, List<SecurityInformation>>();
final List<ExcludedMethodRoles> excludedMethodRoles = new ArrayList<ExcludedMethodRoles>();
}
private static final class ExcludedMethodRoles {
final Set<String> methods;
final SecurityInformation securityInformation;
public ExcludedMethodRoles(final Set<String> methods, final SecurityInformation securityInformation) {
this.methods = methods;
this.securityInformation = securityInformation;
}
}
private static final class SecurityInformation {
final Set<String> roles;
final SecurityInfo.EmptyRoleSemantic emptyRoleSemantic;
private SecurityInformation(final Set<String> roles, final SecurityInfo.EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.roles = new HashSet<String>(roles);
}
}
private static final class RuntimeMatch {
final List<SingleConstraintMatch> constraints = new ArrayList<SingleConstraintMatch>();
boolean uncovered = true;
}
}

47
proxy/proxy-server/src/main/java/org/keycloak/proxy/SingleConstraintMatch.java
View file

@ -1,47 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import java.util.Set;
/**
* Representation of a single security constrain matched for a single request.
*
* When performing any authentication/authorization check every constraint MUST be satisfied for the request to be allowed to
* proceed.
*
* @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
*/
public class SingleConstraintMatch {
private final SecurityInfo.EmptyRoleSemantic emptyRoleSemantic;
private final Set<String> requiredRoles;
public SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic emptyRoleSemantic, Set<String> requiredRoles) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.requiredRoles = requiredRoles;
}
public SecurityInfo.EmptyRoleSemantic getEmptyRoleSemantic() {
return emptyRoleSemantic;
}
public Set<String> getRequiredRoles() {
return requiredRoles;
}
}

53
proxy/proxy-server/src/main/java/org/keycloak/proxy/SslUtil.java
View file

@ -1,53 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.proxy;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.security.KeyStore;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SslUtil {
public static SSLContext createSSLContext(final KeyStore keyStore, String password, final KeyStore trustStore) throws Exception {
KeyManager[] keyManagers;
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password.toCharArray());
keyManagers = keyManagerFactory.getKeyManagers();
TrustManager[] trustManagers = null;
if (trustStore != null) {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
trustManagers = trustManagerFactory.getTrustManagers();
}
SSLContext sslContext;
sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
return sslContext;
}
}

27
proxy/proxy-server/src/main/java/org/keycloak/proxy/TokenRequestPreHandler.java
View file

@ -1,27 +0,0 @@
package org.keycloak.proxy;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import org.keycloak.constants.AdapterConstants;
/**
* Dispatches requests for k_query_bearer_token through a worker thread (handler for this
* resource performs blocking IO).
*/
public class TokenRequestPreHandler implements HttpHandler {
private final HttpHandler next;
public TokenRequestPreHandler(HttpHandler next) {
this.next = next;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
if (exchange.getRequestURI().endsWith(AdapterConstants.K_QUERY_BEARER_TOKEN)) {
exchange.dispatch(next);
} else {
next.handleRequest(exchange);
}
}
}

1
testsuite/pom.xml
View file

@ -70,7 +70,6 @@
</build> </build>
<modules> <modules>
<module>jetty</module> <module>jetty</module>
<module>proxy</module>
<module>tomcat7</module> <module>tomcat7</module>
</modules> </modules>
</profile> </profile>

369
testsuite/proxy/pom.xml
View file

@ -1,369 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-testsuite-security-proxy</artifactId>
<name>Keycloak Security Proxy TestSuite</name>
<properties>
<!--<tomcat.version>8.0.14</tomcat.version>-->
<tomcat.version>7.0.54</tomcat.version>
</properties>
<description />
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-dependencies-server-all</artifactId>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-proxy-server</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson2-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-undertow</artifactId>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-kerberos-federation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-tomcat7-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>com.icegreen</groupId>
<artifactId>greenmail</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-core</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-chrome-driver</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-undertow</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-testsuite-integration-deprecated</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-testsuite-integration-deprecated</artifactId>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<version>${tomcat.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-util</artifactId>
<version>${tomcat.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.2</version>
<executions>
<execution>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<workingDirectory>${project.basedir}</workingDirectory>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>keycloak-server</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.KeycloakServer</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>mail-server</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.MailServer</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>totp</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.TotpGenerator</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>jpa</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<keycloak.realm.provider>jpa</keycloak.realm.provider>
<keycloak.user.provider>jpa</keycloak.user.provider>
<keycloak.eventStore.provider>jpa</keycloak.eventStore.provider>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<!-- MySQL -->
<profile>
<activation>
<property>
<name>keycloak.connectionsJpa.driver</name>
<value>com.mysql.jdbc.Driver</value>
</property>
</activation>
<id>mysql</id>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>
</dependencies>
</profile>
<!-- PostgreSQL -->
<profile>
<activation>
<property>
<name>keycloak.connectionsJpa.driver</name>
<value>org.postgresql.Driver</value>
</property>
</activation>
<id>postgresql</id>
<dependencies>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>${postgresql.version}</version>
</dependency>
</dependencies>
</profile>
<profile>
<id>clean-jpa</id>
<build>
<plugins>
<plugin>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-maven-plugin</artifactId>
<configuration>
<changeLogFile>META-INF/jpa-changelog-master.xml</changeLogFile>
<url>${keycloak.connectionsJpa.url}</url>
<driver>${keycloak.connectionsJpa.driver}</driver>
<username>${keycloak.connectionsJpa.user}</username>
<password>${keycloak.connectionsJpa.password}</password>
<promptOnNonLocalDatabase>false</promptOnNonLocalDatabase>
</configuration>
<executions>
<execution>
<id>clean-jpa</id>
<phase>clean</phase>
<goals>
<goal>dropAll</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

283
testsuite/proxy/src/test/java/org/keycloak/testsuite/ProxyTest.java
View file

@ -1,283 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite;
import io.undertow.Undertow;
import org.apache.catalina.startup.Tomcat;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.proxy.ProxyServerBuilder;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.util.Enumeration;
import java.util.regex.Matcher;
@Ignore
public class ProxyTest {
static String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/demorealm.json"), RealmRepresentation.class);
RealmModel realm = manager.importRealm(representation);
}
};
public static class SendUsernameServlet extends HttpServlet {
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
String requestURI = req.getRequestURI();
resp.setContentType("text/plain");
OutputStream stream = resp.getOutputStream();
stream.write(req.getRequestURL().toString().getBytes());
stream.write("\n".getBytes());
Integer count = (Integer)req.getSession().getAttribute("counter");
if (count == null) count = new Integer(0);
req.getSession().setAttribute("counter", new Integer(count.intValue() + 1));
stream.write(("count:"+count).getBytes());
Enumeration<String> headers = req.getHeaderNames();
while (headers.hasMoreElements()) {
String name = headers.nextElement();
System.out.println(name +": " + req.getHeader(name));
}
if (requestURI.contains("/bearer")) {
Client client = ClientBuilder.newClient();
try {
String appBase = "http://localhost:8080/customer-portal";
WebTarget target = client.target(appBase + "/call-bearer");
Response response = null;
response = target.request()
.header(HttpHeaders.AUTHORIZATION, "Bearer CRAP")
.get();
Assert.assertEquals(401, response.getStatus());
response.close();
response = target.request()
.header(HttpHeaders.AUTHORIZATION, "Bearer " + req.getHeader("KEYCLOAK_ACCESS_TOKEN"))
.get();
Assert.assertEquals(200, response.getStatus());
String data = response.readEntity(String.class);
response.close();
stream.write(data.getBytes());
} finally {
client.close();
}
} else if (requestURI.contains("/call-bearer")) {
stream.write("bearer called".getBytes());
}
}
@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
public static class SendError extends HttpServlet {
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/plain");
OutputStream stream = resp.getOutputStream();
stream.write("access error".getBytes());
}
@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
static Tomcat tomcat = null;
public static void initTomcat() throws Exception {
URL dir = ProxyTest.class.getResource("/tomcat-test/webapp/WEB-INF/web.xml");
File webappDir = new File(dir.getFile()).getParentFile().getParentFile();
tomcat = new Tomcat();
String baseDir = getBaseDirectory();
tomcat.setBaseDir(baseDir);
tomcat.setPort(8082);
tomcat.addWebapp("/customer-portal", webappDir.toString());
System.out.println("configuring app with basedir: " + webappDir.toString());
tomcat.start();
//tomcat.getServer().await();
}
public static void shutdownTomcat() throws Exception {
tomcat.stop();
tomcat.destroy();
}
static Undertow proxyServer = null;
@BeforeClass
public static void initProxy() throws Exception {
initTomcat();
InputStream is = ProxyTest.class.getResourceAsStream("/proxy-config.json");
proxyServer = ProxyServerBuilder.build(is);
proxyServer.start();
}
@AfterClass
public static void shutdownProxy() throws Exception {
shutdownTomcat();
if (proxyServer != null) proxyServer.stop();
}
@Rule
public WebRule webRule = new WebRule(this);
@WebResource
protected WebDriver driver;
@WebResource
protected LoginPage loginPage;
public static final String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testHttp() throws Exception {
String baseUrl = "http://localhost:8080";
testit(baseUrl);
}
@Test
public void testHttps() throws Exception {
String baseUrl = "https://localhost:8443";
testit(baseUrl);
}
public void testit(String baseUrl) {
driver.navigate().to(baseUrl + "/customer-portal/users");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
String loginPageSource = driver.getPageSource();
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), baseUrl + "/customer-portal/users");
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("customer-portal/users"));
Assert.assertTrue(pageSource.contains("count:0"));
driver.navigate().to(baseUrl + "/customer-portal/users");
Assert.assertEquals(driver.getCurrentUrl(), baseUrl + "/customer-portal/users");
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("customer-portal/users"));
Assert.assertTrue(pageSource.contains("count:1")); // test http session
driver.navigate().to(baseUrl + "/customer-portal/bearer");
pageSource = driver.getPageSource();
Assert.assertTrue(pageSource.contains("bearer called"));
driver.navigate().to(baseUrl + "/customer-portal/users/deny");
Assert.assertEquals(driver.getCurrentUrl(), baseUrl + "/customer-portal/users/deny");
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("access error"));
driver.navigate().to(baseUrl + "/customer-portal/admins");
Assert.assertEquals(driver.getCurrentUrl(), baseUrl + "/customer-portal/admins");
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("access error"));
// test logout
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, baseUrl + "/customer-portal/users").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(baseUrl + "/customer-portal/users");
String currentUrl = driver.getCurrentUrl();
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
// test unsecured page
driver.navigate().to(baseUrl + "/customer-portal") ;
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("customer-portal"));
driver.navigate().to(baseUrl + "/customer-portal/users/permit") ;
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("customer-portal/users/permit"));
}
private static String getBaseDirectory() {
String dirPath = null;
String relativeDirPath = "testsuite" + File.separator + "proxy" + File.separator + "target";
if (System.getProperties().containsKey("maven.home")) {
dirPath = System.getProperty("user.dir").replaceFirst("testsuite.proxy.*", Matcher.quoteReplacement(relativeDirPath));
} else {
for (String c : System.getProperty("java.class.path").split(File.pathSeparator)) {
if (c.contains(File.separator + "testsuite" + File.separator + "proxy")) {
dirPath = c.replaceFirst("testsuite.proxy.*", Matcher.quoteReplacement(relativeDirPath));
break;
}
}
}
String absolutePath = new File(dirPath).getAbsolutePath();
return absolutePath;
}
}

71
testsuite/proxy/src/test/resources/demorealm.json
View file

@ -1,71 +0,0 @@
{
"id": "demo",
"realm": "demo",
"enabled": true,
"accessTokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 6000,
"sslRequired": "external",
"registrationAllowed": false,
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
"users" : [
{
"username" : "bburke@redhat.com",
"enabled": true,
"email" : "bburke@redhat.com",
"firstName": "Bill",
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
},
{
"username" : "admin",
"enabled": true,
"email" : "admin.burke@redhat.com",
"firstName": "Admin",
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "user", "admin" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "User privileges"
},
{
"name": "admin",
"description": "Administrator privileges"
}
]
},
"applications": [
{
"name": "customer-portal",
"enabled": true,
"fullScopeAllowed": true,
"adminUrl": "http://localhost:8080/customer-portal",
"baseUrl": "http://localhost:8080/customer-portal",
"redirectUris": [
"http://localhost:8080/customer-portal/*",
"https://localhost:8443/customer-portal/*"
],
"secret": "password"
}
]
}

11
testsuite/proxy/src/test/resources/keycloak.json
View file

@ -1,11 +0,0 @@
{
"realm": "demo",
"resource": "customer-portal",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"principal-attribute": "name",
"credentials": {
"secret": "password"
}
}

64
testsuite/proxy/src/test/resources/proxy-config.json
View file

@ -1,64 +0,0 @@
{
"bind-address": "localhost",
"http-port": "8080",
"https-port": "8443",
"keystore": "classpath:ssl.jks",
"keystore-password": "password",
"key-password": "password",
"target-url": "http://localhost:8082",
"send-access-token": true,
"applications": [
{
"base-path": "/customer-portal",
"error-page": "/error.html",
"adapter-config": {
"realm": "demo",
"resource": "customer-portal",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"principal-attribute": "name",
"credentials": {
"secret": "password"
}
}
,
"constraints": [
{
"pattern": "/users/*",
"roles-allowed": [
"user"
]
},
{
"pattern": "/call-bearer/*",
"roles-allowed": [
"user"
]
},
{
"pattern": "/bearer/*",
"roles-allowed": [
"user"
]
},
{
"pattern": "/admins/*",
"roles-allowed": [
"admin"
]
},
{
"pattern": "/users/permit",
"permit": true
},
{
"pattern": "/users/deny",
"deny": true
}
]
}
]
}

BIN
testsuite/proxy/src/test/resources/ssl.jks
View file

Binary file not shown.

44
testsuite/proxy/src/test/resources/tomcat-test/webapp/WEB-INF/web.xml
View file

@ -1,44 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>SendUsername</servlet-name>
<servlet-class>org.keycloak.testsuite.ProxyTest$SendUsernameServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Error</servlet-name>
<servlet-class>org.keycloak.testsuite.ProxyTest$SendError</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Error</servlet-name>
<url-pattern>/error.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SendUsername</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>

3
travis-run-tests.sh
View file

@ -53,7 +53,6 @@ if [ $1 == "old" ]; then
cd testsuite cd testsuite
mvn test -B -nsu -f integration-deprecated mvn test -B -nsu -f integration-deprecated
mvn test -B -nsu -f jetty mvn test -B -nsu -f jetty
mvn test -B -nsu -f proxy
mvn test -B -nsu -f tomcat7 mvn test -B -nsu -f tomcat7
mvn test -B -nsu -f tomcat8 mvn test -B -nsu -f tomcat8
fi fi
@ -102,4 +101,4 @@ if [ $1 == "crossdc-adapter" ]; then
mvn clean test -B -nsu -Pcache-server-infinispan,auth-servers-crossdc-jboss,auth-server-wildfly,app-server-wildfly -Dtest=org.keycloak.testsuite.adapter.**.crossdc.**.* 2>&1 | mvn clean test -B -nsu -Pcache-server-infinispan,auth-servers-crossdc-jboss,auth-server-wildfly,app-server-wildfly -Dtest=org.keycloak.testsuite.adapter.**.crossdc.**.* 2>&1 |
java -cp ../../../utils/target/classes org.keycloak.testsuite.LogTrimmer java -cp ../../../utils/target/classes org.keycloak.testsuite.LogTrimmer
exit ${PIPESTATUS[0]} exit ${PIPESTATUS[0]}
fi fi