KEYCLOAK-2445 - Added ssl profile to eap7 server and adapter.
This commit is contained in:
parent
8931be5e61
commit
9adbd370c2
5 changed files with 164 additions and 6 deletions
|
@ -17,8 +17,11 @@
|
|||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
xmlns:j="urn:jboss:domain:1.7"
|
||||
xmlns:w="urn:jboss:domain:web:2.2"
|
||||
xmlns:j="urn:jboss:domain:4.0"
|
||||
xmlns:ds="urn:jboss:domain:datasources:4.0"
|
||||
xmlns:k="urn:jboss:domain:keycloak:1.1"
|
||||
xmlns:sec="urn:jboss:domain:security:1.2"
|
||||
xmlns:u="urn:jboss:domain:undertow:3.0"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan j ds k sec">
|
||||
|
||||
|
@ -27,11 +30,29 @@
|
|||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//w:connector[@name='http']">
|
||||
<xsl:template match="//j:security-realms">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
|
||||
<security-realm name="UndertowRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
</security-realm>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:http-listener">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:host">
|
||||
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
|
||||
<xsl:copy-of select="."/>
|
||||
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
|
||||
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
|
||||
</connector>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:socket-binding[@name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<socket-binding name="proxy-https" port="8443"/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:extensions">
|
||||
|
|
|
@ -176,6 +176,72 @@
|
|||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>ssl</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>app.server.ssl.required</name>
|
||||
</property>
|
||||
</activation>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>xml-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>configure-adapter-subsystem-security</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>transform</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<transformationSets>
|
||||
<transformationSet>
|
||||
<dir>${app.server.eap7.home}/standalone/configuration</dir>
|
||||
<includes>
|
||||
<include>standalone.xml</include>
|
||||
</includes>
|
||||
<stylesheet>src/main/xslt/security.xsl</stylesheet>
|
||||
<outputDir>${app.server.eap7.home}/standalone/configuration</outputDir>
|
||||
</transformationSet>
|
||||
</transformationSets>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<version>2.7</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-keystore</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${app.server.eap7.home}/standalone/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/keystore</directory>
|
||||
<includes>
|
||||
<include>adapter.jks</include>
|
||||
<include>keycloak.truststore</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
<nonFilteredFileExtensions>
|
||||
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
|
||||
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
|
||||
</nonFilteredFileExtensions>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>adapter-libs-provided</id>
|
||||
<activation>
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,71 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
xmlns:j="urn:jboss:domain:4.0"
|
||||
xmlns:ds="urn:jboss:domain:datasources:4.0"
|
||||
xmlns:k="urn:jboss:domain:keycloak:1.1"
|
||||
xmlns:sec="urn:jboss:domain:security:1.2"
|
||||
xmlns:u="urn:jboss:domain:undertow:3.0"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan j ds k sec">
|
||||
|
||||
<xsl:param name="config"/>
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//j:security-realms">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
|
||||
<security-realm name="UndertowRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="adapter.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
</security-realm>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:http-listener">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:host">
|
||||
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
|
||||
<xsl:copy-of select="."/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:socket-binding[@name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<socket-binding name="proxy-https" port="8443"/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:extensions">
|
||||
<xsl:copy-of select="."/>
|
||||
<system-properties>
|
||||
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
|
||||
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
|
||||
</system-properties>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
Loading…
Reference in a new issue