From 73cbf857c105da960239137be8701a41f54321e6 Mon Sep 17 00:00:00 2001 From: Stan Silvert Date: Mon, 11 Jul 2016 20:58:31 -0400 Subject: [PATCH 1/2] KEYCLOAK-3273: Prefer module name for secure-deployment in Keycloak adapter subsystem --- ...cloakAdapterConfigDeploymentProcessor.java | 18 +++++------ .../KeycloakAdapterConfigService.java | 31 +++++++++++++++++-- .../KeycloakDependencyProcessor.java | 6 ++-- .../extension/SubsystemParsingTestCase.java | 2 -- 4 files changed, 38 insertions(+), 19 deletions(-) diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java index 00343df892..9f52c41b4b 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigDeploymentProcessor.java @@ -46,8 +46,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP // not sure if we need this yet, keeping here just in case protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) { - String deploymentName = deploymentUnit.getName(); - if (!service.isSecureDeployment(deploymentName)) { + if (!service.isSecureDeployment(deploymentUnit)) { return; } WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); @@ -67,10 +66,9 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance(); - if (service.isSecureDeployment(deploymentName)) { - addKeycloakAuthData(phaseContext, deploymentName, service); + if (service.isSecureDeployment(deploymentUnit)) { + addKeycloakAuthData(phaseContext, service); } // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK @@ -79,14 +77,14 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP // addSecurityDomain(deploymentUnit, service); } - private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { + private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { - throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); + throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); } - addJSONData(service.getJSON(deploymentName), warMetaData); + addJSONData(service.getJSON(deploymentUnit), warMetaData); JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { webMetaData = new JBossWebMetaData(); @@ -99,8 +97,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP webMetaData.setLoginConfig(loginConfig); } loginConfig.setAuthMethod("KEYCLOAK"); - loginConfig.setRealmName(service.getRealmName(deploymentName)); - KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); + loginConfig.setRealmName(service.getRealmName(deploymentUnit)); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); } private void addJSONData(String json, WarMetaData warMetaData) { diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java index 854544f8b8..86c9e7e401 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java @@ -24,6 +24,9 @@ import java.util.HashMap; import java.util.Map; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.web.common.WarMetaData; +import org.jboss.metadata.web.jboss.JBossWebMetaData; /** * This service keeps track of the entire Keycloak management model so as to provide @@ -153,13 +156,15 @@ public final class KeycloakAdapterConfigService { return null; } - public String getRealmName(String deploymentName) { + public String getRealmName(DeploymentUnit deploymentUnit) { + String deploymentName = preferredDeploymentName(deploymentUnit); ModelNode deployment = this.secureDeployments.get(deploymentName); return deployment.get(RealmDefinition.TAG_NAME).asString(); } - public String getJSON(String deploymentName) { + public String getJSON(DeploymentUnit deploymentUnit) { + String deploymentName = preferredDeploymentName(deploymentUnit); ModelNode deployment = this.secureDeployments.get(deploymentName); String realmName = deployment.get(RealmDefinition.TAG_NAME).asString(); ModelNode realm = this.realms.get(realmName); @@ -183,9 +188,29 @@ public final class KeycloakAdapterConfigService { } } - public boolean isSecureDeployment(String deploymentName) { + public boolean isSecureDeployment(DeploymentUnit deploymentUnit) { //log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size()); + String deploymentName = preferredDeploymentName(deploymentUnit); return this.secureDeployments.containsKey(deploymentName); } + + // KEYCLOAK-3273: prefer module name if available + private String preferredDeploymentName(DeploymentUnit deploymentUnit) { + String deploymentName = deploymentUnit.getName(); + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return deploymentName; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return deploymentName; + } + + String moduleName = webMetaData.getModuleName(); + if (moduleName != null) return moduleName + ".war"; + + return deploymentName; + } } diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessor.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessor.java index 373f57a904..e918a47930 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessor.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakDependencyProcessor.java @@ -45,9 +45,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce @Override public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - - String deploymentName = deploymentUnit.getName(); - if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) { + if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return; @@ -67,7 +65,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce addCommonModules(moduleSpecification, moduleLoader); addPlatformSpecificModules(moduleSpecification, moduleLoader); } - + private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) { // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified) moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false)); diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java b/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java index 6ff643acd3..9d5f87ab39 100755 --- a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java +++ b/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java @@ -78,8 +78,6 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest { addCredential(addr, service, "secret", "secret1"); addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks"); addCredential(addr, service, "jwt.token-timeout", "10"); - - System.out.println("Deployment: " + service.getJSON("foo")); } private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) { From 1d4e76117c6c915b2a2cd642c0e0d7007c04f2e0 Mon Sep 17 00:00:00 2001 From: Stan Silvert Date: Tue, 12 Jul 2016 12:42:24 -0400 Subject: [PATCH 2/2] KEYCLOAK-3273: Prefer module name for secure-deployment name. --- ...cloakAdapterConfigDeploymentProcessor.java | 13 ++++---- .../as7/KeycloakAdapterConfigService.java | 31 +++++++++++++++++-- .../as7/KeycloakDependencyProcessor.java | 3 +- ...cloakAdapterConfigDeploymentProcessor.java | 18 +++++------ .../KeycloakAdapterConfigService.java | 31 +++++++++++++++++-- .../KeycloakDependencyProcessor.java | 3 +- .../extension/SubsystemParsingTestCase.java | 2 -- .../subsystem/saml/as7/Configuration.java | 29 +++++++++++++++-- ...cloakAdapterConfigDeploymentProcessor.java | 15 +++++---- .../saml/as7/KeycloakDependencyProcessor.java | 3 +- .../adapter/saml/extension/Configuration.java | 25 ++++++++++++++- ...cloakAdapterConfigDeploymentProcessor.java | 17 +++++----- .../KeycloakDependencyProcessor.java | 3 +- 13 files changed, 139 insertions(+), 54 deletions(-) diff --git a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java index 9b60acd975..cdaa3755ea 100755 --- a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java +++ b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java @@ -49,7 +49,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP @Override public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); // if it's not a web-app there's nothing to secure WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); @@ -67,24 +66,24 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP // otherwise LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); - boolean hasSubsystemConfig = service.isSecureDeployment(deploymentName); + boolean hasSubsystemConfig = service.isSecureDeployment(deploymentUnit); boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod()); if (hasSubsystemConfig || webRequiresKC) { - log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName); + log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentUnit.getName()); // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it if (hasSubsystemConfig) { - addJSONData(service.getJSON(deploymentName), warMetaData); + addJSONData(service.getJSON(deploymentUnit), warMetaData); if (loginConfig != null) { loginConfig.setAuthMethod("KEYCLOAK"); - loginConfig.setRealmName(service.getRealmName(deploymentName)); + loginConfig.setRealmName(service.getRealmName(deploymentUnit)); } else { - log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentName + " (loginConfig == null)"); + log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)"); } } addValve(webMetaData); - KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); } } diff --git a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java index 326862bbf1..0b690c3511 100755 --- a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java +++ b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java @@ -25,6 +25,9 @@ import java.util.HashMap; import java.util.Map; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.web.deployment.WarMetaData; +import org.jboss.metadata.web.jboss.JBossWebMetaData; /** * This service keeps track of the entire Keycloak management model so as to provide @@ -154,13 +157,15 @@ public final class KeycloakAdapterConfigService { return null; } - public String getRealmName(String deploymentName) { + public String getRealmName(DeploymentUnit deploymentUnit) { + String deploymentName = preferredDeploymentName(deploymentUnit); ModelNode deployment = this.secureDeployments.get(deploymentName); return deployment.get(RealmDefinition.TAG_NAME).asString(); } - public String getJSON(String deploymentName) { + public String getJSON(DeploymentUnit deploymentUnit) { + String deploymentName = preferredDeploymentName(deploymentUnit); ModelNode deployment = this.secureDeployments.get(deploymentName); String realmName = deployment.get(RealmDefinition.TAG_NAME).asString(); ModelNode realm = this.realms.get(realmName); @@ -184,9 +189,29 @@ public final class KeycloakAdapterConfigService { } } - public boolean isSecureDeployment(String deploymentName) { + public boolean isSecureDeployment(DeploymentUnit deploymentUnit) { //log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size()); + String deploymentName = preferredDeploymentName(deploymentUnit); return this.secureDeployments.containsKey(deploymentName); } + + // KEYCLOAK-3273: prefer module name if available + private String preferredDeploymentName(DeploymentUnit deploymentUnit) { + String deploymentName = deploymentUnit.getName(); + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return deploymentName; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return deploymentName; + } + + String moduleName = webMetaData.getModuleName(); + if (moduleName != null) return moduleName + ".war"; + + return deploymentName; + } } diff --git a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakDependencyProcessor.java b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakDependencyProcessor.java index 8f84a7c590..b778dc03b1 100755 --- a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakDependencyProcessor.java +++ b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakDependencyProcessor.java @@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); - if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) { + if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return; diff --git a/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigDeploymentProcessor.java b/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigDeploymentProcessor.java index 6facc2ca81..0ec9335a57 100755 --- a/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigDeploymentProcessor.java +++ b/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigDeploymentProcessor.java @@ -46,8 +46,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP // not sure if we need this yet, keeping here just in case protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) { - String deploymentName = deploymentUnit.getName(); - if (!service.isSecureDeployment(deploymentName)) { + if (!service.isSecureDeployment(deploymentUnit)) { return; } WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); @@ -67,10 +66,9 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance(); - if (service.isSecureDeployment(deploymentName)) { - addKeycloakAuthData(phaseContext, deploymentName, service); + if (service.isSecureDeployment(deploymentUnit)) { + addKeycloakAuthData(phaseContext, service); } // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK @@ -79,14 +77,14 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP // addSecurityDomain(deploymentUnit, service); } - private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { + private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { - throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); + throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); } - addJSONData(service.getJSON(deploymentName), warMetaData); + addJSONData(service.getJSON(deploymentUnit), warMetaData); JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { webMetaData = new JBossWebMetaData(); @@ -99,8 +97,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP webMetaData.setLoginConfig(loginConfig); } loginConfig.setAuthMethod("KEYCLOAK"); - loginConfig.setRealmName(service.getRealmName(deploymentName)); - KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); + loginConfig.setRealmName(service.getRealmName(deploymentUnit)); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); } private void addJSONData(String json, WarMetaData warMetaData) { diff --git a/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java b/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java index c9251f97f9..5d15b70aaf 100755 --- a/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java +++ b/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java @@ -24,6 +24,9 @@ import java.util.HashMap; import java.util.Map; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.web.common.WarMetaData; +import org.jboss.metadata.web.jboss.JBossWebMetaData; /** * This service keeps track of the entire Keycloak management model so as to provide @@ -153,13 +156,15 @@ public final class KeycloakAdapterConfigService { return null; } - public String getRealmName(String deploymentName) { + public String getRealmName(DeploymentUnit deploymentUnit) { + String deploymentName = preferredDeploymentName(deploymentUnit); ModelNode deployment = this.secureDeployments.get(deploymentName); return deployment.get(RealmDefinition.TAG_NAME).asString(); } - public String getJSON(String deploymentName) { + public String getJSON(DeploymentUnit deploymentUnit) { + String deploymentName = preferredDeploymentName(deploymentUnit); ModelNode deployment = this.secureDeployments.get(deploymentName); String realmName = deployment.get(RealmDefinition.TAG_NAME).asString(); ModelNode realm = this.realms.get(realmName); @@ -183,9 +188,29 @@ public final class KeycloakAdapterConfigService { } } - public boolean isSecureDeployment(String deploymentName) { + public boolean isSecureDeployment(DeploymentUnit deploymentUnit) { //log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size()); + String deploymentName = preferredDeploymentName(deploymentUnit); return this.secureDeployments.containsKey(deploymentName); } + + // KEYCLOAK-3273: prefer module name if available + private String preferredDeploymentName(DeploymentUnit deploymentUnit) { + String deploymentName = deploymentUnit.getName(); + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return deploymentName; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return deploymentName; + } + + String moduleName = webMetaData.getModuleName(); + if (moduleName != null) return moduleName + ".war"; + + return deploymentName; + } } diff --git a/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakDependencyProcessor.java b/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakDependencyProcessor.java index 26a9723c3b..60d0856d4e 100755 --- a/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakDependencyProcessor.java +++ b/adapters/oidc/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakDependencyProcessor.java @@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); - if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) { + if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return; diff --git a/adapters/oidc/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java b/adapters/oidc/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java index 48dcc92eca..2daec3cb4f 100755 --- a/adapters/oidc/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java +++ b/adapters/oidc/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java @@ -78,8 +78,6 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest { addCredential(addr, service, "secret", "secret1"); addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks"); addCredential(addr, service, "jwt.token-timeout", "10"); - - System.out.println("Deployment: " + service.getJSON("foo")); } private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) { diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Configuration.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Configuration.java index 07c32f85d1..4534cf4a4e 100644 --- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Configuration.java +++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Configuration.java @@ -16,8 +16,11 @@ */ package org.keycloak.subsystem.saml.as7; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.web.deployment.WarMetaData; import org.jboss.dmr.ModelNode; import org.jboss.dmr.Property; +import org.jboss.metadata.web.jboss.JBossWebMetaData; /** * @author Marko Strukelj @@ -46,7 +49,8 @@ public class Configuration { return keymodel.get(key); } - public ModelNode getSecureDeployment(String name) { + public ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) { + String name = preferredDeploymentName(deploymentUnit); ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT); if (secureDeployment.hasDefined(name)) { return secureDeployment.get(name); @@ -54,7 +58,26 @@ public class Configuration { return null; } - public boolean isSecureDeployment(String name) { - return getSecureDeployment(name) != null; + public boolean isSecureDeployment(DeploymentUnit deploymentUnit) { + return getSecureDeployment(deploymentUnit) != null; + } + + // KEYCLOAK-3273: prefer module name if available + private String preferredDeploymentName(DeploymentUnit deploymentUnit) { + String deploymentName = deploymentUnit.getName(); + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return deploymentName; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return deploymentName; + } + + String moduleName = webMetaData.getModuleName(); + if (moduleName != null) return moduleName + ".war"; + + return deploymentName; } } diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java index 54fc1e2734..48ab715d3a 100755 --- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java +++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java @@ -51,7 +51,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP @Override public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { @@ -69,30 +68,30 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP try { boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod()); - boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentName); + boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentUnit); if (hasSubsystemConfig || webRequiresKC) { - log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName); + log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentUnit.getName()); // if secure-deployment configuration exists for web app, we force KEYCLOAK-SAML auth method on it if (hasSubsystemConfig) { - addXMLData(getXML(deploymentName), warMetaData); + addXMLData(getXML(deploymentUnit), warMetaData); if (loginConfig != null) { loginConfig.setAuthMethod("KEYCLOAK-SAML"); //loginConfig.setRealmName(service.getRealmName(deploymentName)); } else { - log.warn("Failed to set up KEYCLOAK-SAML auth method for WAR: " + deploymentName + " (loginConfig == null)"); + log.warn("Failed to set up KEYCLOAK-SAML auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)"); } } addValve(webMetaData); - KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); } } catch (Exception e) { throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e); } } - private String getXML(String deploymentName) throws XMLStreamException { - ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentName); + private String getXML(DeploymentUnit deploymentUnit) throws XMLStreamException { + ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentUnit); if (node != null) { KeycloakSubsystemParser writer = new KeycloakSubsystemParser(); ByteArrayOutputStream output = new ByteArrayOutputStream(); diff --git a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java index 851052dd46..51988b21c7 100755 --- a/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java +++ b/adapters/saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java @@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); - if (Configuration.INSTANCE.getSecureDeployment(deploymentName) == null) { + if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) == null) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return; diff --git a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Configuration.java b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Configuration.java index d3990a4d3a..e81b05dde6 100644 --- a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Configuration.java +++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Configuration.java @@ -16,8 +16,11 @@ */ package org.keycloak.subsystem.adapter.saml.extension; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.web.common.WarMetaData; import org.jboss.dmr.ModelNode; import org.jboss.dmr.Property; +import org.jboss.metadata.web.jboss.JBossWebMetaData; /** * @author Marko Strukelj @@ -46,11 +49,31 @@ public class Configuration { return keymodel.get(key); } - public ModelNode getSecureDeployment(String name) { + public ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) { + String name = preferredDeploymentName(deploymentUnit); ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT); if (secureDeployment.hasDefined(name)) { return secureDeployment.get(name); } return null; } + + // KEYCLOAK-3273: prefer module name if available + private String preferredDeploymentName(DeploymentUnit deploymentUnit) { + String deploymentName = deploymentUnit.getName(); + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return deploymentName; + } + + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + return deploymentName; + } + + String moduleName = webMetaData.getModuleName(); + if (moduleName != null) return moduleName + ".war"; + + return deploymentName; + } } diff --git a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java index cd3cf17b53..c23d77fdbc 100755 --- a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java +++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakAdapterConfigDeploymentProcessor.java @@ -49,21 +49,20 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); - if (Configuration.INSTANCE.getSecureDeployment(deploymentName) != null) { - addKeycloakSamlAuthData(phaseContext, deploymentName); + if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) != null) { + addKeycloakSamlAuthData(phaseContext); } } - private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext, String deploymentName) throws DeploymentUnitProcessingException { + private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { - throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); + throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); } try { - addXMLData(getXML(deploymentName), warMetaData); + addXMLData(getXML(deploymentUnit), warMetaData); } catch (Exception e) { throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e); } @@ -80,11 +79,11 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP } loginConfig.setAuthMethod("KEYCLOAK-SAML"); - KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); + KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); } - private String getXML(String deploymentName) throws XMLStreamException { - ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentName); + private String getXML(DeploymentUnit deploymentUnit) throws XMLStreamException { + ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentUnit); if (node != null) { KeycloakSubsystemParser writer = new KeycloakSubsystemParser(); ByteArrayOutputStream output = new ByteArrayOutputStream(); diff --git a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java index a53eedcdda..677eda219d 100755 --- a/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java +++ b/adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java @@ -45,8 +45,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); - String deploymentName = deploymentUnit.getName(); - if (Configuration.INSTANCE.getSecureDeployment(deploymentName) == null) { + if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) == null) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return;