From a25aed13ed39ddd937aca0a52a5ceab68ceda95b Mon Sep 17 00:00:00 2001 From: --add Date: Fri, 3 Jun 2016 18:16:22 +0530 Subject: [PATCH] resolving compilation errors for the downstream build system --- topics/oidc/java/fuse-adapter.adoc | 6 ++++-- topics/oidc/java/jboss-adapter.adoc | 4 ++-- topics/oidc/java/jetty9-adapter.adoc | 4 ++-- topics/oidc/java/servlet-filter-adapter.adoc | 4 ++-- topics/oidc/java/tomcat-adapter.adoc | 4 ++-- topics/saml/java/jetty-adapter.adoc | 2 +- topics/saml/java/jetty-adapter/jetty9_installation.adoc | 2 +- 7 files changed, 14 insertions(+), 12 deletions(-) diff --git a/topics/oidc/java/fuse-adapter.adoc b/topics/oidc/java/fuse-adapter.adoc index c8833f4154..2eb700964b 100755 --- a/topics/oidc/java/fuse-adapter.adoc +++ b/topics/oidc/java/fuse-adapter.adoc @@ -80,7 +80,9 @@ It's recommended to use your own Jetty engine for your apps (similarly like `cxf Keycloak mainly addresses usecases for authentication of web applications, however if your admin services (like fuse admin console) are protected with Keycloak, it may be good to protect non-web services like SSH with Keycloak credentials too. It's possible to do it by using JAAS login module, which -allows to remotely connect to Keycloak and verify credentials based on <<_direct_access_grants,Direct Access Grants>> . +allows to remotely connect to Keycloak and verify credentials based on + +// <<_direct_access_grants,Direct Access Grants>> . Example steps for enable SSH authentication require changing the configuration of `sshRealm` in `$FUSE_HOME/etc/org.apache.karaf.shell.cfg`, then adding file `$FUSE_HOME/etc/keycloak-direct-access.json` (this is default location, which can be changed) and install the needed feature `keycloak-jaas`. It's described in details @@ -99,4 +101,4 @@ It's described in details in the README file of Fuse example, which in example d ===== Secure Fuse admin console -Fuse admin console is Hawt.io. See http://hawt.io/configuration/index.html[Hawt.io documentation] for more info about how to secure it with Keycloak. \ No newline at end of file +Fuse admin console is Hawt.io. See http://hawt.io/configuration/index.html[Hawt.io documentation] for more info about how to secure it with Keycloak. diff --git a/topics/oidc/java/jboss-adapter.adoc b/topics/oidc/java/jboss-adapter.adoc index f4d861fe13..cd1d7b0ce3 100755 --- a/topics/oidc/java/jboss-adapter.adoc +++ b/topics/oidc/java/jboss-adapter.adoc @@ -174,7 +174,7 @@ public class CustomerService { This section describes how to secure a WAR directly by adding config and editing files within your WAR package. The first thing you must do is create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR. -The format of this config file is describe in the <<_adapter_config,general adapter configuration>> section. +The format of this config file is describe in the <<_saml-general-config,general adapter configuration>> section. Next you must set the `auth-method` to `KEYCLOAK` in `web.xml`. You also have to use standard servlet security to specify role-base constraints on your URLs. @@ -259,7 +259,7 @@ This metadata is instead defined within server configuration (i.e. `standalone.x The `secure-deployment` `name` attribute identifies the WAR you want to secure. Its value is the `module-name` defined in `web.xml` with `.war` appended. -The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<_adapter_config,general adapter configuration>>. +The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<_saml-general-config,general adapter configuration>>. The exception is the `credential` element. To make it easier for you, you can go to the {{book.project.title}} Administration Console and go to the Application/Installation tab of the application this WAR is aligned with. diff --git a/topics/oidc/java/jetty9-adapter.adoc b/topics/oidc/java/jetty9-adapter.adoc index d1972e4da9..27021f3f0b 100755 --- a/topics/oidc/java/jetty9-adapter.adoc +++ b/topics/oidc/java/jetty9-adapter.adoc @@ -58,7 +58,7 @@ This is a Jetty specific config file and you must define a Keycloak specific aut ---- Next you must create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR. -The format of this config file is describe in the <<_adapter_config,general adapter configuration>> section. +The format of this config file is describe in the <<_saml-general-config,general adapter configuration>> section. WARNING: The Jetty 9.1.x adapter will not be able to find the `keycloak.json` file. You will have to define all adapter settings within the `jetty-web.xml` file as described below. @@ -145,4 +145,4 @@ Here's an example: user ----- \ No newline at end of file +---- diff --git a/topics/oidc/java/servlet-filter-adapter.adoc b/topics/oidc/java/servlet-filter-adapter.adoc index 3f8c809b68..d3f161eca1 100755 --- a/topics/oidc/java/servlet-filter-adapter.adoc +++ b/topics/oidc/java/servlet-filter-adapter.adoc @@ -31,7 +31,7 @@ There's no way standard way to invalidate an HTTP session based on a session id. ---- In the snippet above there are two url-patterns. - `/protected/*` are the files we want protected, while the `/keycloak/*` url-pattern handles callbacks from the {{book.project.title}} server. + */protected/** are the files we want protected, while the */keycloak/** url-pattern handles callbacks from the {{book.project.title}} server. Note that you should configure your client in the {{book.project.title}} Admin Console with an Admin URL that points to a secured section covered by the filter's url-pattern. @@ -49,4 +49,4 @@ To use this filter, include this maven artifact in your WAR poms: keycloak-servlet-filter-adapter &project.version; ----- \ No newline at end of file +---- diff --git a/topics/oidc/java/tomcat-adapter.adoc b/topics/oidc/java/tomcat-adapter.adoc index 06e93f794e..6b51783b52 100755 --- a/topics/oidc/java/tomcat-adapter.adoc +++ b/topics/oidc/java/tomcat-adapter.adoc @@ -45,7 +45,7 @@ This is a Tomcat specific config file and you must define a Keycloak specific Va ---- Next you must create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR. -The format of this config file is describe in the <<_adapter_config,general adapter configuration>> section. +The format of this config file is describe in the <<_saml-general-config,general adapter configuration>> section. Finally you must specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs. Here's an example: @@ -84,4 +84,4 @@ Here's an example: user ----- \ No newline at end of file +---- diff --git a/topics/saml/java/jetty-adapter.adoc b/topics/saml/java/jetty-adapter.adoc index 6a85ed2798..78ca40cc3f 100644 --- a/topics/saml/java/jetty-adapter.adoc +++ b/topics/saml/java/jetty-adapter.adoc @@ -1,4 +1,4 @@ - +[[_jetty_adapter]] ==== Jetty SAML Adapters To be able to secure WAR apps deployed on Jetty you must install the {{book.project.name}} Jetty 9.x or 8.x SAML adapter into your Jetty installation. diff --git a/topics/saml/java/jetty-adapter/jetty9_installation.adoc b/topics/saml/java/jetty-adapter/jetty9_installation.adoc index 2554091131..515c489aa7 100644 --- a/topics/saml/java/jetty-adapter/jetty9_installation.adoc +++ b/topics/saml/java/jetty-adapter/jetty9_installation.adoc @@ -1,4 +1,4 @@ -[[_jetty9_adapter_installation]] +[[_jetty_adapter_installation]] ===== Jetty 9 Adapter Installation