libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

fixes after merge

Browse source
This commit is contained in:
Bill Burke 2017-05-19 15:54:36 -04:00
commit ab763e7c5b
476 changed files with 18033 additions and 9130 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/HttpClientBuilder.java
View file

@ -170,8 +170,8 @@ public class HttpClientBuilder {
return this;
}
public HttpClientBuilder disableCookieCache() {
this.disableCookieCache = true;
public HttpClientBuilder disableCookieCache(boolean disable) {
this.disableCookieCache = disable;
return this;
}
@ -334,7 +334,7 @@ public class HttpClientBuilder {
}
public HttpClient build(AdapterHttpClientConfig adapterConfig) {
disableCookieCache(); // disable cookie cache as we don't want sticky sessions for load balancing
disableCookieCache(true); // disable cookie cache as we don't want sticky sessions for load balancing
String truststorePath = adapterConfig.getTruststore();
if (truststorePath != null) {

8
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java
View file

@ -17,6 +17,8 @@
*/
package org.keycloak.adapters.authorization;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.adapters.OIDCHttpFacade;
import org.keycloak.adapters.spi.HttpFacade;
@ -26,8 +28,6 @@ import org.keycloak.authorization.client.resource.PermissionResource;
import org.keycloak.authorization.client.resource.ProtectionResource;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
import java.util.Set;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@ -52,7 +52,7 @@ public class BearerTokenPolicyEnforcer extends AbstractPolicyEnforcer {
private void challengeEntitlementAuthentication(OIDCHttpFacade facade) {
HttpFacade.Response response = facade.getResponse();
AuthzClient authzClient = getAuthzClient();
String clientId = authzClient.getConfiguration().getClientId();
String clientId = authzClient.getConfiguration().getResource();
String authorizationServerUri = authzClient.getServerConfiguration().getIssuer().toString() + "/authz/entitlement";
response.setStatus(401);
response.setHeader("WWW-Authenticate", "KC_ETT realm=\"" + clientId + "\",as_uri=\"" + authorizationServerUri + "\"");
@ -65,7 +65,7 @@ public class BearerTokenPolicyEnforcer extends AbstractPolicyEnforcer {
HttpFacade.Response response = facade.getResponse();
AuthzClient authzClient = getAuthzClient();
String ticket = getPermissionTicket(pathConfig, requiredScopes, authzClient);
String clientId = authzClient.getConfiguration().getClientId();
String clientId = authzClient.getConfiguration().getResource();
String authorizationServerUri = authzClient.getServerConfiguration().getIssuer().toString() + "/authz/authorize";
response.setStatus(401);
response.setHeader("WWW-Authenticate", "UMA realm=\"" + clientId + "\",as_uri=\"" + authorizationServerUri + "\",ticket=\"" + ticket + "\"");

4
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java
View file

@ -127,7 +127,7 @@ public class KeycloakAdapterPolicyEnforcer extends AbstractPolicyEnforcer {
AccessToken token = httpFacade.getSecurityContext().getToken();
if (token.getAuthorization() == null) {
EntitlementResponse authzResponse = authzClient.entitlement(accessToken).getAll(authzClient.getConfiguration().getClientId());
EntitlementResponse authzResponse = authzClient.entitlement(accessToken).getAll(authzClient.getConfiguration().getResource());
return AdapterRSATokenVerifier.verifyToken(authzResponse.getRpt(), deployment);
} else {
EntitlementRequest request = new EntitlementRequest();
@ -137,7 +137,7 @@ public class KeycloakAdapterPolicyEnforcer extends AbstractPolicyEnforcer {
permissionRequest.setScopes(new HashSet<>(pathConfig.getScopes()));
LOGGER.debugf("Sending entitlements request: resource_set_id [%s], resource_set_name [%s], scopes [%s].", permissionRequest.getResourceSetId(), permissionRequest.getResourceSetName(), permissionRequest.getScopes());
request.addPermission(permissionRequest);
EntitlementResponse authzResponse = authzClient.entitlement(accessToken).get(authzClient.getConfiguration().getClientId(), request);
EntitlementResponse authzResponse = authzClient.entitlement(accessToken).get(authzClient.getConfiguration().getResource(), request);
return AdapterRSATokenVerifier.verifyToken(authzResponse.getRpt(), deployment);
}
}

2
adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
View file

@ -168,7 +168,7 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
HttpSession httpSession = request.getSession();
httpSession.setAttribute(KeycloakAccount.class.getName(), sAccount);
httpSession.setAttribute(KeycloakSecurityContext.class.getName(), sAccount.getKeycloakSecurityContext());
if (idMapper != null) idMapper.map(account.getKeycloakSecurityContext().getToken().getClientSession(), account.getPrincipal().getName(), httpSession.getId());
if (idMapper != null) idMapper.map(account.getKeycloakSecurityContext().getToken().getSessionState(), account.getPrincipal().getName(), httpSession.getId());
//String username = securityContext.getToken().getSubject();
//log.fine("userSessionManagement.login: " + username);
}

53
authz/client/src/main/java/org/keycloak/authorization/client/Configuration.java
View file

@ -17,44 +17,33 @@
*/
package org.keycloak.authorization.client;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.keycloak.util.BasicAuthHelper;
import java.util.HashMap;
import java.util.Map;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.BasicAuthHelper;
import com.fasterxml.jackson.annotation.JsonIgnore;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class Configuration {
public class Configuration extends AdapterConfig {
@JsonIgnore
private HttpClient httpClient;
@JsonProperty("auth-server-url")
protected String authServerUrl;
@JsonProperty("realm")
protected String realm;
@JsonProperty("resource")
protected String clientId;
@JsonProperty("credentials")
protected Map<String, Object> clientCredentials = new HashMap<>();
public Configuration() {
}
public Configuration(String authServerUrl, String realm, String clientId, Map<String, Object> clientCredentials, HttpClient httpClient) {
this.authServerUrl = authServerUrl;
this.realm = realm;
this.clientId = clientId;
this.clientCredentials = clientCredentials;
setAuthServerUrl(authServerUrl);
setRealm(realm);
setResource(clientId);
setCredentials(clientCredentials);
this.httpClient = httpClient;
}
@ -62,13 +51,13 @@ public class Configuration {
private ClientAuthenticator clientAuthenticator = new ClientAuthenticator() {
@Override
public void configureClientCredentials(HashMap<String, String> requestParams, HashMap<String, String> requestHeaders) {
String secret = (String) clientCredentials.get("secret");
String secret = (String) getCredentials().get("secret");
if (secret == null) {
throw new RuntimeException("Client secret not provided.");
}
requestHeaders.put("Authorization", BasicAuthHelper.createHeader(clientId, secret));
requestHeaders.put("Authorization", BasicAuthHelper.createHeader(getResource(), secret));
}
};
@ -80,23 +69,7 @@ public class Configuration {
return httpClient;
}
public String getClientId() {
return clientId;
}
public String getAuthServerUrl() {
return authServerUrl;
}
public ClientAuthenticator getClientAuthenticator() {
return this.clientAuthenticator;
}
public Map<String, Object> getClientCredentials() {
return clientCredentials;
}
public String getRealm() {
return realm;
}
}

8
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
View file

@ -107,7 +107,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
if (clients.isEmpty()) {
policyStore.delete(policy.getId());
} else {
policy.getConfig().put("clients", JsonSerialization.writeValueAsString(clients));
policy.putConfig("clients", JsonSerialization.writeValueAsString(clients));
}
} catch (IOException e) {
throw new RuntimeException("Error while synchronizing clients with policy [" + policy.getName() + "].", e);
@ -152,11 +152,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
}
try {
Map<String, String> config = policy.getConfig();
config.put("clients", JsonSerialization.writeValueAsString(updatedClients));
policy.setConfig(config);
policy.putConfig("clients", JsonSerialization.writeValueAsString(updatedClients));
} catch (IOException cause) {
throw new RuntimeException("Failed to serialize clients", cause);
}

4
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/js/JSPolicyProviderFactory.java
View file

@ -70,9 +70,7 @@ public class JSPolicyProviderFactory implements PolicyProviderFactory<JSPolicyRe
}
private void updatePolicy(Policy policy, String code) {
Map<String, String> config = policy.getConfig();
config.put("code", code);
policy.setConfig(config);
policy.putConfig("code", code);
}
@Override

3
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/resource/ResourcePolicyProviderFactory.java
View file

@ -1,5 +1,6 @@
package org.keycloak.authorization.policy.provider.resource;
import java.util.HashMap;
import java.util.Map;
import org.keycloak.Config;
@ -64,7 +65,7 @@ public class ResourcePolicyProviderFactory implements PolicyProviderFactory<Reso
//TODO: remove this check once we migrate to new API
if (ResourcePermissionRepresentation.class.equals(representation.getClass())) {
ResourcePermissionRepresentation resourcePermission = ResourcePermissionRepresentation.class.cast(representation);
Map<String, String> config = policy.getConfig();
Map<String, String> config = new HashMap(policy.getConfig());
config.compute("defaultResourceType", (key, value) -> {
String resourceType = resourcePermission.getResourceType();

10
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
View file

@ -163,11 +163,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
}
try {
Map<String, String> config = policy.getConfig();
config.put("roles", JsonSerialization.writeValueAsString(updatedRoles));
policy.setConfig(config);
policy.putConfig("roles", JsonSerialization.writeValueAsString(updatedRoles));
} catch (IOException cause) {
throw new RuntimeException("Failed to serialize roles", cause);
}
@ -224,9 +220,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
if (roles.isEmpty()) {
policyStore.delete(policy.getId());
} else {
Map<String, String> config = policy.getConfig();
config.put("roles", JsonSerialization.writeValueAsString(roles));
policy.setConfig(config);
policy.putConfig("roles", JsonSerialization.writeValueAsString(roles));
}
} catch (IOException e) {
throw new RuntimeException("Error while synchronizing roles with policy [" + policy.getName() + "].", e);

3
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/time/TimePolicyProviderFactory.java
View file

@ -1,6 +1,7 @@
package org.keycloak.authorization.policy.provider.time;
import java.text.SimpleDateFormat;
import java.util.HashMap;
import java.util.Map;
import org.keycloak.Config;
@ -118,7 +119,7 @@ public class TimePolicyProviderFactory implements PolicyProviderFactory<TimePoli
validateFormat(noa);
}
Map<String, String> config = policy.getConfig();
Map<String, String> config = new HashMap(policy.getConfig());
config.compute("nbf", (s, s2) -> nbf != null ? nbf : null);
config.compute("noa", (s, s2) -> noa != null ? noa : null);

7
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java
View file

@ -138,11 +138,8 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory<UserPoli
}
try {
Map<String, String> config = policy.getConfig();
config.put("users", JsonSerialization.writeValueAsString(updatedUsers));
policy.setConfig(config);
policy.putConfig("users", JsonSerialization.writeValueAsString(updatedUsers));
} catch (IOException cause) {
throw new RuntimeException("Failed to serialize users", cause);
}
@ -181,7 +178,7 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory<UserPoli
if (users.isEmpty()) {
policyStore.delete(policy.getId());
} else {
policy.getConfig().put("users", JsonSerialization.writeValueAsString(users));
policy.putConfig("users", JsonSerialization.writeValueAsString(users));
}
} catch (IOException e) {
throw new RuntimeException("Error while synchronizing users with policy [" + policy.getName() + "].", e);

16
authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
View file

@ -120,17 +120,15 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
}
private void updateConfig(Policy policy, RulePolicyRepresentation representation) {
Map<String, String> config = policy.getConfig();
config.put("mavenArtifactGroupId", representation.getArtifactGroupId());
config.put("mavenArtifactId", representation.getArtifactId());
config.put("mavenArtifactVersion", representation.getArtifactVersion());
config.put("scannerPeriod", representation.getScannerPeriod());
config.put("scannerPeriodUnit", representation.getScannerPeriodUnit());
config.put("sessionName", representation.getSessionName());
config.put("moduleName", representation.getModuleName());
policy.putConfig("mavenArtifactGroupId", representation.getArtifactGroupId());
policy.putConfig("mavenArtifactId", representation.getArtifactId());
policy.putConfig("mavenArtifactVersion", representation.getArtifactVersion());
policy.putConfig("scannerPeriod", representation.getScannerPeriod());
policy.putConfig("scannerPeriodUnit", representation.getScannerPeriodUnit());
policy.putConfig("sessionName", representation.getSessionName());
policy.putConfig("moduleName", representation.getModuleName());
policy.setConfig(config);
}
void update(Policy policy) {

4
common/src/main/java/org/keycloak/common/util/OCSPUtils.java
View file

@ -317,8 +317,8 @@ public final class OCSPUtils {
}
if (certs.size() > 0) {
X500Name responderName = basicOcspResponse.getResponderId().toASN1Object().getName();
byte[] responderKey = basicOcspResponse.getResponderId().toASN1Object().getKeyHash();
X500Name responderName = basicOcspResponse.getResponderId().toASN1Primitive().getName();
byte[] responderKey = basicOcspResponse.getResponderId().toASN1Primitive().getKeyHash();
if (responderName != null) {
logger.log(Level.INFO, "Responder Name: {0}", responderName.toString());

4
core/src/main/java/org/keycloak/RSATokenVerifier.java
View file

@ -29,10 +29,10 @@ import java.security.PublicKey;
*/
public class RSATokenVerifier {
private TokenVerifier tokenVerifier;
private final TokenVerifier<AccessToken> tokenVerifier;
private RSATokenVerifier(String tokenString) {
this.tokenVerifier = TokenVerifier.create(tokenString);
this.tokenVerifier = TokenVerifier.create(tokenString, AccessToken.class).withDefaultChecks();
}
public static RSATokenVerifier create(String tokenString) {

384
core/src/main/java/org/keycloak/TokenVerifier.java
View file

@ -18,7 +18,8 @@
package org.keycloak;
import org.keycloak.common.VerificationException;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.exceptions.TokenNotActiveException;
import org.keycloak.exceptions.TokenSignatureInvalidException;
import org.keycloak.jose.jws.AlgorithmType;
import org.keycloak.jose.jws.JWSHeader;
import org.keycloak.jose.jws.JWSInput;
@ -26,67 +27,280 @@ import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.jose.jws.crypto.HMACProvider;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.util.TokenUtil;
import javax.crypto.SecretKey;
import java.security.PublicKey;
import java.util.*;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class TokenVerifier {
public class TokenVerifier<T extends JsonWebToken> {
private final String tokenString;
private static final Logger LOG = Logger.getLogger(TokenVerifier.class.getName());
// This interface is here as JDK 7 is a requirement for this project.
// Once JDK 8 would become mandatory, java.util.function.Predicate would be used instead.
/**
* Functional interface of checks that verify some part of a JWT.
* @param <T> Type of the token handled by this predicate.
*/
// @FunctionalInterface
public static interface Predicate<T extends JsonWebToken> {
/**
* Performs a single check on the given token verifier.
* @param t Token, guaranteed to be non-null.
* @return
* @throws VerificationException
*/
boolean test(T t) throws VerificationException;
}
public static final Predicate<JsonWebToken> SUBJECT_EXISTS_CHECK = new Predicate<JsonWebToken>() {
@Override
public boolean test(JsonWebToken t) throws VerificationException {
String subject = t.getSubject();
if (subject == null) {
throw new VerificationException("Subject missing in token");
}
return true;
}
};
/**
* Check for token being neither expired nor used before it gets valid.
* @see JsonWebToken#isActive()
*/
public static final Predicate<JsonWebToken> IS_ACTIVE = new Predicate<JsonWebToken>() {
@Override
public boolean test(JsonWebToken t) throws VerificationException {
if (! t.isActive()) {
throw new TokenNotActiveException(t, "Token is not active");
}
return true;
}
};
public static class RealmUrlCheck implements Predicate<JsonWebToken> {
private static final RealmUrlCheck NULL_INSTANCE = new RealmUrlCheck(null);
private final String realmUrl;
public RealmUrlCheck(String realmUrl) {
this.realmUrl = realmUrl;
}
@Override
public boolean test(JsonWebToken t) throws VerificationException {
if (this.realmUrl == null) {
throw new VerificationException("Realm URL not set");
}
if (! this.realmUrl.equals(t.getIssuer())) {
throw new VerificationException("Invalid token issuer. Expected '" + this.realmUrl + "', but was '" + t.getIssuer() + "'");
}
return true;
}
};
public static class TokenTypeCheck implements Predicate<JsonWebToken> {
private static final TokenTypeCheck INSTANCE_BEARER = new TokenTypeCheck(TokenUtil.TOKEN_TYPE_BEARER);
private final String tokenType;
public TokenTypeCheck(String tokenType) {
this.tokenType = tokenType;
}
@Override
public boolean test(JsonWebToken t) throws VerificationException {
if (! tokenType.equalsIgnoreCase(t.getType())) {
throw new VerificationException("Token type is incorrect. Expected '" + tokenType + "' but was '" + t.getType() + "'");
}
return true;
}
};
private String tokenString;
private Class<? extends T> clazz;
private PublicKey publicKey;
private SecretKey secretKey;
private String realmUrl;
private String expectedTokenType = TokenUtil.TOKEN_TYPE_BEARER;
private boolean checkTokenType = true;
private boolean checkActive = true;
private boolean checkRealmUrl = true;
private final LinkedList<Predicate<? super T>> checks = new LinkedList<>();
private JWSInput jws;
private AccessToken token;
private T token;
protected TokenVerifier(String tokenString) {
protected TokenVerifier(String tokenString, Class<T> clazz) {
this.tokenString = tokenString;
this.clazz = clazz;
}
public static TokenVerifier create(String tokenString) {
return new TokenVerifier(tokenString);
protected TokenVerifier(T token) {
this.token = token;
}
public TokenVerifier publicKey(PublicKey publicKey) {
/**
* Creates an instance of {@code TokenVerifier} from the given string on a JWT of the given class.
* The token verifier has no checks defined. Note that the checks are only tested when
* {@link #verify()} method is invoked.
* @param <T> Type of the token
* @param tokenString String representation of JWT
* @param clazz Class of the token
* @return
*/
public static <T extends JsonWebToken> TokenVerifier<T> create(String tokenString, Class<T> clazz) {
return new TokenVerifier(tokenString, clazz);
}
/**
* Creates an instance of {@code TokenVerifier} from the given string on a JWT of the given class.
* The token verifier has no checks defined. Note that the checks are only tested when
* {@link #verify()} method is invoked.
* @return
*/
public static <T extends JsonWebToken> TokenVerifier<T> create(T token) {
return new TokenVerifier(token);
}
/**
* Adds default checks to the token verification:
* <ul>
* <li>Realm URL (JWT issuer field: {@code iss}) has to be defined and match realm set via {@link #realmUrl(java.lang.String)} method</li>
* <li>Subject (JWT subject field: {@code sub}) has to be defined</li>
* <li>Token type (JWT type field: {@code typ}) has to be {@code Bearer}. The type can be set via {@link #tokenType(java.lang.String)} method</li>
* <li>Token has to be active, ie. both not expired and not used before its validity (JWT issuer fields: {@code exp} and {@code nbf})</li>
* </ul>
* @return This token verifier.
*/
public TokenVerifier<T> withDefaultChecks() {
return withChecks(
RealmUrlCheck.NULL_INSTANCE,
SUBJECT_EXISTS_CHECK,
TokenTypeCheck.INSTANCE_BEARER,
IS_ACTIVE
);
}
private void removeCheck(Class<? extends Predicate<?>> checkClass) {
for (Iterator<Predicate<? super T>> it = checks.iterator(); it.hasNext();) {
if (it.next().getClass() == checkClass) {
it.remove();
}
}
}
private void removeCheck(Predicate<? super T> check) {
checks.remove(check);
}
private <P extends Predicate<? super T>> TokenVerifier<T> replaceCheck(Class<? extends Predicate<?>> checkClass, boolean active, P predicate) {
removeCheck(checkClass);
if (active) {
checks.add(predicate);
}
return this;
}
private <P extends Predicate<? super T>> TokenVerifier<T> replaceCheck(Predicate<? super T> check, boolean active, P predicate) {
removeCheck(check);
if (active) {
checks.add(predicate);
}
return this;
}
/**
* Will test the given checks in {@link #verify()} method in addition to already set checks.
* @param checks
* @return
*/
public TokenVerifier<T> withChecks(Predicate<? super T>... checks) {
if (checks != null) {
this.checks.addAll(Arrays.asList(checks));
}
return this;
}
/**
* Sets the key for verification of RSA-based signature.
* @param publicKey
* @return
*/
public TokenVerifier<T> publicKey(PublicKey publicKey) {
this.publicKey = publicKey;
return this;
}
public TokenVerifier secretKey(SecretKey secretKey) {
/**
* Sets the key for verification of HMAC-based signature.
* @param secretKey
* @return
*/
public TokenVerifier<T> secretKey(SecretKey secretKey) {
this.secretKey = secretKey;
return this;
}
public TokenVerifier realmUrl(String realmUrl) {
/**
* @deprecated This method is here only for backward compatibility with previous version of {@code TokenVerifier}.
* @return This token verifier
*/
public TokenVerifier<T> realmUrl(String realmUrl) {
this.realmUrl = realmUrl;
return this;
return replaceCheck(RealmUrlCheck.class, checkRealmUrl, new RealmUrlCheck(realmUrl));
}
public TokenVerifier checkTokenType(boolean checkTokenType) {
/**
* @deprecated This method is here only for backward compatibility with previous version of {@code TokenVerifier}.
* @return This token verifier
*/
public TokenVerifier<T> checkTokenType(boolean checkTokenType) {
this.checkTokenType = checkTokenType;
return this;
return replaceCheck(TokenTypeCheck.class, this.checkTokenType, new TokenTypeCheck(expectedTokenType));
}
public TokenVerifier checkActive(boolean checkActive) {
this.checkActive = checkActive;
return this;
/**
* @deprecated This method is here only for backward compatibility with previous version of {@code TokenVerifier}.
* @return This token verifier
*/
public TokenVerifier<T> tokenType(String tokenType) {
this.expectedTokenType = tokenType;
return replaceCheck(TokenTypeCheck.class, this.checkTokenType, new TokenTypeCheck(expectedTokenType));
}
public TokenVerifier checkRealmUrl(boolean checkRealmUrl) {
/**
* @deprecated This method is here only for backward compatibility with previous version of {@code TokenVerifier}.
* @return This token verifier
*/
public TokenVerifier<T> checkActive(boolean checkActive) {
return replaceCheck(IS_ACTIVE, checkActive, IS_ACTIVE);
}
/**
* @deprecated This method is here only for backward compatibility with previous version of {@code TokenVerifier}.
* @return This token verifier
*/
public TokenVerifier<T> checkRealmUrl(boolean checkRealmUrl) {
this.checkRealmUrl = checkRealmUrl;
return this;
return replaceCheck(RealmUrlCheck.class, this.checkRealmUrl, new RealmUrlCheck(realmUrl));
}
public TokenVerifier parse() throws VerificationException {
public TokenVerifier<T> parse() throws VerificationException {
if (jws == null) {
if (tokenString == null) {
throw new VerificationException("Token not set");
@ -100,7 +314,7 @@ public class TokenVerifier {
try {
token = jws.readJsonContent(AccessToken.class);
token = jws.readJsonContent(clazz);
} catch (JWSInputException e) {
throw new VerificationException("Failed to read access token from JWT", e);
}
@ -108,8 +322,10 @@ public class TokenVerifier {
return this;
}
public AccessToken getToken() throws VerificationException {
parse();
public T getToken() throws VerificationException {
if (token == null) {
parse();
}
return token;
}
@ -118,53 +334,97 @@ public class TokenVerifier {
return jws.getHeader();
}
public TokenVerifier verify() throws VerificationException {
parse();
if (checkRealmUrl && realmUrl == null) {
throw new VerificationException("Realm URL not set");
}
public void verifySignature() throws VerificationException {
AlgorithmType algorithmType = getHeader().getAlgorithm().getType();
if (AlgorithmType.RSA.equals(algorithmType)) {
if (publicKey == null) {
throw new VerificationException("Public key not set");
}
if (null == algorithmType) {
throw new VerificationException("Unknown or unsupported token algorithm");
} else switch (algorithmType) {
case RSA:
if (publicKey == null) {
throw new VerificationException("Public key not set");
}
if (!RSAProvider.verify(jws, publicKey)) {
throw new TokenSignatureInvalidException(token, "Invalid token signature");
} break;
case HMAC:
if (secretKey == null) {
throw new VerificationException("Secret key not set");
}
if (!HMACProvider.verify(jws, secretKey)) {
throw new TokenSignatureInvalidException(token, "Invalid token signature");
} break;
default:
throw new VerificationException("Unknown or unsupported token algorithm");
}
}
if (!RSAProvider.verify(jws, publicKey)) {
throw new VerificationException("Invalid token signature");
}
} else if (AlgorithmType.HMAC.equals(algorithmType)) {
if (secretKey == null) {
throw new VerificationException("Secret key not set");
}
if (!HMACProvider.verify(jws, secretKey)) {
throw new VerificationException("Invalid token signature");
}
} else {
throw new VerificationException("Unknown or unsupported token algorith");
public TokenVerifier<T> verify() throws VerificationException {
if (getToken() == null) {
parse();
}
if (jws != null) {
verifySignature();
}
String user = token.getSubject();
if (user == null) {
throw new VerificationException("Subject missing in token");
}
if (checkRealmUrl && !realmUrl.equals(token.getIssuer())) {
throw new VerificationException("Invalid token issuer. Expected '" + realmUrl + "', but was '" + token.getIssuer() + "'");
}
if (checkTokenType && !TokenUtil.TOKEN_TYPE_BEARER.equalsIgnoreCase(token.getType())) {
throw new VerificationException("Token type is incorrect. Expected '" + TokenUtil.TOKEN_TYPE_BEARER + "' but was '" + token.getType() + "'");
}
if (checkActive && !token.isActive()) {
throw new VerificationException("Token is not active");
for (Predicate<? super T> check : checks) {
if (! check.test(getToken())) {
throw new VerificationException("JWT check failed for check " + check);
}
}
return this;
}
/**
* Creates an optional predicate from a predicate that will proceed with check but always pass.
* @param <T>
* @param mandatoryPredicate
* @return
*/
public static <T extends JsonWebToken> Predicate<T> optional(final Predicate<T> mandatoryPredicate) {
return new Predicate<T>() {
@Override
public boolean test(T t) throws VerificationException {
try {
if (! mandatoryPredicate.test(t)) {
LOG.finer("[optional] predicate failed: " + mandatoryPredicate);
}
return true;
} catch (VerificationException ex) {
LOG.log(Level.FINER, "[optional] predicate " + mandatoryPredicate + " failed.", ex);
return true;
}
}
};
}
/**
* Creates a predicate that will proceed with checks of the given predicates
* and will pass if and only if at least one of the given predicates passes.
* @param <T>
* @param predicates
* @return
*/
public static <T extends JsonWebToken> Predicate<T> alternative(final Predicate<? super T>... predicates) {
return new Predicate<T>() {
@Override
public boolean test(T t) throws VerificationException {
for (Predicate<? super T> predicate : predicates) {
try {
if (predicate.test(t)) {
return true;
}
LOG.finer("[alternative] predicate failed: " + predicate);
} catch (VerificationException ex) {
LOG.log(Level.FINER, "[alternative] predicate " + predicate + " failed.", ex);
}
}
return false;
}
};
}
}

44
core/src/main/java/org/keycloak/exceptions/TokenNotActiveException.java Normal file
View file

@ -0,0 +1,44 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.exceptions;
import org.keycloak.representations.JsonWebToken;
/**
* Exception thrown for cases when token is invalid due to time constraints (expired, or not yet valid).
* Cf. {@link JsonWebToken#isActive()}.
* @author hmlnarik
*/
public class TokenNotActiveException extends TokenVerificationException {
public TokenNotActiveException(JsonWebToken token) {
super(token);
}
public TokenNotActiveException(JsonWebToken token, String message) {
super(token, message);
}
public TokenNotActiveException(JsonWebToken token, String message, Throwable cause) {
super(token, message, cause);
}
public TokenNotActiveException(JsonWebToken token, Throwable cause) {
super(token, cause);
}
}

43
core/src/main/java/org/keycloak/exceptions/TokenSignatureInvalidException.java Normal file
View file

@ -0,0 +1,43 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.exceptions;
import org.keycloak.representations.JsonWebToken;
/**
* Thrown when token signature is invalid.
* @author hmlnarik
*/
public class TokenSignatureInvalidException extends TokenVerificationException {
public TokenSignatureInvalidException(JsonWebToken token) {
super(token);
}
public TokenSignatureInvalidException(JsonWebToken token, String message) {
super(token, message);
}
public TokenSignatureInvalidException(JsonWebToken token, String message, Throwable cause) {
super(token, message, cause);
}
public TokenSignatureInvalidException(JsonWebToken token, Throwable cause) {
super(token, cause);
}
}

54
core/src/main/java/org/keycloak/exceptions/TokenVerificationException.java Normal file
View file

@ -0,0 +1,54 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.exceptions;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.JsonWebToken;
/**
* Exception thrown on failed verification of a token.
*
* @author hmlnarik
*/
public class TokenVerificationException extends VerificationException {
private final JsonWebToken token;
public TokenVerificationException(JsonWebToken token) {
this.token = token;
}
public TokenVerificationException(JsonWebToken token, String message) {
super(message);
this.token = token;
}
public TokenVerificationException(JsonWebToken token, String message, Throwable cause) {
super(message, cause);
this.token = token;
}
public TokenVerificationException(JsonWebToken token, Throwable cause) {
super(cause);
this.token = token;
}
public JsonWebToken getToken() {
return token;
}
}

12
core/src/main/java/org/keycloak/representations/AccessToken.java
View file

@ -97,9 +97,6 @@ public class AccessToken extends IDToken {
}
}
@JsonProperty("client_session")
protected String clientSession;
@JsonProperty("trusted-certs")
protected Set<String> trustedCertificates;
@ -156,10 +153,6 @@ public class AccessToken extends IDToken {
return resourceAccess.get(resource);
}
public String getClientSession() {
return clientSession;
}
public Access addAccess(String service) {
Access access = resourceAccess.get(service);
if (access != null) return access;
@ -168,11 +161,6 @@ public class AccessToken extends IDToken {
return access;
}
public AccessToken clientSession(String session) {
this.clientSession = session;
return this;
}
@Override
public AccessToken id(String id) {
return (AccessToken) super.id(id);

1
core/src/main/java/org/keycloak/representations/RefreshToken.java
View file

@ -40,7 +40,6 @@ public class RefreshToken extends AccessToken {
*/
public RefreshToken(AccessToken token) {
this();
this.clientSession = token.getClientSession();
this.issuer = token.issuer;
this.subject = token.subject;
this.issuedFor = token.issuedFor;

18
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -46,6 +46,8 @@ public class RealmRepresentation {
protected Integer accessCodeLifespan;
protected Integer accessCodeLifespanUserAction;
protected Integer accessCodeLifespanLogin;
protected Integer actionTokenGeneratedByAdminLifespan;
protected Integer actionTokenGeneratedByUserLifespan;
protected Boolean enabled;
protected String sslRequired;
@Deprecated
@ -338,6 +340,22 @@ public class RealmRepresentation {
this.accessCodeLifespanLogin = accessCodeLifespanLogin;
}
public Integer getActionTokenGeneratedByAdminLifespan() {
return actionTokenGeneratedByAdminLifespan;
}
public void setActionTokenGeneratedByAdminLifespan(Integer actionTokenGeneratedByAdminLifespan) {
this.actionTokenGeneratedByAdminLifespan = actionTokenGeneratedByAdminLifespan;
}
public Integer getActionTokenGeneratedByUserLifespan() {
return actionTokenGeneratedByUserLifespan;
}
public void setActionTokenGeneratedByUserLifespan(Integer actionTokenGeneratedByUserLifespan) {
this.actionTokenGeneratedByUserLifespan = actionTokenGeneratedByUserLifespan;
}
public List<String> getDefaultRoles() {
return defaultRoles;
}

89
distribution/adapters/wildfly-adapter/assembly.xml Executable file
View file

@ -0,0 +1,89 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<assembly>
<id>server-dist</id>
<formats>
<format>zip</format>
<format>tar.gz</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<filtered>true</filtered>
<includes>
<include>**/module.xml</include>
</includes>
</fileSet>
<fileSet>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<filtered>false</filtered>
<excludes>
<exclude>docs/**</exclude>
<exclude>README.md</exclude>
</excludes>
</fileSet>
<fileSet>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<includes>
<include>bin/*.sh</include>
</includes>
<fileMode>0755</fileMode>
</fileSet>
<fileSet>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<includes>
<include>themes/**</include>
</includes>
<fileMode>0444</fileMode>
</fileSet>
<fileSet>
<directory>src/main/modules</directory>
<outputDirectory>modules</outputDirectory>
<includes>
<include>layers.conf</include>
</includes>
</fileSet>
</fileSets>
<files>
<file>
<source>../shared-cli/adapter-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>cli/adapter-install-offline.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>../shared-cli/adapter-elytron-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>cli/adapter-elytron-install-offline.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

0
distribution/adapters/wildfly-adapter/wildfly-adapter-zip/cli/adapter-elytron-install-offline.cli → distribution/adapters/wildfly-adapter/cli/adapter-elytron-install-offline.cli
View file

0
distribution/adapters/wildfly-adapter/wildfly-adapter-zip/cli/adapter-install-offline.cli → distribution/adapters/wildfly-adapter/cli/adapter-install-offline.cli
View file

108
distribution/adapters/wildfly-adapter/pom.xml
View file

@ -17,21 +17,109 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-parent</artifactId>
<artifactId>keycloak-adapters-distribution-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>3.2.0.CR1-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<name>Keycloak Wildfly Adapter</name>
<description/>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-wildfly-adapter-dist-pom</artifactId>
<artifactId>keycloak-wildfly-adapter-dist</artifactId>
<packaging>pom</packaging>
<name>Keycloak Adapter Overlay Distribution</name>
<description/>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-feature-pack</artifactId>
<type>zip</type>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.wildfly.build</groupId>
<artifactId>wildfly-server-provisioning-maven-plugin</artifactId>
<version>${build-tools.version}</version>
<executions>
<execution>
<id>server-provisioning</id>
<goals>
<goal>build</goal>
</goals>
<phase>compile</phase>
<configuration>
<config-file>server-provisioning.xml</config-file>
<overlay>true</overlay>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>${assemblyFile}</descriptor>
</descriptors>
<recompressZippedFiles>true</recompressZippedFiles>
<finalName>${project.build.finalName}</finalName>
<appendAssemblyId>false</appendAssemblyId>
<outputDirectory>${project.build.directory}</outputDirectory>
<workDirectory>${project.build.directory}/assembly/work</workDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>community</id>
<activation>
<property>
<name>!product</name>
</property>
</activation>
<properties>
<build-tools.version>${wildfly.build-tools.version}</build-tools.version>
<assemblyFile>assembly.xml</assemblyFile>
</properties>
</profile>
<profile>
<id>product</id>
<activation>
<property>
<name>product</name>
</property>
</activation>
<properties>
<build-tools.version>${eap.build-tools.version}</build-tools.version>
<assemblyFile>assembly.xml</assemblyFile>
<profileExcludes>%regex[(docs/contrib.*)|(docs/examples.*)|(docs/schema.*)]</profileExcludes>
</properties>
<dependencies>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-dist</artifactId>
<type>zip</type>
</dependency>
</dependencies>
<build>
<finalName>${product.name}-${product.filename.version}-eap7-adapter</finalName>
</build>
</profile>
</profiles>
<modules>
<module>wildfly-modules</module>
<module>wildfly-adapter-zip</module>
</modules>
</project>

4
distribution/server-dist/server-provisioning.xml → distribution/adapters/wildfly-adapter/server-provisioning.xml
View file

@ -14,8 +14,8 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<server-provisioning xmlns="urn:wildfly:server-provisioning:1.0" extract-schemas="true" copy-module-artifacts="true">
<server-provisioning xmlns="urn:wildfly:server-provisioning:1.2" extract-schemas="true" copy-module-artifacts="true">
<feature-packs>
<feature-pack groupId="org.keycloak" artifactId="keycloak-server-feature-pack" version="${project.version}"/>
<feature-pack groupId="org.keycloak" artifactId="keycloak-adapter-feature-pack" version="${project.version}"/>
</feature-packs>
</server-provisioning>

70
distribution/adapters/wildfly-adapter/wildfly-adapter-zip/assembly.xml
View file

@ -1,70 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<assembly>
<id>war-dist</id>
<formats>
<format>zip</format>
<format>tar.gz</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>${project.build.directory}/unpacked</directory>
<includes>
<include>org/keycloak/keycloak-common/**</include>
<include>org/keycloak/keycloak-core/**</include>
<include>org/keycloak/keycloak-adapter-core/**</include>
<include>org/keycloak/keycloak-adapter-spi/**</include>
<include>org/keycloak/keycloak-jboss-adapter-core/**</include>
<include>org/keycloak/keycloak-undertow-adapter/**</include>
<include>org/keycloak/keycloak-wildfly-adapter/**</include>
<include>org/keycloak/keycloak-wildfly-elytron-oidc-adapter/**</include>
<include>org/keycloak/keycloak-wildfly-subsystem/**</include>
<include>org/keycloak/keycloak-adapter-subsystem/**</include>
<include>org/keycloak/keycloak-servlet-oauth-client/**</include>
<!-- Authorization -->
<include>org/keycloak/keycloak-authz-client/**</include>
</includes>
<excludes>
<exclude>**/*.war</exclude>
</excludes>
<outputDirectory>modules/system/add-ons/keycloak</outputDirectory>
</fileSet>
</fileSets>
<files>
<file>
<source>../../shared-cli/adapter-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>cli/adapter-install-offline.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>../../shared-cli/adapter-elytron-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>cli/adapter-elytron-install-offline.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

107
distribution/adapters/wildfly-adapter/wildfly-adapter-zip/pom.xml
View file

@ -1,107 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>3.2.0.CR1-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
<artifactId>keycloak-wildfly-adapter-dist</artifactId>
<packaging>pom</packaging>
<name>Keycloak Wildfly Adapter Distro</name>
<description/>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-modules</artifactId>
<type>zip</type>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>unpack</id>
<phase>prepare-package</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-modules</artifactId>
<type>zip</type>
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
<outputDirectory>
target
</outputDirectory>
<workDirectory>
target/assembly/work
</workDirectory>
<appendAssemblyId>false</appendAssemblyId>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>product</id>
<activation>
<property>
<name>product</name>
</property>
</activation>
<build>
<finalName>${product.name}-${product.filename.version}-eap7-adapter</finalName>
</build>
</profile>
</profiles>
</project>

39
distribution/adapters/wildfly-adapter/wildfly-modules/assembly.xml
View file

@ -1,39 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<assembly>
<id>dist</id>
<formats>
<format>zip</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>../../</directory>
<includes>
<include>License.html</include>
</includes>
<outputDirectory></outputDirectory>
</fileSet>
<fileSet>
<directory>${project.build.directory}/modules</directory>
<outputDirectory></outputDirectory>
</fileSet>
</fileSets>
</assembly>

94
distribution/adapters/wildfly-adapter/wildfly-modules/build.xml
View file

@ -1,94 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project name="module-repository" basedir="." default="all">
<import file="lib.xml"/>
<property name="output.dir" value="target"/>
<target name="all">
<antcall target="modules">
<param name="mavenized.modules" value="false"/>
<param name="output.dir" value="target"/>
</antcall>
</target>
<target name="modules">
<!-- server min dependencies -->
<module-def name="org.keycloak.keycloak-common">
<maven-resource group="org.keycloak" artifact="keycloak-common"/>
</module-def>
<module-def name="org.keycloak.keycloak-core">
<maven-resource group="org.keycloak" artifact="keycloak-core"/>
</module-def>
<!-- subsystems -->
<module-def name="org.keycloak.keycloak-adapter-spi">
<maven-resource group="org.keycloak" artifact="keycloak-adapter-spi"/>
<maven-resource group="org.keycloak" artifact="keycloak-undertow-adapter-spi"/>
</module-def>
<module-def name="org.keycloak.keycloak-adapter-core">
<maven-resource group="org.keycloak" artifact="keycloak-adapter-core"/>
</module-def>
<module-def name="org.keycloak.keycloak-jboss-adapter-core">
<maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
</module-def>
<module-def name="org.keycloak.keycloak-undertow-adapter">
<maven-resource group="org.keycloak" artifact="keycloak-undertow-adapter"/>
</module-def>
<module-def name="org.keycloak.keycloak-wildfly-adapter">
<maven-resource group="org.keycloak" artifact="keycloak-wildfly-adapter"/>
</module-def>
<module-def name="org.keycloak.keycloak-wildfly-subsystem">
<maven-resource group="org.keycloak" artifact="keycloak-wildfly-subsystem"/>
</module-def>
<module-def name="org.keycloak.keycloak-servlet-oauth-client">
<maven-resource group="org.keycloak" artifact="keycloak-servlet-oauth-client"/>
</module-def>
<!-- Authorization -->
<module-def name="org.keycloak.keycloak-authz-client">
<maven-resource group="org.keycloak" artifact="keycloak-authz-client"/>
</module-def>
<module-def name="org.keycloak.keycloak-wildfly-elytron-oidc-adapter">
<maven-resource group="org.keycloak" artifact="keycloak-wildfly-elytron-oidc-adapter"/>
</module-def>
</target>
<target name="clean-target">
<delete dir="${output.dir}"/>
</target>
<target name="clean" depends="clean-target">
<delete file="maven-ant-tasks.jar"/>
</target>
</project>

277
distribution/adapters/wildfly-adapter/wildfly-modules/lib.xml
View file

@ -1,277 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project name="module-repository-lib">
<property name="src.dir" value="src"/>
<property name="module.repo.src.dir" value="${src.dir}/main/resources/modules"/>
<property name="module.xml" value="module.xml"/>
<taskdef resource="net/sf/antcontrib/antlib.xml"/>
<taskdef name="jandex" classname="org.jboss.jandex.JandexAntTask" />
<macrodef name="module-def">
<attribute name="name"/>
<attribute name="slot" default="main"/>
<element name="resources" implicit="yes" optional="yes"/>
<sequential>
<echo message="Initializing module -> @{name}"/>
<property name="module.repo.output.dir" value="${output.dir}/modules"/>
<!-- Figure out the correct module path -->
<define-module-dir name="@{name}" slot="@{slot}"/>
<!-- Make the module output director -->
<mkdir dir="${module.repo.output.dir}/${current.module.path}"/>
<!-- Copy the module.xml and other stuff to the output director -->
<copy todir="${module.repo.output.dir}/${current.module.path}" overwrite="true">
<fileset dir="${module.repo.src.dir}/${current.module.path}">
<include name="**"/>
</fileset>
</copy>
<!-- Process the resource -->
<resources/>
<!-- Add keycloak version property to module xml -->
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}"
token="$${project.version}"
value="${project.version}"/>
<!-- Some final cleanup -->
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
<replacetoken>
<![CDATA[
<!-- Insert resources here -->]]></replacetoken>
<replacevalue>
</replacevalue>
</replace>
</sequential>
</macrodef>
<macrodef name="bundle-def">
<attribute name="name"/>
<attribute name="slot" default="main"/>
<element name="resources" implicit="yes" optional="yes"/>
<sequential>
<echo message="Initializing bundle -> @{name}"/>
<property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
<!-- Figure out the correct bundle path -->
<define-bundle-dir name="@{name}" slot="@{slot}" />
<!-- Make the bundle output director -->
<mkdir dir="${bundle.repo.output.dir}/${current.bundle.path}"/>
<!-- Process the resource -->
<resources/>
</sequential>
</macrodef>
<macrodef name="maven-bundle" >
<attribute name="group"/>
<attribute name="artifact"/>
<sequential>
<!-- Copy the jar to the bundle dir -->
<property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
<copy todir="${bundle.repo.output.dir}/${current.bundle.path}" failonerror="true">
<fileset file="${@{group}:@{artifact}:jar}"/>
<mapper type="flatten" />
</copy>
</sequential>
</macrodef>
<scriptdef name="define-module-dir" language="javascript" manager="bsf">
<attribute name="name"/>
<attribute name="slot"/>
<![CDATA[
name = attributes.get("name");
name = name.replace(".", "/");
project.setProperty("current.module.path", name + "/" + attributes.get("slot"));
]]>
</scriptdef>
<scriptdef name="define-bundle-dir" language="javascript" manager="bsf">
<attribute name="name"/>
<attribute name="slot"/>
<![CDATA[
name = attributes.get("name");
name = name.replace(".", "/");
project.setProperty("current.bundle.path", name + "/" + attributes.get("slot"));
]]>
</scriptdef>
<!--
Get the version from the parent directory of the jar. If the parent directory is 'target' this
means that the jar is contained in AS build so extract the version from the file name
-->
<scriptdef name="define-maven-artifact" language="javascript" manager="bsf">
<attribute name="group"/>
<attribute name="artifact"/>
<attribute name="classifier"/>
<attribute name="element"/>
<attribute name="path"/>
<![CDATA[
importClass(Packages.java.io.File);
group = attributes.get("group");
artifact = attributes.get("artifact");
classifier = attributes.get("classifier");
element = attributes.get("element");
path = attributes.get("path");
if(path.indexOf('${') != -1) {
throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
}
fp = new File(path);
version = fp.getParentFile().getName();
if (version.equals("target")) {
version = fp.getName();
version = version.substring(artifact.length() + 1);
suffix = ".jar";
if (classifier) {
suffix = "-" + classifier + suffix;
}
version = version.replace(suffix, "");
}
root = "<" + element + " name=\"" + group + ":" + artifact + ":" + version;
if (classifier) {
root = root + ":" + classifier;
}
root = root + "\"/>";
project.setProperty("current.maven.root", root);
]]>
</scriptdef>
<macrodef name="maven-resource" >
<attribute name="group"/>
<attribute name="artifact"/>
<attribute name="jandex" default="false" />
<sequential>
<if>
<equals arg1="${mavenized.modules}" arg2="true"/>
<then>
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" path="${@{group}:@{artifact}:jar}"/>
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
<replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10; &lt;!-- Insert resources here --&gt;"/>
</replace>
</then>
<else>
<!-- Copy the jar to the module dir -->
<copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
<fileset file="${@{group}:@{artifact}:jar}"/>
<mapper type="flatten" />
</copy>
<basename file="${@{group}:@{artifact}:jar}" property="resourcename.@{group}.@{artifact}"/>
<!-- Generate the Jandex Index -->
<jandex run="@{jandex}" newJar="true" >
<fileset dir="${module.repo.output.dir}/${current.module.path}" />
</jandex>
<!-- Update the resource entry in module.xml -->
<define-resource-root path="${resourcename.@{group}.@{artifact}}" jandex="@{jandex}"/>
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
<replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.resource.root}&#10; &lt;!-- Insert resources here --&gt;"/>
</replace>
</else>
</if>
</sequential>
</macrodef>
<macrodef name="maven-resource-with-classifier" >
<attribute name="group"/>
<attribute name="artifact"/>
<attribute name="classifier"/>
<attribute name="jandex" default="false" />
<sequential>
<if>
<equals arg1="${mavenized.modules}" arg2="true"/>
<then>
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" classifier="@{classifier}" path="${@{group}:@{artifact}:jar:@{classifier}}"/>
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
<replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10; &lt;!-- Insert resources here --&gt;"/>
</replace>
</then>
<else>
<!-- Copy the jar to the module dir -->
<copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
<fileset file="${@{group}:@{artifact}:jar:@{classifier}}"/>
<!-- http://jira.codehaus.org/browse/MANTRUN-159 -->
<mapper type="flatten" />
</copy>
<basename file="${@{group}:@{artifact}:jar:@{classifier}}" property="resourcename.@{group}.@{artifact}.@{classifier}"/>
<!-- Update the resource entry in module.xml -->
<define-resource-root path="${resourcename.@{group}.@{artifact}.@{classifier}}"/>
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
<replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.resource.root}&#10; &lt;!-- Insert resources here --&gt;"/>
</replace>
</else>
</if>
</sequential>
</macrodef>
<macrodef name="extract-native-jar" >
<attribute name="group"/>
<attribute name="artifact"/>
<sequential>
<if>
<equals arg1="${mavenized.modules}" arg2="true"/>
<then>
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="native-artifact" path="${@{group}:@{artifact}:jar}"/>
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
<replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10; &lt;!-- Insert resources here --&gt;"/>
</replace>
</then>
<else>
<unzip src="${@{group}:@{artifact}:jar}" dest="${module.repo.output.dir}/${current.module.path}">
<patternset>
<include name="lib/**"/>
</patternset>
</unzip>
</else>
</if>
</sequential>
</macrodef>
<scriptdef name="define-resource-root" language="javascript" manager="bsf">
<attribute name="path"/>
<attribute name="jandex"/>
<![CDATA[
path = attributes.get("path");
root = "<resource-root path=\"" + path + "\"/>";
if(path.indexOf('${') != -1) {
throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
}
if(attributes.get("jandex") == "true" ) {
root = root + "\n\t<resource-root path=\"" + path.replace(".jar","-jandex.jar") + "\"/>";
}
project.setProperty("current.resource.root", root);
]]>
</scriptdef>
</project>

203
distribution/adapters/wildfly-adapter/wildfly-modules/pom.xml
View file

@ -1,203 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>3.2.0.CR1-SNAPSHOT</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>
<artifactId>keycloak-wildfly-modules</artifactId>
<name>Keycloak Wildfly Modules</name>
<packaging>pom</packaging>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-common</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-spi</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter-spi</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jboss-adapter-core</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-elytron-oidc-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-subsystem</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-servlet-oauth-client</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
</dependency>
<!-- Authorization -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-client</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<inherited>false</inherited>
<executions>
<execution>
<id>build-dist</id>
<goals>
<goal>run</goal>
</goals>
<phase>compile</phase>
<configuration>
<target>
<ant antfile="build.xml" inheritRefs="true">
<target name="all"/>
</ant>
</target>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.jboss</groupId>
<artifactId>jandex</artifactId>
<version>1.0.3.Final</version>
</dependency>
<dependency>
<groupId>ant-contrib</groupId>
<artifactId>ant-contrib</artifactId>
<version>1.0b3</version>
<exclusions>
<exclusion>
<groupId>ant</groupId>
<artifactId>ant</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-apache-bsf</artifactId>
<version>1.9.3</version>
</dependency>
<dependency>
<groupId>org.apache.bsf</groupId>
<artifactId>bsf-api</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>rhino</groupId>
<artifactId>js</artifactId>
<version>1.7R2</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
<outputDirectory>
target
</outputDirectory>
<workDirectory>
target/assembly/work
</workDirectory>
<appendAssemblyId>false</appendAssemblyId>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-resources</id>
<!-- here the phase you need -->
<phase>validate</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-adapter-subsystem</outputDirectory>
<resources>
<resource>
<directory>src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem</directory>
<filtering>true</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

40
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-core/main/module.xml
View file

@ -1,40 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-core">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.apache.httpcomponents"/>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-authz-client"/>
</dependencies>
</module>

37
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml
View file

@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-spi">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.apache.httpcomponents"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.xnio"/>
<module name="io.undertow.core"/>
<module name="io.undertow.servlet"/>
</dependencies>
</module>

33
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
View file

@ -1,33 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-subsystem">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="."/>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="org.keycloak.keycloak-wildfly-subsystem" export="true" services="export"/>
</dependencies>
</module>

42
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-authz-client/main/module.xml
View file

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ JBoss, Home of Professional Open Source.
~ Copyright 2016 Red Hat, Inc., and individual contributors
~ as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-authz-client">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.activation.api"/>
<module name="sun.jdk" optional="true" />
<module name="javax.ws.rs.api"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.apache.httpcomponents"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
</dependencies>
</module>

33
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml
View file

@ -1,33 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-common">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.activation.api"/>
<module name="sun.jdk" optional="true" />
</dependencies>
</module>

38
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
View file

@ -1,38 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-core">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.keycloak.keycloak-common" />
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.activation.api"/>
<module name="sun.jdk" optional="true" />
</dependencies>
</module>

35
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml
View file

@ -1,35 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-jboss-adapter-core">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.jboss.logging"/>
<module name="org.picketbox"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.apache.httpcomponents"/>
</dependencies>
</module>

36
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-servlet-oauth-client/main/module.xml
View file

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-servlet-oauth-client">
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.logging"/>
<module name="org.picketbox"/>
<module name="org.apache.httpcomponents"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-adapter-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
</dependencies>
</module>

48
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-undertow-adapter/main/module.xml
View file

@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-undertow-adapter">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.bouncycastle" />
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.apache.httpcomponents"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.xnio"/>
<module name="io.undertow.core"/>
<module name="io.undertow.servlet"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-adapter-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
</dependencies>
</module>

51
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-elytron-oidc-adapter/main/module.xml
View file

@ -1,51 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ JBoss, Home of Professional Open Source.
~ Copyright 2016 Red Hat, Inc., and individual contributors
~ as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wildfly-elytron-oidc-adapter">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.bouncycastle" />
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.apache.httpcomponents"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.logging"/>
<module name="io.undertow.core"/>
<module name="io.undertow.servlet"/>
<module name="org.picketbox"/>
<module name="org.keycloak.keycloak-undertow-adapter"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-adapter-core"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.wildfly.security.elytron"/>
</dependencies>
</module>

43
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
View file

@ -1,43 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wildfly-subsystem">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="."/>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.jboss.staxmapper"/>
<module name="org.jboss.as.controller"/>
<module name="org.jboss.as.ee"/>
<module name="org.jboss.as.server"/>
<module name="org.jboss.modules"/>
<module name="org.jboss.msc"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.vfs"/>
<module name="org.jboss.as.web-common"/>
<module name="org.jboss.metadata"/>
</dependencies>
</module>

2
distribution/demo-dist/src/main/xslt/standalone.xsl
View file

@ -89,9 +89,11 @@
<eviction max-entries="10000" strategy="LRU"/>
</local-cache>
<local-cache name="sessions"/>
<local-cache name="authenticationSessions"/>
<local-cache name="offlineSessions"/>
<local-cache name="loginFailures"/>
<local-cache name="authorization"/>
<local-cache name="actionTokens"/>
<local-cache name="work"/>
<local-cache name="keys">
<eviction max-entries="1000" strategy="LRU"/>

4
distribution/feature-packs/adapter-feature-pack/pom.xml
View file

@ -39,6 +39,10 @@
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-elytron-oidc-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-servlet-oauth-client</artifactId>

29
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/bouncycastle/main/module.xml
View file

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.bouncycastle">
<resources>
<artifact name="${org.bouncycastle:bcprov-jdk15on}"/>
<artifact name="${org.bouncycastle:bcpkix-jdk15on}"/>
</resources>
<dependencies>
<module name="javax.api"/>
</dependencies>
</module>

2
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-core/main/module.xml
View file

@ -29,7 +29,7 @@
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.apache.httpcomponents" />
<module name="org.apache.httpcomponents"/>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-common"/>

6
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml
View file

@ -26,13 +26,13 @@
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.apache.httpcomponents"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.xnio"/>
<module name="io.undertow.core"/>
<module name="io.undertow.servlet"/>
<module name="javax.servlet.api"/>
<module name="org.bouncycastle" />
<module name="org.keycloak.keycloak-common"/>
</dependencies>
</module>

1
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-subsystem/main/module.xml
View file

@ -22,6 +22,7 @@
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="."/>
</resources>
<dependencies>

28
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-authz-client/main/module.xml
View file

@ -3,20 +3,20 @@
<!--
~ * Copyright 2016 Red Hat, Inc. and/or its affiliates
~ * and other contributors as indicated by the @author tags.
~ *
~ * Licensed under the Apache License, Version 2.0 (the "License");
~ * you may not use this file except in compliance with the License.
~ * You may obtain a copy of the License at
~ *
~ * http://www.apache.org/licenses/LICENSE-2.0
~ *
~ * Unless required by applicable law or agreed to in writing, software
~ * distributed under the License is distributed on an "AS IS" BASIS,
~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ * See the License for the specific language governing permissions and
~ * limitations under the License.
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-authz-client">

1
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-jboss-adapter-core/main/module.xml
View file

@ -29,6 +29,7 @@
<module name="org.picketbox"/>
<module name="org.keycloak.keycloak-adapter-spi"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.apache.httpcomponents"/>
</dependencies>
</module>

2
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-undertow-adapter/main/module.xml
View file

@ -33,7 +33,7 @@
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.apache.httpcomponents" />
<module name="org.apache.httpcomponents"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.xnio"/>

5
distribution/adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-adapter/main/module.xml → distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-wildfly-elytron-oidc-adapter/main/module.xml
View file

@ -19,12 +19,12 @@
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wildfly-adapter">
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-elytron-oidc-adapter">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<!-- Insert resources here -->
<artifact name="${org.keycloak:keycloak-wildfly-elytron-oidc-adapter}"/>
</resources>
<dependencies>
<module name="javax.api"/>
@ -44,6 +44,7 @@
<module name="org.keycloak.keycloak-adapter-core"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.wildfly.security.elytron"/>
</dependencies>
</module>

2
distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
View file

@ -21,8 +21,8 @@
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="."/>
<artifact name="${org.keycloak:keycloak-wildfly-subsystem}"/>
</resources>

10
distribution/feature-packs/server-feature-pack/assembly.xml
View file

@ -28,9 +28,6 @@
<fileSet>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<excludes>
<exclude>configuration/**</exclude>
</excludes>
</fileSet>
<fileSet>
<directory>target/unpacked-themes/theme</directory>
@ -52,13 +49,6 @@
<outputDirectory>content/bin</outputDirectory>
<filtered>true</filtered>
</fileSet>
<fileSet>
<directory>${configDir}</directory>
<includes>
<include>**/**</include>
</includes>
<outputDirectory>configuration</outputDirectory>
</fileSet>
<fileSet>
<directory>../../../</directory>
<includes>

745
distribution/feature-packs/server-feature-pack/pom.xml
View file

@ -29,23 +29,676 @@
<name>Keycloak Feature Pack: Server</name>
<packaging>pom</packaging>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.jboss.integration-platform</groupId>
<artifactId>jboss-integration-platform-bom</artifactId>
<type>pom</type>
<scope>import</scope>
<version>${version.jboss-integration-platform}</version>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-bom</artifactId>
<type>pom</type>
<version>${version.org.drools}</version>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>aopalliance</groupId>
<artifactId>aopalliance</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.antlr</groupId>
<artifactId>antlr-runtime</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-launcher</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-aether-provider</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-artifact</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-compat</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-model</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-model-builder</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-repository-metadata</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-settings</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-settings-builder</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-http</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-http-shared</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-provider-api</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-classworlds</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-component-annotations</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-interpolation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-compiler</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-api</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-connector-basic</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-impl</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-spi</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-transport-file</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-transport-http</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-transport-wagon</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.aether</groupId>
<artifactId>aether-util</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.plexus</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-dependencies-server-all</artifactId>
<type>pom</type>
<artifactId>keycloak-authz-policy-common</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-policy-drools</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-common</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-js-adapter</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-kerberos-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-infinispan</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core-public</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-sssd-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-adduser</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-extensions</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-server-subsystem</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-api</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-ci</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-internal</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.mvel</groupId>
<artifactId>mvel2</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.sonatype.plexus</groupId>
<artifactId>plexus-cipher</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.sonatype.plexus</groupId>
<artifactId>plexus-sec-dispatcher</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.sonatype.sisu.inject</groupId>
<artifactId>guice-servlet</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.sonatype.sisu</groupId>
<artifactId>sisu-guice</artifactId>
<classifier>no_aop</classifier>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.twitter4j</groupId>
<artifactId>twitter4j-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
@ -126,9 +779,7 @@
</activation>
<properties>
<build-tools.version>${wildfly.build-tools.version}</build-tools.version>
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
<configDir>src/main/resources/configuration</configDir>
</properties>
<dependencies>
@ -136,56 +787,16 @@
<groupId>org.wildfly</groupId>
<artifactId>wildfly-feature-pack</artifactId>
<type>zip</type>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</profile>
<!-- Temporary profile to test with WildFly 11 -->
<profile>
<id>wf11</id>
<properties>
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
<configDir>src/main/resources-wf11/configuration</configDir>
</properties>
<dependencies>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-feature-pack</artifactId>
<version>${wildfly11.version}</version>
<type>zip</type>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-configuration-wf11</id>
<phase>validate</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>target/resources/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/resources-wf11/configuration</directory>
<filtering>true</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>product</id>
<activation>
@ -195,9 +806,7 @@
</activation>
<properties>
<build-tools.version>${eap.build-tools.version}</build-tools.version>
<feature.parent>org.jboss.eap:wildfly-feature-pack</feature.parent>
<configDir>src/main/resources-wf11/configuration</configDir>
</properties>
<dependencies>
@ -206,34 +815,14 @@
<artifactId>wildfly-feature-pack</artifactId>
<version>${eap.version}</version>
<type>zip</type>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-configuration-wf11</id>
<phase>validate</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>target/resources/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/resources-wf11/configuration</directory>
<filtering>true</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>

79
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/subsystems.xml
View file

@ -1,79 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<config>
<subsystems name="auth-server-standalone">
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="auth-server-clustered">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jgroups.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="load-balancer">
<subsystem>logging.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>undertow-load-balancer.xml</subsystem>
</subsystems>
</config>

110
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/template.xml
View file

@ -1,110 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<domain xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<system-properties>
<!-- IPv4 is not required, but setting this helps avoid unintended use of IPv6 -->
<property name="java.net.preferIPv4Stack" value="true"/>
</system-properties>
<management>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
<profiles>
<!-- Non clustered authentication server profile -->
<profile name="auth-server-standalone">
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
<!--
Clustering authentication server setup.
You must configure a remote shared external database like PostgreSQL or MySql if you want this to be
able to work on multiple machines.
-->
<profile name="auth-server-clustered">
<?SUBSYSTEMS socket-binding-group="ha-sockets"?>
</profile>
<!--
This is a profile for the built-in Underto Loadbalancer
It should be removed in production systems and replaced with a better software or hardware based one
-->
<profile name="load-balancer">
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
</profile>
</profiles>
<!--
Named interfaces that can be referenced elsewhere in the configuration. The configuration
for how to associate these logical names with an actual network interface can either
be specified here or can be declared on a per-host basis in the equivalent element in host.xml.
These default configurations require the binding specification to be done in host.xml.
-->
<interfaces>
<interface name="management"/>
<interface name="public"/>
<?INTERFACES?>
</interfaces>
<socket-binding-groups>
<socket-binding-group name="standard-sockets" default-interface="public">
<?SOCKET-BINDINGS?>
</socket-binding-group>
<socket-binding-group name="ha-sockets" default-interface="public">
<?SOCKET-BINDINGS?>
</socket-binding-group>
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
<socket-binding-group name="load-balancer-sockets" default-interface="public">
<!-- Needed for server groups using the 'load-balancer' profile -->
<?SOCKET-BINDINGS?>
</socket-binding-group>
</socket-binding-groups>
<server-groups>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
<server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="load-balancer-sockets"/>
</server-group>
</server-groups>
</domain>

135
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-master.xml
View file

@ -1,135 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
is also started by this host controller file. The other instance must be started
via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
<domain-controller>
<local/>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
<server name="load-balancer" group="load-balancer-group">
</server>
<server name="server-one" group="auth-server-group" auto-start="true">
<!-- Remote JPDA debugging for a specific server
<jvm name="default">
<jvm-options>
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
</jvm-options>
</jvm>
-->
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="150"/>
</server>
</servers>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
</host>

124
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-slave.xml
View file

@ -1,124 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<host xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
</server-identities>
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:3456}"/>
</native-interface>
</management-interfaces>
</management>
<domain-controller>
<remote username="$local" security-realm="ManagementRealm">
<discovery-options>
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
</discovery-options>
</remote>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<server name="server-two" group="auth-server-group" auto-start="true">
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="250"/>
</server>
</servers>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
</host>

137
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host.xml
View file

@ -1,137 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
is also started by this host controller file. The other instance must be started
via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
<domain-controller>
<local/>
<!-- Alternative remote domain controller configuration with a host and port -->
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
<server name="load-balancer" group="load-balancer-group">
</server>
<server name="server-one" group="auth-server-group" auto-start="true">
<!-- Remote JPDA debugging for a specific server
<jvm name="default">
<jvm-options>
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
</jvm-options>
</jvm>
-->
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="150"/>
</server>
</servers>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
</host>

49
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/standalone/subsystems-ha.xml
View file

@ -1,49 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem supplement="default">jgroups.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem supplement="default">mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
</config>

47
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/standalone/subsystems.xml
View file

@ -1,47 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan2.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
</config>

90
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/standalone/template.xml
View file

@ -1,90 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="file"/>
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<?SOCKET-BINDINGS?>
</socket-binding-group>
</server>

126
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml
View file

@ -15,71 +15,65 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems name="load-balancer">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
</subsystems>
<subsystems name="auth-server-standalone">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="auth-server-clustered">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jgroups.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="auth-server-standalone">
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="auth-server-clustered">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jgroups.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="load-balancer">
<subsystem>logging.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>undertow-load-balancer.xml</subsystem>
</subsystems>
</config>

58
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/template.xml
View file

@ -17,7 +17,7 @@
~ limitations under the License.
-->
<domain xmlns="urn:jboss:domain:4.0">
<domain xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
@ -60,31 +60,6 @@
-->
<profile name="load-balancer">
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="lb-handler"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<reverse-proxy name="lb-handler">
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
</reverse-proxy>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
</profile>
</profiles>
@ -96,12 +71,8 @@
These default configurations require the binding specification to be done in host.xml.
-->
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="management"/>
<interface name="public"/>
<?INTERFACES?>
</interfaces>
@ -114,20 +85,19 @@
</socket-binding-group>
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
<socket-binding-group name="load-balancer-sockets" default-interface="public">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<outbound-socket-binding name="remote-host1">
<remote-destination host="localhost" port="8159"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-host2">
<remote-destination host="localhost" port="8259"/>
</outbound-socket-binding>
<!-- Needed for server groups using the 'load-balancer' profile -->
<?SOCKET-BINDINGS?>
</socket-binding-group>
</socket-binding-groups>
<server-groups>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
<server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default">
@ -135,12 +105,6 @@
</jvm>
<socket-binding-group ref="load-balancer-sockets"/>
</server-group>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
</server-groups>
</domain>

16
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-master.xml
View file

@ -22,7 +22,7 @@
is also started by this host controller file. The other instance must be started
via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:4.0">
<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
@ -39,6 +39,11 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
@ -71,7 +76,8 @@
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
@ -98,6 +104,8 @@
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>

17
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-slave.xml
View file

@ -17,7 +17,7 @@
~ limitations under the License.
-->
<host xmlns="urn:jboss:domain:4.0">
<host xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
@ -27,7 +27,7 @@
<security-realm name="ManagementRealm">
<server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
<secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/>
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
</server-identities>
<authentication>
@ -39,6 +39,11 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
@ -75,7 +80,7 @@
</management>
<domain-controller>
<remote security-realm="ManagementRealm">
<remote username="$local" security-realm="ManagementRealm">
<discovery-options>
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
</discovery-options>
@ -99,6 +104,8 @@
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>

18
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host.xml
View file

@ -23,7 +23,7 @@
via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:4.0">
<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
@ -40,6 +40,11 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -54,8 +59,8 @@
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
@ -72,7 +77,8 @@
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
@ -80,6 +86,8 @@
<domain-controller>
<local/>
<!-- Alternative remote domain controller configuration with a host and port -->
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>
<interfaces>
@ -99,6 +107,8 @@
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>

2
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/subsystems.xml
View file

@ -19,6 +19,8 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>core-management.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem supplement="host">elytron.xml</subsystem>
</subsystems>
</config>

5
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml
View file

@ -30,16 +30,17 @@
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jgroups.xml</subsystem>
<subsystem supplement="default">jgroups.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem>
<subsystem supplement="default">mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>

47
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml
View file

@ -19,28 +19,29 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan2.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
</config>

41
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/template.xml
View file

@ -1,23 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<server xmlns="urn:jboss:domain:4.0">
<server xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
@ -27,7 +10,7 @@
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true" />
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
@ -35,8 +18,13 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
@ -46,19 +34,20 @@
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="file"/>
</handlers>
<handlers>
<handler name="file"/>
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>

26
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
View file

@ -199,4 +199,30 @@ if ((result.default-provider == undefined) && (result.provider.default.enabled =
echo
end-if
# Migrate from 3.0.0 to 3.2.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
echo Adding distributed-cache=authenticationSessions to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
echo Adding local-cache=actionTokens to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
echo Replacing distributed-cache=authorization with local-cache=authorization
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
echo *** End Migration of /profile=$clusteredProfile ***

18
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
View file

@ -187,4 +187,22 @@ if ((result.default-provider == undefined) && (result.provider.default.enabled =
echo
end-if
# Migrate from 3.0.0 to 3.2.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource
echo Adding local-cache=authenticationSessions to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
echo Adding local-cache=actionTokens to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
echo *** End Migration of /profile=$standaloneProfile ***

27
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
View file

@ -203,4 +203,31 @@ if ((result.default-provider == undefined) && (result.provider.default.enabled =
/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
echo
end-if
# Migrate from 3.0.0 to 3.2.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
echo Adding distributed-cache=authenticationSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
echo Adding local-cache=actionTokens to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
echo Replacing distributed-cache=authorization with local-cache=authorization
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
echo *** End Migration ***

18
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
View file

@ -195,4 +195,22 @@ if ((result.default-provider == undefined) && (result.provider.default.enabled =
echo
end-if
# Migrate from 3.0.0 to 3.2.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource
echo Adding local-cache=authenticationSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
echo Adding local-cache=actionTokens to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
echo *** End Migration ***

2
distribution/feature-packs/server-feature-pack/src/main/resources/content/providers/README.txt
View file

@ -1,2 +0,0 @@
Any provider implementation jars and libraries in this folder will be loaded. See the providers section in the
documentation for more details.

2
distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/drools/main/module.xml
View file

@ -37,6 +37,6 @@
<module name="org.kie"/>
<module name="org.mvel"/>
<module name="org.slf4j"/>
<module name="org.eclipse.jdt.core.compiler.ecj"/>
<module name="org.eclipse.jdt.ecj"/>
</dependencies>
</module>

37
distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/eclipse/jdt/core/compiler/ecj/main/module.xml
View file

@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.eclipse.jdt.core.compiler.ecj">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.eclipse.jdt.core.compiler:ecj}"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.inject.api"/>
<module name="javax.enterprise.api"/>
<module name="org.slf4j"/>
<module name="org.apache.commons.logging"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
</dependencies>
</module>

1
distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/module.xml
View file

@ -33,6 +33,7 @@
<module name="org.infinispan.commons"/>
<module name="org.infinispan.cachestore.remote"/>
<module name="org.infinispan.client.hotrod"/>
<module name="org.jgroups"/>
<module name="org.jboss.logging"/>
<module name="javax.api"/>
</dependencies>

5
distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-adduser/main/module.xml
View file

@ -29,8 +29,9 @@
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-server-spi" services="import"/>
<module name="org.keycloak.keycloak-server-spi-private" services="import"/>
<module name="org.keycloak.keycloak-services" services="import"/>
<module name="org.jboss.aesh"/>
<module name="org.jboss.as.domain-management"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>

39
distribution/server-dist/pom.xml
View file

@ -35,6 +35,11 @@
<artifactId>keycloak-server-feature-pack</artifactId>
<type>zip</type>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-cli-dist</artifactId>
<type>zip</type>
</dependency>
</dependencies>
<build>
@ -51,7 +56,7 @@
</goals>
<phase>compile</phase>
<configuration>
<config-file>server-provisioning.xml</config-file>
<config-file>../server-provisioning.xml</config-file>
</configuration>
</execution>
</executions>
@ -79,29 +84,6 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>unpack-client-cli-dist</id>
<phase>prepare-package</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-cli-dist</artifactId>
<type>zip</type>
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
@ -122,13 +104,6 @@
</build>
</profile>
<profile>
<id>wf11</id>
<properties>
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
</properties>
</profile>
<profile>
<id>product</id>
<activation>
@ -139,7 +114,7 @@
<properties>
<build-tools.version>${eap.build-tools.version}</build-tools.version>
<assemblyFile>assembly.xml</assemblyFile>
<profileExcludes>%regex[(providers.*)|(docs/contrib.*)|(docs/examples.*)|(docs/schema.*)]</profileExcludes>
<profileExcludes>%regex[(docs/contrib.*)|(docs/examples.*)|(docs/schema.*)]</profileExcludes>
</properties>
<dependencies>
<dependency>

78
distribution/server-overlay/assembly.xml
View file

@ -27,35 +27,87 @@
<fileSets>
<fileSet>
<directory>${project.build.directory}/cli</directory>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<filtered>true</filtered>
<includes>
<include>*.cli</include>
<include>**/module.xml</include>
</includes>
<outputDirectory>bin</outputDirectory>
</fileSet>
<fileSet>
<directory>${project.build.directory}/unpacked/${serverDistDir}</directory>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<includes>
<include>**/**</include>
</includes>
<filtered>false</filtered>
<excludes>
<exclude>modules/**</exclude>
<exclude>.installation</exclude>
<exclude>docs/**</exclude>
<exclude>domain/**</exclude>
<exclude>standalone/**</exclude>
<exclude>bin/*.sh</exclude>
<exclude>module.xml</exclude>
<exclude>welcome-content/**</exclude>
<exclude>appclient/**</exclude>
<exclude>bin/appclient.*</exclude>
<exclude>copyright.txt</exclude>
<exclude>README.txt</exclude>
<exclude>themes/**</exclude>
<exclude>version.txt</exclude>
<exclude>${profileExcludes}</exclude>
</excludes>
</fileSet>
<fileSet>
<directory>${project.build.directory}/unpacked/${serverDistDir}/modules/system/layers/keycloak</directory>
<outputDirectory>modules/system/${identityType}/keycloak</outputDirectory>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<includes>
<include>**/**</include>
<include>bin/*.sh</include>
</includes>
<fileMode>0755</fileMode>
</fileSet>
<fileSet>
<directory>target/${project.build.finalName}</directory>
<outputDirectory/>
<includes>
<include>themes/**</include>
</includes>
<fileMode>0444</fileMode>
</fileSet>
<fileSet>
<directory>src/main/welcome-content</directory>
<outputDirectory>welcome-content</outputDirectory>
<includes>
<include>*.*</include>
</includes>
</fileSet>
<fileSet>
<directory>src/main/modules</directory>
<outputDirectory>modules</outputDirectory>
<includes>
<include>layers.conf</include>
</includes>
</fileSet>
<fileSet>
<directory>src/main</directory>
<outputDirectory></outputDirectory>
<includes>
<include>${readmeInclude}</include>
</includes>
<filtered>true</filtered>
</fileSet>
<fileSet>
<directory>target/cli</directory>
<outputDirectory>bin</outputDirectory>
<includes>
<include>*.cli</include>
</includes>
<filtered>true</filtered>
</fileSet>
</fileSets>
<files>
<file>
<source>target/README.txt</source>
<outputDirectory></outputDirectory>
<source>src/main/version.txt</source>
<outputDirectory/>
<filtered>true</filtered>
</file>
</files>

115
distribution/server-overlay/pom.xml
View file

@ -32,25 +32,16 @@
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-dist</artifactId>
<artifactId>keycloak-server-feature-pack</artifactId>
<type>zip</type>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-cli-dist</artifactId>
<type>zip</type>
</dependency>
</dependencies>
<properties>
<commonFilesToInclude>
${serverDistDir}/modules/system/layers/keycloak/**,
${serverDistDir}/themes/**,
${serverDistDir}/providers/**,
${serverDistDir}/License.html,
${serverDistDir}/bin/client/keycloak*,
${serverDistDir}/bin/*keycloak*,
${serverDistDir}/bin/kc*,
${serverDistDir}/bin/federation-sssd-setup.sh,
${serverDistDir}/bin/migrate*
</commonFilesToInclude>
</properties>
<build>
<finalName>keycloak-overlay-${project.version}</finalName>
<plugins>
@ -77,22 +68,22 @@
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.wildfly.build</groupId>
<artifactId>wildfly-server-provisioning-maven-plugin</artifactId>
<version>${build-tools.version}</version>
<executions>
<execution>
<id>unpack-server-dist</id>
<phase>prepare-package</phase>
<id>server-provisioning</id>
<goals>
<goal>unpack</goal>
<goal>build</goal>
</goals>
<phase>compile</phase>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-dist</artifactId>
<type>zip</type>
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
<includes>${filesToInclude}</includes>
</artifactItem>
</artifactItems>
<config-file>../server-provisioning.xml</config-file>
<overlay>true</overlay>
</configuration>
</execution>
</executions>
@ -119,29 +110,6 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
<recompressZippedFiles>true</recompressZippedFiles>
<finalName>${project.build.finalName}</finalName>
<appendAssemblyId>false</appendAssemblyId>
<outputDirectory>${project.build.directory}</outputDirectory>
<workDirectory>${project.build.directory}/assembly/work</workDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
@ -179,10 +147,32 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>${assemblyFile}</descriptor>
</descriptors>
<recompressZippedFiles>true</recompressZippedFiles>
<finalName>${project.build.finalName}</finalName>
<appendAssemblyId>false</appendAssemblyId>
<outputDirectory>${project.build.directory}</outputDirectory>
<workDirectory>${project.build.directory}/assembly/work</workDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>community</id>
@ -192,9 +182,9 @@
</property>
</activation>
<properties>
<identityType>add-ons</identityType>
<serverDistDir>keycloak-${project.version}</serverDistDir>
<filesToInclude>${commonFilesToInclude}</filesToInclude>
<build-tools.version>${wildfly.build-tools.version}</build-tools.version>
<assemblyFile>assembly.xml</assemblyFile>
<readmeInclude>README.txt</readmeInclude>
</properties>
</profile>
@ -206,13 +196,18 @@
</property>
</activation>
<properties>
<identityType>layers</identityType>
<serverDistDir>${product.name}-${product.filename.version}</serverDistDir>
<filesToInclude>
${commonFilesToInclude},
${serverDistDir}/bin/product.conf,
${serverDistDir}/modules/layers.conf</filesToInclude>
<build-tools.version>${eap.build-tools.version}</build-tools.version>
<assemblyFile>assembly.xml</assemblyFile>
<profileExcludes>%regex[(docs/contrib.*)|(docs/examples.*)|(docs/schema.*)]</profileExcludes>
<readmeInclude></readmeInclude>
</properties>
<dependencies>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-dist</artifactId>
<type>zip</type>
</dependency>
</dependencies>
</profile>
</profiles>

4
distribution/server-overlay/src/main/cli/keycloak-install-base.cli
View file

@ -6,6 +6,7 @@ embed-server --server-config=standalone.xml
/subsystem=infinispan/cache-container=keycloak/local-cache=users:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:add(max-entries=10000,strategy=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=sessions:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=offlineSessions:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=loginFailures:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=work:add()
@ -14,4 +15,7 @@ embed-server --server-config=standalone.xml
/subsystem=infinispan/cache-container=keycloak/local-cache=keys:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:add(max-entries=1000,strategy=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/expiration=EXPIRATION:add(max-idle=3600000)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/eviction=EVICTION:add(max-entries=-1,strategy=NONE)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/expiration=EXPIRATION:add(max-idle=-1,interval=300000)
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)

4
distribution/server-overlay/src/main/cli/keycloak-install-ha-base.cli
View file

@ -7,6 +7,7 @@ embed-server --server-config=standalone-ha.xml
/subsystem=infinispan/cache-container=keycloak/local-cache=users:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:add(max-entries=10000,strategy=LRU)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization:add()
@ -15,4 +16,7 @@ embed-server --server-config=standalone-ha.xml
/subsystem=infinispan/cache-container=keycloak/local-cache=keys:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:add(max-entries=1000,strategy=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/expiration=EXPIRATION:add(max-idle=3600000)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/eviction=EVICTION:add(max-entries=-1,strategy=NONE)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/expiration=EXPIRATION:add(max-idle=-1,interval=300000)
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)

1
distribution/server-overlay/src/main/version.txt Normal file
View file

@ -0,0 +1 @@
${product.name.full} - Version ${product.version}

18
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/subsystems.xml → distribution/server-provisioning.xml
View file

@ -1,4 +1,3 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
@ -15,12 +14,11 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>core-management.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem supplement="host">elytron.xml</subsystem>
</subsystems>
</config>
<server-provisioning xmlns="urn:wildfly:server-provisioning:1.2" extract-schemas="true" copy-module-artifacts="true">
<copy-artifacts>
<copy-artifact artifact="org.keycloak:keycloak-client-cli-dist:zip" to-location="" from-location="keycloak-client-tools"/>
</copy-artifacts>
<feature-packs>
<feature-pack groupId="org.keycloak" artifactId="keycloak-server-feature-pack" version="${project.version}"/>
</feature-packs>
</server-provisioning>

11
examples/authz/servlet-authz/src/main/webapp/WEB-INF/keycloak.json
View file

@ -1,13 +1,10 @@
{
"realm": "servlet-authz",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-required" : "external",
"resource" : "servlet-authz-app",
"public-client" : false,
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "servlet-authz-app",
"credentials": {
"secret": "secret"
},
"policy-enforcer": {
"on-deny-redirect-to" : "/servlet-authz-app/accessDenied.jsp"
}
"policy-enforcer": {}
}

2
examples/kerberos/README.md
View file

@ -47,7 +47,7 @@ is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid iss
**5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm for host `localhost` and enable `forwardable` flag, which is needed
for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/resources/kerberos/test-krb5.conf) for inspiration.
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/test/resources/kerberos/test-krb5.conf) for inspiration.
On OS X the file to edit (or create) is `/Library/Preferences/edu.mit.Kerberos` with the same syntax as `krb5.conf`.
On Windows the file to edit (or create) is `c:\Windows\krb5.ini` with the same syntax as `krb5.conf`.

1
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientPoliciesResource.java
View file

@ -27,6 +27,7 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
/**

6
misc/Testsuite.md
View file

@ -133,6 +133,12 @@ and provide password `secret`
Now when you access `http://localhost:8081/auth/realms/master/account` you should be logged in automatically as user `hnelson` .
Simple loadbalancer
-------------------
You can run class `SimpleUndertowLoadBalancer` from IDE. By default, it executes the embedded undertow loadbalancer running on `http://localhost:8180`, which communicates with 2 backend Keycloak nodes
running on `http://localhost:8181` and `http://localhost:8182` . See javadoc for more details.
Create many users or offline sessions
-------------------------------------

76
model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
View file

@ -19,6 +19,8 @@ package org.keycloak.connections.infinispan;
import java.util.concurrent.TimeUnit;
import org.infinispan.commons.util.FileLookup;
import org.infinispan.commons.util.FileLookupFactory;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.Configuration;
import org.infinispan.configuration.cache.ConfigurationBuilder;
@ -27,12 +29,13 @@ import org.infinispan.eviction.EvictionStrategy;
import org.infinispan.eviction.EvictionType;
import org.infinispan.manager.DefaultCacheManager;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.persistence.remote.configuration.ExhaustedAction;
import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder;
import org.infinispan.remoting.transport.jgroups.JGroupsTransport;
import org.infinispan.transaction.LockingMode;
import org.infinispan.transaction.TransactionMode;
import org.infinispan.transaction.lookup.DummyTransactionManagerLookup;
import org.jboss.logging.Logger;
import org.jgroups.JChannel;
import org.keycloak.Config;
import org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory;
import org.keycloak.models.KeycloakSession;
@ -119,7 +122,19 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
cacheManager.defineConfiguration(InfinispanConnectionProvider.USER_REVISIONS_CACHE_NAME, getRevisionCacheConfig(userRevisionsMaxEntries));
cacheManager.getCache(InfinispanConnectionProvider.USER_REVISIONS_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.AUTHENTICATION_SESSIONS_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.KEYS_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.ACTION_TOKEN_CACHE, true);
long authzRevisionsMaxEntries = cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME).getCacheConfiguration().eviction().maxEntries();
authzRevisionsMaxEntries = authzRevisionsMaxEntries > 0
? 2 * authzRevisionsMaxEntries
: InfinispanConnectionProvider.AUTHORIZATION_REVISIONS_CACHE_DEFAULT_MAX;
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHORIZATION_REVISIONS_CACHE_NAME, getRevisionCacheConfig(authzRevisionsMaxEntries));
cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_REVISIONS_CACHE_NAME, true);
logger.debugv("Using container managed Infinispan cache container, lookup={1}", cacheContainerLookup);
} catch (Exception e) {
@ -138,7 +153,8 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
boolean allowDuplicateJMXDomains = config.getBoolean("allowDuplicateJMXDomains", true);
if (clustered) {
gcb.transport().defaultTransport();
String nodeName = config.get("nodeName", System.getProperty(InfinispanConnectionProvider.JBOSS_NODE_NAME));
configureTransport(gcb, nodeName);
}
gcb.globalJmxStatistics().allowDuplicateDomains(allowDuplicateJMXDomains);
@ -151,6 +167,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
Configuration modelCacheConfiguration = modelCacheConfigBuilder.build();
cacheManager.defineConfiguration(InfinispanConnectionProvider.REALM_CACHE_NAME, modelCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME, modelCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.USER_CACHE_NAME, modelCacheConfiguration);
ConfigurationBuilder sessionConfigBuilder = new ConfigurationBuilder();
@ -180,7 +197,13 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
cacheManager.defineConfiguration(InfinispanConnectionProvider.SESSION_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHENTICATION_SESSIONS_CACHE_NAME, sessionCacheConfiguration);
// Retrieve caches to enforce rebalance
cacheManager.getCache(InfinispanConnectionProvider.SESSION_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.AUTHENTICATION_SESSIONS_CACHE_NAME, true);
ConfigurationBuilder replicationConfigBuilder = new ConfigurationBuilder();
if (clustered) {
@ -219,6 +242,17 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
cacheManager.defineConfiguration(InfinispanConnectionProvider.KEYS_CACHE_NAME, getKeysCacheConfig());
cacheManager.getCache(InfinispanConnectionProvider.KEYS_CACHE_NAME, true);
cacheManager.defineConfiguration(InfinispanConnectionProvider.ACTION_TOKEN_CACHE, getActionTokenCacheConfig());
cacheManager.getCache(InfinispanConnectionProvider.ACTION_TOKEN_CACHE, true);
long authzRevisionsMaxEntries = cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME).getCacheConfiguration().eviction().maxEntries();
authzRevisionsMaxEntries = authzRevisionsMaxEntries > 0
? 2 * authzRevisionsMaxEntries
: InfinispanConnectionProvider.AUTHORIZATION_REVISIONS_CACHE_DEFAULT_MAX;
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHORIZATION_REVISIONS_CACHE_NAME, getRevisionCacheConfig(authzRevisionsMaxEntries));
cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_REVISIONS_CACHE_NAME, true);
}
private Configuration getRevisionCacheConfig(long maxEntries) {
@ -269,4 +303,40 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
return cb.build();
}
private Configuration getActionTokenCacheConfig() {
ConfigurationBuilder cb = new ConfigurationBuilder();
cb.eviction()
.strategy(EvictionStrategy.NONE)
.type(EvictionType.COUNT)
.size(InfinispanConnectionProvider.ACTION_TOKEN_CACHE_DEFAULT_MAX);
cb.expiration()
.maxIdle(InfinispanConnectionProvider.ACTION_TOKEN_MAX_IDLE_SECONDS, TimeUnit.SECONDS)
.wakeUpInterval(InfinispanConnectionProvider.ACTION_TOKEN_WAKE_UP_INTERVAL_SECONDS, TimeUnit.SECONDS);
return cb.build();
}
protected void configureTransport(GlobalConfigurationBuilder gcb, String nodeName) {
if (nodeName == null) {
gcb.transport().defaultTransport();
} else {
FileLookup fileLookup = FileLookupFactory.newInstance();
try {
// Compatibility with Wildfly
JChannel channel = new JChannel(fileLookup.lookupFileLocation("default-configs/default-jgroups-udp.xml", this.getClass().getClassLoader()));
channel.setName(nodeName);
JGroupsTransport transport = new JGroupsTransport(channel);
gcb.transport().nodeName(nodeName);
gcb.transport().transport(transport);
logger.infof("Configured jgroups transport with the channel name: %s", nodeName);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
}

11
model/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionProvider.java
View file

@ -36,13 +36,24 @@ public interface InfinispanConnectionProvider extends Provider {
String SESSION_CACHE_NAME = "sessions";
String OFFLINE_SESSION_CACHE_NAME = "offlineSessions";
String LOGIN_FAILURE_CACHE_NAME = "loginFailures";
String AUTHENTICATION_SESSIONS_CACHE_NAME = "authenticationSessions";
String WORK_CACHE_NAME = "work";
String AUTHORIZATION_CACHE_NAME = "authorization";
String AUTHORIZATION_REVISIONS_CACHE_NAME = "authorizationRevisions";
int AUTHORIZATION_REVISIONS_CACHE_DEFAULT_MAX = 20000;
String ACTION_TOKEN_CACHE = "actionTokens";
int ACTION_TOKEN_CACHE_DEFAULT_MAX = -1;
int ACTION_TOKEN_MAX_IDLE_SECONDS = -1;
long ACTION_TOKEN_WAKE_UP_INTERVAL_SECONDS = 5 * 60 * 1000l;
String KEYS_CACHE_NAME = "keys";
int KEYS_CACHE_DEFAULT_MAX = 1000;
int KEYS_CACHE_MAX_IDLE_SECONDS = 3600;
// System property used on Wildfly to identify distributedCache address and sticky session route
String JBOSS_NODE_NAME = "jboss.node.name";
<K, V> Cache<K, V> getCache(String name);

73
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/AbstractCachedStore.java
View file

@ -1,73 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.authorization.infinispan;
import java.util.Arrays;
import java.util.List;
import org.keycloak.authorization.store.StoreFactory;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public abstract class AbstractCachedStore {
private final InfinispanStoreFactoryProvider cacheStoreFactory;
private final StoreFactory storeFactory;
AbstractCachedStore(InfinispanStoreFactoryProvider cacheStoreFactory, StoreFactory storeFactory) {
this.cacheStoreFactory = cacheStoreFactory;
this.storeFactory = storeFactory;
}
protected void addInvalidation(String cacheKeyForPolicy) {
getCachedStoreFactory().addInvalidation(cacheKeyForPolicy);
}
protected <E> E putCacheEntry(String resourceServerId, String cacheKeyForPolicy, E cachedPolicy) {
cacheStoreFactory.putCacheEntry(resourceServerId, cacheKeyForPolicy, Arrays.asList(cachedPolicy));
return cachedPolicy;
}
protected List<Object> resolveCacheEntry(String resourceServerId, String cacheKeyForPolicy) {
return cacheStoreFactory.resolveCachedEntry(resourceServerId, cacheKeyForPolicy);
}
protected void removeCachedEntry(String resourceServerId, String key) {
getCachedStoreFactory().removeCachedEntry(resourceServerId, key);
}
protected void invalidate(String resourceServerId) {
cacheStoreFactory.invalidate(resourceServerId);
}
protected StoreFactory getStoreFactory() {
return this.storeFactory;
}
protected boolean isInvalid(String cacheKey) {
return cacheStoreFactory.isInvalid(cacheKey);
}
protected InfinispanStoreFactoryProvider.CacheTransaction getTransaction() {
return cacheStoreFactory.getTransaction();
}
protected InfinispanStoreFactoryProvider getCachedStoreFactory() {
return cacheStoreFactory;
}
}

500
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java
View file

@ -1,500 +0,0 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2016 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.authorization.infinispan;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedPolicyStore extends AbstractCachedStore implements PolicyStore {
private static final String POLICY_CACHE_PREFIX = "pc-";
private PolicyStore delegate;
public CachedPolicyStore(InfinispanStoreFactoryProvider cacheStoreFactory, StoreFactory storeFactory) {
super(cacheStoreFactory, storeFactory);
this.delegate = storeFactory.getPolicyStore();
}
@Override
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
Policy policy = getDelegate().create(representation, getStoreFactory().getResourceServerStore().findById(resourceServer.getId()));
String id = policy.getId();
addInvalidation(getCacheKeyForPolicy(policy.getId()));
addInvalidation(getCacheKeyForPolicyName(policy.getName()));
addInvalidation(getCacheKeyForPolicyType(policy.getType()));
configureTransaction(resourceServer, id);
return createAdapter(new CachedPolicy(policy));
}
@Override
public void delete(String id) {
Policy policy = getDelegate().findById(id, null);
if (policy == null) {
return;
}
addInvalidation(getCacheKeyForPolicy(policy.getId()));
addInvalidation(getCacheKeyForPolicyName(policy.getName()));
addInvalidation(getCacheKeyForPolicyType(policy.getType()));
getDelegate().delete(id);
configureTransaction(policy.getResourceServer(), policy.getId());
}
@Override
public Policy findById(String id, String resourceServerId) {
if (resourceServerId == null) {
return getDelegate().findById(id, null);
}
if (isInvalid(getCacheKeyForPolicy(id))) {
return getDelegate().findById(id, resourceServerId);
}
String cacheKeyForPolicy = getCacheKeyForPolicy(id);
List<Object> cached = resolveCacheEntry(resourceServerId, cacheKeyForPolicy);
if (cached == null) {
Policy policy = getDelegate().findById(id, resourceServerId);
if (policy != null) {
return createAdapter(putCacheEntry(resourceServerId, cacheKeyForPolicy, new CachedPolicy(policy)));
}
return null;
}
return createAdapter(CachedPolicy.class.cast(cached.get(0)));
}
@Override
public Policy findByName(String name, String resourceServerId) {
String cacheKey = getCacheKeyForPolicyName(name);
if (isInvalid(cacheKey)) {
return getDelegate().findByName(name, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> {
Policy policy = getDelegate().findByName(name, resourceServerId);
if (policy == null) {
return Collections.emptyList();
}
return Arrays.asList(policy);
}).stream().findFirst().orElse(null);
}
@Override
public List<Policy> findByResourceServer(String resourceServerId) {
return getDelegate().findByResourceServer(resourceServerId);
}
@Override
public List<Policy> findByResourceServer(Map<String, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
return getDelegate().findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
}
@Override
public List<Policy> findByResource(String resourceId, String resourceServerId) {
String cacheKey = getCacheKeyForResource(resourceId);
if (isInvalid(cacheKey)) {
return getDelegate().findByResource(resourceId, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> getDelegate().findByResource(resourceId, resourceServerId));
}
@Override
public List<Policy> findByResourceType(String resourceType, String resourceServerId) {
String cacheKey = getCacheKeyForResourceType(resourceType);
if (isInvalid(cacheKey)) {
return getDelegate().findByResourceType(resourceType, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> getDelegate().findByResourceType(resourceType, resourceServerId));
}
@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
List<Policy> policies = new ArrayList<>();
for (String scopeId : scopeIds) {
String cacheKey = getCacheForScope(scopeId);
if (isInvalid(cacheKey)) {
policies.addAll(getDelegate().findByScopeIds(Arrays.asList(scopeId), resourceServerId));
} else {
policies.addAll(cacheResult(resourceServerId, cacheKey, () -> getDelegate().findByScopeIds(Arrays.asList(scopeId), resourceServerId)));
}
}
return policies;
}
@Override
public List<Policy> findByType(String type, String resourceServerId) {
String cacheKey = getCacheKeyForPolicyType(type);
if (isInvalid(cacheKey)) {
return getDelegate().findByType(type, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> getDelegate().findByType(type, resourceServerId));
}
@Override
public List<Policy> findDependentPolicies(String id, String resourceServerId) {
return getDelegate().findDependentPolicies(id, resourceServerId);
}
private String getCacheKeyForPolicy(String id) {
return new StringBuilder().append(POLICY_CACHE_PREFIX).append("id-").append(id).toString();
}
private String getCacheKeyForPolicyType(String type) {
return new StringBuilder().append(POLICY_CACHE_PREFIX).append("findByType-").append(type).toString();
}
private String getCacheKeyForPolicyName(String name) {
return new StringBuilder().append(POLICY_CACHE_PREFIX).append("findByName-").append(name).toString();
}
private String getCacheKeyForResourceType(String resourceType) {
return new StringBuilder().append(POLICY_CACHE_PREFIX).append("findByResourceType-").append(resourceType).toString();
}
private String getCacheForScope(String scopeId) {
return new StringBuilder().append(POLICY_CACHE_PREFIX).append("findByScopeIds-").append(scopeId).toString();
}
private String getCacheKeyForResource(String resourceId) {
return new StringBuilder().append(POLICY_CACHE_PREFIX).append("findByResource-").append(resourceId).toString();
}
private Policy createAdapter(CachedPolicy cached) {
return new Policy() {
private Set<Scope> scopes;
private Set<Resource> resources;
private Set<Policy> associatedPolicies;
private Policy updated;
@Override
public String getId() {
return cached.getId();
}
@Override
public String getType() {
return cached.getType();
}
@Override
public DecisionStrategy getDecisionStrategy() {
return cached.getDecisionStrategy();
}
@Override
public void setDecisionStrategy(DecisionStrategy decisionStrategy) {
getDelegateForUpdate().setDecisionStrategy(decisionStrategy);
cached.setDecisionStrategy(decisionStrategy);
}
@Override
public Logic getLogic() {
return cached.getLogic();
}
@Override
public void setLogic(Logic logic) {
getDelegateForUpdate().setLogic(logic);
cached.setLogic(logic);
}
@Override
public Map<String, String> getConfig() {
return new HashMap<>(cached.getConfig());
}
@Override
public void setConfig(Map<String, String> config) {
String resourceType = config.get("defaultResourceType");
if (resourceType != null) {
addInvalidation(getCacheKeyForResourceType(resourceType));
String cachedResourceType = cached.getConfig().get("defaultResourceType");
if (cachedResourceType != null && !resourceType.equals(cachedResourceType)) {
addInvalidation(getCacheKeyForResourceType(cachedResourceType));
}
}
getDelegateForUpdate().setConfig(config);
cached.setConfig(config);
}
@Override
public String getName() {
return cached.getName();
}
@Override
public void setName(String name) {
addInvalidation(getCacheKeyForPolicyName(name));
addInvalidation(getCacheKeyForPolicyName(cached.getName()));
getDelegateForUpdate().setName(name);
cached.setName(name);
}
@Override
public String getDescription() {
return cached.getDescription();
}
@Override
public void setDescription(String description) {
getDelegateForUpdate().setDescription(description);
cached.setDescription(description);
}
@Override
public ResourceServer getResourceServer() {
return getCachedStoreFactory().getResourceServerStore().findById(cached.getResourceServerId());
}
@Override
public void addScope(Scope scope) {
Scope model = getStoreFactory().getScopeStore().findById(scope.getId(), cached.getResourceServerId());
addInvalidation(getCacheForScope(model.getId()));
getDelegateForUpdate().addScope(model);
cached.addScope(scope);
scopes.add(scope);
}
@Override
public void removeScope(Scope scope) {
Scope model = getStoreFactory().getScopeStore().findById(scope.getId(), cached.getResourceServerId());
addInvalidation(getCacheForScope(scope.getId()));
getDelegateForUpdate().removeScope(model);
cached.removeScope(scope);
scopes.remove(scope);
}
@Override
public void addAssociatedPolicy(Policy associatedPolicy) {
getDelegateForUpdate().addAssociatedPolicy(getStoreFactory().getPolicyStore().findById(associatedPolicy.getId(), cached.getResourceServerId()));
cached.addAssociatedPolicy(associatedPolicy);
}
@Override
public void removeAssociatedPolicy(Policy associatedPolicy) {
getDelegateForUpdate().removeAssociatedPolicy(getStoreFactory().getPolicyStore().findById(associatedPolicy.getId(), cached.getResourceServerId()));
cached.removeAssociatedPolicy(associatedPolicy);
associatedPolicies.remove(associatedPolicy);
}
@Override
public void addResource(Resource resource) {
Resource model = getStoreFactory().getResourceStore().findById(resource.getId(), cached.getResourceServerId());
addInvalidation(getCacheKeyForResource(model.getId()));
if (model.getType() != null) {
addInvalidation(getCacheKeyForResourceType(model.getType()));
}
getDelegateForUpdate().addResource(model);
cached.addResource(resource);
resources.add(resource);
}
@Override
public void removeResource(Resource resource) {
Resource model = getStoreFactory().getResourceStore().findById(resource.getId(), cached.getResourceServerId());
addInvalidation(getCacheKeyForResource(model.getId()));
if (model.getType() != null) {
addInvalidation(getCacheKeyForResourceType(model.getType()));
}
getDelegateForUpdate().removeResource(model);
cached.removeResource(resource);
resources.remove(resource);
}
@Override
public Set<Policy> getAssociatedPolicies() {
if (associatedPolicies == null || updated != null) {
associatedPolicies = new HashSet<>();
for (String id : cached.getAssociatedPoliciesIds()) {
Policy policy = findById(id, cached.getResourceServerId());
if (policy != null) {
associatedPolicies.add(policy);
}
}
}
return associatedPolicies;
}
@Override
public Set<Resource> getResources() {
if (resources == null || updated != null) {
resources = new HashSet<>();
for (String id : cached.getResourcesIds()) {
Resource resource = getCachedStoreFactory().getResourceStore().findById(id, cached.getResourceServerId());
if (resource != null) {
resources.add(resource);
}
}
}
return resources;
}
@Override
public Set<Scope> getScopes() {
if (scopes == null || updated != null) {
scopes = new HashSet<>();
for (String id : cached.getScopesIds()) {
Scope scope = getCachedStoreFactory().getScopeStore().findById(id, cached.getResourceServerId());
if (scope != null) {
scopes.add(scope);
}
}
}
return scopes;
}
@Override
public boolean equals(Object o) {
if (o == this) return true;
if (getId() == null) return false;
if (!Policy.class.isInstance(o)) return false;
Policy that = (Policy) o;
if (!getId().equals(that.getId())) return false;
return true;
}
@Override
public int hashCode() {
return getId()!=null ? getId().hashCode() : super.hashCode();
}
private Policy getDelegateForUpdate() {
if (this.updated == null) {
this.updated = getDelegate().findById(getId(), cached.getResourceServerId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
addInvalidation(getCacheKeyForPolicy(updated.getId()));
configureTransaction(updated.getResourceServer(), updated.getId());
}
return this.updated;
}
};
}
private List<Policy> cacheResult(String resourceServerId, String key, Supplier<List<Policy>> provider) {
List<Object> cached = getCachedStoreFactory().computeIfCachedEntryAbsent(resourceServerId, key, (Function<String, List<Object>>) o -> {
List<Policy> result = provider.get();
if (result.isEmpty()) {
return Collections.emptyList();
}
return result.stream().map(policy -> policy.getId()).collect(Collectors.toList());
});
if (cached == null) {
return Collections.emptyList();
}
return cached.stream().map(id -> findById(id.toString(), resourceServerId)).collect(Collectors.toList());
}
private void configureTransaction(ResourceServer resourceServer, String id) {
getTransaction().whenRollback(() -> removeCachedEntry(resourceServer.getId(), getCacheKeyForPolicy(id)));
getTransaction().whenCommit(() -> invalidate(resourceServer.getId()));
}
private PolicyStore getDelegate() {
return delegate;
}
void addInvalidations(Object object) {
if (Resource.class.isInstance(object)) {
Resource resource = (Resource) object;
addInvalidation(getCacheKeyForResource(resource.getId()));
String type = resource.getType();
if (type != null) {
addInvalidation(getCacheKeyForResourceType(type));
}
} else if (Scope.class.isInstance(object)) {
Scope scope = (Scope) object;
addInvalidation(getCacheForScope(scope.getId()));
} else {
throw new RuntimeException("Unexpected notification [" + object + "]");
}
}
}

172
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java
View file

@ -1,172 +0,0 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2016 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.authorization.infinispan;
import java.util.List;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.authorization.infinispan.entities.CachedResourceServer;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedResourceServerStore extends AbstractCachedStore implements ResourceServerStore {
private static final String RS_PREFIX = "rs-";
private final ResourceServerStore delegate;
public CachedResourceServerStore(InfinispanStoreFactoryProvider cachedStoreFactory, StoreFactory storeFactory) {
super(cachedStoreFactory, storeFactory);
this.delegate = storeFactory.getResourceServerStore();
}
@Override
public ResourceServer create(String clientId) {
ResourceServer resourceServer = getDelegate().create(clientId);
getTransaction().whenCommit(() -> getCachedStoreFactory().removeEntries(resourceServer));
getTransaction().whenRollback(() -> removeCachedEntry(resourceServer.getId(), getCacheKeyForResourceServer(resourceServer.getId())));
return createAdapter(new CachedResourceServer(resourceServer));
}
@Override
public void delete(String id) {
ResourceServer resourceServer = getDelegate().findById(id);
if (resourceServer != null) {
getDelegate().delete(id);
getTransaction().whenCommit(() -> getCachedStoreFactory().removeEntries(resourceServer));
}
}
@Override
public ResourceServer findById(String id) {
String cacheKey = getCacheKeyForResourceServer(id);
if (isInvalid(cacheKey)) {
return getDelegate().findById(id);
}
List<Object> cached = resolveCacheEntry(id, cacheKey);
if (cached == null) {
ResourceServer resourceServer = getDelegate().findById(id);
if (resourceServer != null) {
return createAdapter(putCacheEntry(id, cacheKey, new CachedResourceServer(resourceServer)));
}
return null;
}
return createAdapter(CachedResourceServer.class.cast(cached.get(0)));
}
@Override
public ResourceServer findByClient(String id) {
String cacheKey = getCacheKeyForResourceServerClientId(id);
if (isInvalid(cacheKey)) {
return getDelegate().findByClient(id);
}
List<Object> cached = resolveCacheEntry(id, cacheKey);
if (cached == null) {
ResourceServer resourceServer = getDelegate().findByClient(id);
if (resourceServer != null) {
return findById(putCacheEntry(id, cacheKey, resourceServer.getId()));
}
return null;
}
return findById(cached.get(0).toString());
}
private String getCacheKeyForResourceServer(String id) {
return new StringBuilder(RS_PREFIX).append("id-").append(id).toString();
}
private String getCacheKeyForResourceServerClientId(String id) {
return new StringBuilder(RS_PREFIX).append("findByClientId-").append(id).toString();
}
private ResourceServerStore getDelegate() {
return this.delegate;
}
private ResourceServer createAdapter(ResourceServer cached) {
return new ResourceServer() {
private ResourceServer updated;
@Override
public String getId() {
return cached.getId();
}
@Override
public String getClientId() {
return cached.getClientId();
}
@Override
public boolean isAllowRemoteResourceManagement() {
return cached.isAllowRemoteResourceManagement();
}
@Override
public void setAllowRemoteResourceManagement(boolean allowRemoteResourceManagement) {
getDelegateForUpdate().setAllowRemoteResourceManagement(allowRemoteResourceManagement);
cached.setAllowRemoteResourceManagement(allowRemoteResourceManagement);
}
@Override
public PolicyEnforcementMode getPolicyEnforcementMode() {
return cached.getPolicyEnforcementMode();
}
@Override
public void setPolicyEnforcementMode(PolicyEnforcementMode enforcementMode) {
getDelegateForUpdate().setPolicyEnforcementMode(enforcementMode);
cached.setPolicyEnforcementMode(enforcementMode);
}
private ResourceServer getDelegateForUpdate() {
if (this.updated == null) {
this.updated = getDelegate().findById(getId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
addInvalidation(getCacheKeyForResourceServer(updated.getId()));
getTransaction().whenCommit(() -> {
invalidate(updated.getId());
});
}
return this.updated;
}
};
}
}

321
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceStore.java
View file

@ -1,321 +0,0 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2016 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.authorization.infinispan;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.authorization.infinispan.entities.CachedResource;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedResourceStore extends AbstractCachedStore implements ResourceStore {
private static final String RESOURCE_CACHE_PREFIX = "rs-";
private ResourceStore delegate;
public CachedResourceStore(InfinispanStoreFactoryProvider cacheStoreFactory, StoreFactory storeFactory) {
super(cacheStoreFactory, storeFactory);
delegate = storeFactory.getResourceStore();
}
@Override
public Resource create(String name, ResourceServer resourceServer, String owner) {
Resource resource = getDelegate().create(name, getStoreFactory().getResourceServerStore().findById(resourceServer.getId()), owner);
addInvalidation(getCacheKeyForResource(resource.getId()));
addInvalidation(getCacheKeyForResourceName(resource.getName()));
addInvalidation(getCacheKeyForOwner(owner));
getCachedStoreFactory().getPolicyStore().addInvalidations(resource);
getTransaction().whenRollback(() -> removeCachedEntry(resourceServer.getId(), getCacheKeyForResource(resource.getId())));
getTransaction().whenCommit(() -> invalidate(resourceServer.getId()));
return createAdapter(new CachedResource(resource));
}
@Override
public void delete(String id) {
Resource resource = getDelegate().findById(id, null);
if (resource == null) {
return;
}
ResourceServer resourceServer = resource.getResourceServer();
addInvalidation(getCacheKeyForResource(resource.getId()));
addInvalidation(getCacheKeyForResourceName(resource.getName()));
addInvalidation(getCacheKeyForOwner(resource.getOwner()));
addInvalidation(getCacheKeyForUri(resource.getUri()));
getCachedStoreFactory().getPolicyStore().addInvalidations(resource);
getDelegate().delete(id);
getTransaction().whenCommit(() -> {
invalidate(resourceServer.getId());
});
}
@Override
public Resource findById(String id, String resourceServerId) {
String cacheKeyForResource = getCacheKeyForResource(id);
if (isInvalid(cacheKeyForResource)) {
return getDelegate().findById(id, resourceServerId);
}
List<Object> cached = resolveCacheEntry(resourceServerId, cacheKeyForResource);
if (cached == null) {
Resource resource = getDelegate().findById(id, resourceServerId);
if (resource != null) {
return createAdapter(putCacheEntry(resourceServerId, cacheKeyForResource, new CachedResource(resource)));
}
return null;
}
return createAdapter(CachedResource.class.cast(cached.get(0)));
}
@Override
public List<Resource> findByOwner(String ownerId, String resourceServerId) {
String cacheKey = getCacheKeyForOwner(ownerId);
if (isInvalid(cacheKey)) {
return getDelegate().findByOwner(ownerId, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> getDelegate().findByOwner(ownerId, resourceServerId));
}
@Override
public List<Resource> findByUri(String uri, String resourceServerId) {
String cacheKey = getCacheKeyForUri(uri);
if (isInvalid(cacheKey)) {
return getDelegate().findByUri(uri, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> getDelegate().findByUri(uri, resourceServerId));
}
@Override
public List<Resource> findByResourceServer(String resourceServerId) {
return getDelegate().findByResourceServer(resourceServerId);
}
@Override
public List<Resource> findByResourceServer(Map<String, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
return getDelegate().findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
}
@Override
public List<Resource> findByScope(List<String> id, String resourceServerId) {
return getDelegate().findByScope(id, resourceServerId);
}
@Override
public Resource findByName(String name, String resourceServerId) {
String cacheKey = getCacheKeyForResourceName(name);
if (isInvalid(cacheKey)) {
return getDelegate().findByName(name, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> {
Resource resource = getDelegate().findByName(name, resourceServerId);
if (resource == null) {
return Collections.emptyList();
}
return Arrays.asList(resource);
}).stream().findFirst().orElse(null);
}
@Override
public List<Resource> findByType(String type, String resourceServerId) {
return getDelegate().findByType(type, resourceServerId);
}
private String getCacheKeyForResource(String id) {
return new StringBuilder(RESOURCE_CACHE_PREFIX).append("id-").append(id).toString();
}
private String getCacheKeyForResourceName(String name) {
return new StringBuilder(RESOURCE_CACHE_PREFIX).append("findByName-").append(name).toString();
}
private String getCacheKeyForOwner(String name) {
return new StringBuilder(RESOURCE_CACHE_PREFIX).append("findByOwner-").append(name).toString();
}
private String getCacheKeyForUri(String uri) {
return new StringBuilder(RESOURCE_CACHE_PREFIX).append("findByUri-").append(uri).toString();
}
private ResourceStore getDelegate() {
return this.delegate;
}
private List<Resource> cacheResult(String resourceServerId, String key, Supplier<List<Resource>> provider) {
List<Object> cached = getCachedStoreFactory().computeIfCachedEntryAbsent(resourceServerId, key, (Function<String, List<Object>>) o -> {
List<Resource> result = provider.get();
if (result.isEmpty()) {
return Collections.emptyList();
}
return result.stream().map(policy -> policy.getId()).collect(Collectors.toList());
});
if (cached == null) {
return Collections.emptyList();
}
return cached.stream().map(id -> findById(id.toString(), resourceServerId)).collect(Collectors.toList());
}
private Resource createAdapter(CachedResource cached) {
return new Resource() {
private List<Scope> scopes;
private Resource updated;
@Override
public String getId() {
return cached.getId();
}
@Override
public String getName() {
return cached.getName();
}
@Override
public void setName(String name) {
addInvalidation(getCacheKeyForResourceName(name));
addInvalidation(getCacheKeyForResourceName(cached.getName()));
getDelegateForUpdate().setName(name);
cached.setName(name);
}
@Override
public String getUri() {
return cached.getUri();
}
@Override
public void setUri(String uri) {
addInvalidation(getCacheKeyForUri(uri));
addInvalidation(getCacheKeyForUri(cached.getUri()));
getDelegateForUpdate().setUri(uri);
cached.setUri(uri);
}
@Override
public String getType() {
return cached.getType();
}
@Override
public void setType(String type) {
getCachedStoreFactory().getPolicyStore().addInvalidations(cached);
getDelegateForUpdate().setType(type);
cached.setType(type);
}
@Override
public List<Scope> getScopes() {
if (scopes == null) {
scopes = new ArrayList<>();
for (String id : cached.getScopesIds()) {
Scope scope = getCachedStoreFactory().getScopeStore().findById(id, cached.getResourceServerId());
if (scope != null) {
scopes.add(scope);
}
}
}
return scopes;
}
@Override
public String getIconUri() {
return cached.getIconUri();
}
@Override
public void setIconUri(String iconUri) {
getDelegateForUpdate().setIconUri(iconUri);
cached.setIconUri(iconUri);
}
@Override
public ResourceServer getResourceServer() {
return getCachedStoreFactory().getResourceServerStore().findById(cached.getResourceServerId());
}
@Override
public String getOwner() {
return cached.getOwner();
}
@Override
public void updateScopes(Set<Scope> scopes) {
getDelegateForUpdate().updateScopes(scopes.stream().map(scope -> getStoreFactory().getScopeStore().findById(scope.getId(), cached.getResourceServerId())).collect(Collectors.toSet()));
cached.updateScopes(scopes);
}
private Resource getDelegateForUpdate() {
if (this.updated == null) {
String resourceServerId = cached.getResourceServerId();
this.updated = getDelegate().findById(getId(), resourceServerId);
if (this.updated == null) throw new IllegalStateException("Not found in database");
addInvalidation(getCacheKeyForResource(updated.getId()));
getCachedStoreFactory().getPolicyStore().addInvalidations(updated);
getTransaction().whenCommit(() -> invalidate(resourceServerId));
getTransaction().whenRollback(() -> removeCachedEntry(resourceServerId, getCacheKeyForResource(cached.getId())));
}
return this.updated;
}
};
}
}

231
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedScopeStore.java
View file

@ -1,231 +0,0 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2016 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.authorization.infinispan;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.authorization.infinispan.entities.CachedScope;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedScopeStore extends AbstractCachedStore implements ScopeStore {
private static final String SCOPE_CACHE_PREFIX = "scp-";
private final ScopeStore delegate;
public CachedScopeStore(InfinispanStoreFactoryProvider cacheStoreFactory, StoreFactory storeFactory) {
super(cacheStoreFactory, storeFactory);
this.delegate = storeFactory.getScopeStore();
}
@Override
public Scope create(String name, ResourceServer resourceServer) {
Scope scope = getDelegate().create(name, getStoreFactory().getResourceServerStore().findById(resourceServer.getId()));
addInvalidation(getCacheKeyForScope(scope.getId()));
addInvalidation(getCacheKeyForScopeName(scope.getName()));
getCachedStoreFactory().getPolicyStore().addInvalidations(scope);
getTransaction().whenRollback(() -> removeCachedEntry(resourceServer.getId(), getCacheKeyForScope(scope.getId())));
getTransaction().whenCommit(() -> invalidate(resourceServer.getId()));
return createAdapter(new CachedScope(scope));
}
@Override
public void delete(String id) {
Scope scope = getDelegate().findById(id, null);
if (scope == null) {
return;
}
ResourceServer resourceServer = scope.getResourceServer();
addInvalidation(getCacheKeyForScope(scope.getId()));
addInvalidation(getCacheKeyForScopeName(scope.getName()));
getCachedStoreFactory().getPolicyStore().addInvalidations(scope);
getDelegate().delete(id);
getTransaction().whenCommit(() -> invalidate(resourceServer.getId()));
}
@Override
public Scope findById(String id, String resourceServerId) {
String cacheKey = getCacheKeyForScope(id);
if (isInvalid(cacheKey)) {
return getDelegate().findById(id, resourceServerId);
}
List<Object> cached = resolveCacheEntry(resourceServerId, cacheKey);
if (cached == null) {
Scope scope = getDelegate().findById(id, resourceServerId);
if (scope != null) {
return createAdapter(putCacheEntry(resourceServerId, cacheKey, new CachedScope(scope)));
}
return null;
}
return createAdapter(CachedScope.class.cast(cached.get(0)));
}
@Override
public Scope findByName(String name, String resourceServerId) {
String cacheKey = getCacheKeyForScopeName(name);
if (isInvalid(cacheKey)) {
return getDelegate().findByName(name, resourceServerId);
}
return cacheResult(resourceServerId, cacheKey, () -> {
Scope scope = getDelegate().findByName(name, resourceServerId);
if (scope == null) {
return Collections.emptyList();
}
return Arrays.asList(scope);
}).stream().findFirst().orElse(null);
}
@Override
public List<Scope> findByResourceServer(String id) {
return getDelegate().findByResourceServer(id);
}
@Override
public List<Scope> findByResourceServer(Map<String, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
return getDelegate().findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
}
private String getCacheKeyForScope(String id) {
return new StringBuilder(SCOPE_CACHE_PREFIX).append("id-").append(id).toString();
}
private String getCacheKeyForScopeName(String name) {
return new StringBuilder(SCOPE_CACHE_PREFIX).append("findByName-").append(name).toString();
}
private ScopeStore getDelegate() {
return this.delegate;
}
private List<Scope> cacheResult(String resourceServerId, String key, Supplier<List<Scope>> provider) {
List<Object> cached = getCachedStoreFactory().computeIfCachedEntryAbsent(resourceServerId, key, (Function<String, List<Object>>) o -> {
List<Scope> result = provider.get();
if (result.isEmpty()) {
return Collections.emptyList();
}
return result.stream().map(policy -> policy.getId()).collect(Collectors.toList());
});
if (cached == null) {
return Collections.emptyList();
}
return cached.stream().map(id -> findById(id.toString(), resourceServerId)).collect(Collectors.toList());
}
private Scope createAdapter(CachedScope cached) {
return new Scope() {
private Scope updated;
@Override
public String getId() {
return cached.getId();
}
@Override
public String getName() {
return cached.getName();
}
@Override
public void setName(String name) {
addInvalidation(getCacheKeyForScopeName(name));
addInvalidation(getCacheKeyForScopeName(cached.getName()));
getDelegateForUpdate().setName(name);
cached.setName(name);
}
@Override
public String getIconUri() {
return cached.getIconUri();
}
@Override
public void setIconUri(String iconUri) {
getDelegateForUpdate().setIconUri(iconUri);
cached.setIconUri(iconUri);
}
@Override
public ResourceServer getResourceServer() {
return getCachedStoreFactory().getResourceServerStore().findById(cached.getResourceServerId());
}
private Scope getDelegateForUpdate() {
if (this.updated == null) {
this.updated = getDelegate().findById(getId(), cached.getResourceServerId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
addInvalidation(getCacheKeyForScope(updated.getId()));
getCachedStoreFactory().getPolicyStore().addInvalidations(updated);
getTransaction().whenCommit(() -> invalidate(cached.getResourceServerId()));
getTransaction().whenRollback(() -> removeCachedEntry(cached.getResourceServerId(), getCacheKeyForScope(cached.getId())));
}
return this.updated;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !Scope.class.isInstance(o)) return false;
Scope that = (Scope) o;
return Objects.equals(getId(), that.getId());
}
@Override
public int hashCode() {
return Objects.hash(getId());
}
};
}
}

Some files were not shown because too many files have changed in this diff Show more