KEYCLOAK-5522 Base for Fuse 7 adapter
This commit is contained in:
parent
06f108df3b
commit
ae690e0679
6 changed files with 184 additions and 10 deletions
|
@ -36,7 +36,7 @@
|
||||||
org.keycloak.adapters.osgi.*
|
org.keycloak.adapters.osgi.*
|
||||||
</keycloak.osgi.export>
|
</keycloak.osgi.export>
|
||||||
<keycloak.osgi.import>
|
<keycloak.osgi.import>
|
||||||
org.ops4j.pax.web.*;version="[3.0,5)",
|
org.ops4j.pax.web.*;version="[3.0,8)",
|
||||||
javax.servlet.*;version="[2.5,4)";resolution:=optional,
|
javax.servlet.*;version="[2.5,4)";resolution:=optional,
|
||||||
org.eclipse.jetty.*;version="[8.1,10)";resolution:=optional,
|
org.eclipse.jetty.*;version="[8.1,10)";resolution:=optional,
|
||||||
org.keycloak.*;version="${project.version}",
|
org.keycloak.*;version="${project.version}",
|
||||||
|
|
|
@ -29,6 +29,7 @@ import org.osgi.util.tracker.ServiceTrackerCustomizer;
|
||||||
|
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -47,7 +48,7 @@ public class PaxWebIntegrationService {
|
||||||
|
|
||||||
private BundleContext bundleContext;
|
private BundleContext bundleContext;
|
||||||
private String jettyWebXmlLocation;
|
private String jettyWebXmlLocation;
|
||||||
private List<ConstraintMapping> constraintMappings; // Using jetty constraint mapping just because of compatibility with other fuse services
|
private List<Object> constraintMappings;
|
||||||
|
|
||||||
private ServiceTracker webContainerTracker;
|
private ServiceTracker webContainerTracker;
|
||||||
private HttpContext httpContext;
|
private HttpContext httpContext;
|
||||||
|
@ -68,11 +69,11 @@ public class PaxWebIntegrationService {
|
||||||
this.jettyWebXmlLocation = jettyWebXmlLocation;
|
this.jettyWebXmlLocation = jettyWebXmlLocation;
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<ConstraintMapping> getConstraintMappings() {
|
public List<Object> getConstraintMappings() {
|
||||||
return constraintMappings;
|
return constraintMappings;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setConstraintMappings(List<ConstraintMapping> constraintMappings) {
|
public void setConstraintMappings(List<Object> constraintMappings) {
|
||||||
this.constraintMappings = constraintMappings;
|
this.constraintMappings = constraintMappings;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -120,8 +121,25 @@ public class PaxWebIntegrationService {
|
||||||
if (constraintMappings == null) {
|
if (constraintMappings == null) {
|
||||||
throw new IllegalStateException("constraintMappings was null!");
|
throw new IllegalStateException("constraintMappings was null!");
|
||||||
}
|
}
|
||||||
for (ConstraintMapping constraintMapping : constraintMappings) {
|
List<ConstraintHandler> handlers = new ArrayList<>();
|
||||||
addConstraintMapping(service, constraintMapping);
|
try {
|
||||||
|
handlers.add(new JettyConstraintHandler());
|
||||||
|
} catch (Throwable t) {
|
||||||
|
// Ignore
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
handlers.add(new PaxWebConstraintHandler());
|
||||||
|
} catch (Throwable t) {
|
||||||
|
// Ignore
|
||||||
|
}
|
||||||
|
for (Object constraintMapping : constraintMappings) {
|
||||||
|
boolean handled = false;
|
||||||
|
for (ConstraintHandler handler : handlers) {
|
||||||
|
handled |= handler.addConstraintMapping(httpContext, service, constraintMapping);
|
||||||
|
}
|
||||||
|
if (!handled) {
|
||||||
|
log.warnv("Unable to add constraint mapping for constraint of type " + constraintMapping.getClass().toString());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
service.registerLoginConfig("BASIC", "does-not-matter", null, null, httpContext);
|
service.registerLoginConfig("BASIC", "does-not-matter", null, null, httpContext);
|
||||||
|
@ -146,6 +164,16 @@ public class PaxWebIntegrationService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void addConstraintMapping(WebContainer service, PaxWebSecurityConstraintMapping constraintMapping) {
|
||||||
|
String name = constraintMapping.getConstraintName();
|
||||||
|
if (name == null) {
|
||||||
|
name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
|
||||||
|
}
|
||||||
|
log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getUrl() + ", dataConstraint=" + constraintMapping.getDataConstraint() + ", canAuthenticate="
|
||||||
|
+ constraintMapping.isAuthentication() + ", roles=" + constraintMapping.getRoles());
|
||||||
|
service.registerConstraintMapping(name, constraintMapping.getUrl(), constraintMapping.getMapping(), constraintMapping.getDataConstraint(), constraintMapping.isAuthentication(), constraintMapping.getRoles(), httpContext);
|
||||||
|
}
|
||||||
|
|
||||||
protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) {
|
protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) {
|
||||||
Constraint constraint = constraintMapping.getConstraint();
|
Constraint constraint = constraintMapping.getConstraint();
|
||||||
String[] roles = constraint.getRoles();
|
String[] roles = constraint.getRoles();
|
||||||
|
@ -178,4 +206,71 @@ public class PaxWebIntegrationService {
|
||||||
service.unregisterConstraintMapping(httpContext);
|
service.unregisterConstraintMapping(httpContext);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private interface ConstraintHandler {
|
||||||
|
boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static class PaxWebConstraintHandler implements ConstraintHandler {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
|
||||||
|
if (cm instanceof PaxWebSecurityConstraintMapping) {
|
||||||
|
PaxWebSecurityConstraintMapping constraintMapping = (PaxWebSecurityConstraintMapping) cm;
|
||||||
|
String name = constraintMapping.getConstraintName();
|
||||||
|
if (name == null) {
|
||||||
|
name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
|
||||||
|
}
|
||||||
|
log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getUrl() + ", dataConstraint=" + constraintMapping.getDataConstraint() + ", canAuthenticate="
|
||||||
|
+ constraintMapping.isAuthentication() + ", roles=" + constraintMapping.getRoles());
|
||||||
|
service.registerConstraintMapping(name, constraintMapping.getUrl(), constraintMapping.getMapping(), constraintMapping.getDataConstraint(), constraintMapping.isAuthentication(), constraintMapping.getRoles(), httpContext);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private static class JettyConstraintHandler implements ConstraintHandler {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
|
||||||
|
if (cm instanceof ConstraintMapping) {
|
||||||
|
ConstraintMapping constraintMapping = (ConstraintMapping) cm;
|
||||||
|
Constraint constraint = constraintMapping.getConstraint();
|
||||||
|
String[] roles = constraint.getRoles();
|
||||||
|
// name property is unavailable on constraint object :/
|
||||||
|
|
||||||
|
String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
|
||||||
|
|
||||||
|
int dataConstraint = constraint.getDataConstraint();
|
||||||
|
String dataConstraintStr;
|
||||||
|
switch (dataConstraint) {
|
||||||
|
case Constraint.DC_UNSET:
|
||||||
|
dataConstraintStr = null;
|
||||||
|
break;
|
||||||
|
case Constraint.DC_NONE:
|
||||||
|
dataConstraintStr = "NONE";
|
||||||
|
break;
|
||||||
|
case Constraint.DC_CONFIDENTIAL:
|
||||||
|
dataConstraintStr = "CONFIDENTIAL";
|
||||||
|
break;
|
||||||
|
case Constraint.DC_INTEGRAL:
|
||||||
|
dataConstraintStr = "INTEGRAL";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
log.warnv("Unknown data constraint: " + dataConstraint);
|
||||||
|
dataConstraintStr = "CONFIDENTIAL";
|
||||||
|
}
|
||||||
|
List<String> rolesList = Arrays.asList(roles);
|
||||||
|
|
||||||
|
log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
|
||||||
|
+ constraint.getAuthenticate() + ", roles=" + rolesList);
|
||||||
|
service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -0,0 +1,73 @@
|
||||||
|
/*
|
||||||
|
* To change this license header, choose License Headers in Project Properties.
|
||||||
|
* To change this template file, choose Tools | Templates
|
||||||
|
* and open the template in the editor.
|
||||||
|
*/
|
||||||
|
package org.keycloak.adapters.osgi;
|
||||||
|
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.util.LinkedList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @author hmlnarik
|
||||||
|
*/
|
||||||
|
public class PaxWebSecurityConstraintMapping {
|
||||||
|
|
||||||
|
private String constraintName = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
|
||||||
|
private String mapping;
|
||||||
|
private String url;
|
||||||
|
private String dataConstraint = "NONE";
|
||||||
|
private boolean authentication = true;
|
||||||
|
private List<String> roles = new LinkedList<>();
|
||||||
|
|
||||||
|
public String getConstraintName() {
|
||||||
|
return constraintName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setConstraintName(String constraintName) {
|
||||||
|
this.constraintName = constraintName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMapping() {
|
||||||
|
return mapping;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMapping(String mapping) {
|
||||||
|
this.mapping = mapping;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUrl() {
|
||||||
|
return url;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUrl(String url) {
|
||||||
|
this.url = url;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getDataConstraint() {
|
||||||
|
return dataConstraint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDataConstraint(String dataConstraint) {
|
||||||
|
this.dataConstraint = dataConstraint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isAuthentication() {
|
||||||
|
return authentication;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAuthentication(boolean authentication) {
|
||||||
|
this.authentication = authentication;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> getRoles() {
|
||||||
|
return roles;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRoles(List<String> roles) {
|
||||||
|
this.roles = roles;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -34,6 +34,7 @@
|
||||||
<module>adapter-core</module>
|
<module>adapter-core</module>
|
||||||
<module>as7-eap6</module>
|
<module>as7-eap6</module>
|
||||||
<module>installed</module>
|
<module>installed</module>
|
||||||
|
<module>fuse7</module>
|
||||||
<module>kcinit</module>
|
<module>kcinit</module>
|
||||||
<module>jaxrs-oauth-client</module>
|
<module>jaxrs-oauth-client</module>
|
||||||
<module>jetty</module>
|
<module>jetty</module>
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
<artifactId>keycloak-examples-fuse-parent</artifactId>
|
<artifactId>keycloak-examples-fuse-parent</artifactId>
|
||||||
<packaging>pom</packaging>
|
<packaging>pom</packaging>
|
||||||
<properties>
|
<properties>
|
||||||
<camel.version>2.17.0</camel.version>
|
<camel.version>2.21.0</camel.version>
|
||||||
</properties>
|
</properties>
|
||||||
<modules>
|
<modules>
|
||||||
<module>customer-app-fuse</module>
|
<module>customer-app-fuse</module>
|
||||||
|
|
9
pom.xml
9
pom.xml
|
@ -59,7 +59,7 @@
|
||||||
<apache.mime4j.version>0.6</apache.mime4j.version>
|
<apache.mime4j.version>0.6</apache.mime4j.version>
|
||||||
<jboss.dmr.version>1.4.1.Final</jboss.dmr.version>
|
<jboss.dmr.version>1.4.1.Final</jboss.dmr.version>
|
||||||
<bouncycastle.version>1.56</bouncycastle.version>
|
<bouncycastle.version>1.56</bouncycastle.version>
|
||||||
<cxf.version>3.1.13</cxf.version>
|
<cxf.version>3.2.0</cxf.version>
|
||||||
<dom4j.version>1.6.1</dom4j.version>
|
<dom4j.version>1.6.1</dom4j.version>
|
||||||
<github.relaxng.version>2011.1</github.relaxng.version>
|
<github.relaxng.version>2011.1</github.relaxng.version>
|
||||||
<h2.version>1.4.193</h2.version>
|
<h2.version>1.4.193</h2.version>
|
||||||
|
@ -105,7 +105,7 @@
|
||||||
<liquibase.version>3.4.1</liquibase.version>
|
<liquibase.version>3.4.1</liquibase.version>
|
||||||
<mysql.version>5.1.29</mysql.version>
|
<mysql.version>5.1.29</mysql.version>
|
||||||
<osgi.version>4.2.0</osgi.version>
|
<osgi.version>4.2.0</osgi.version>
|
||||||
<pax.web.version>4.2.4</pax.web.version>
|
<pax.web.version>7.1.0</pax.web.version>
|
||||||
<postgresql.version>9.3-1100-jdbc41</postgresql.version>
|
<postgresql.version>9.3-1100-jdbc41</postgresql.version>
|
||||||
<mariadb.version>1.3.7</mariadb.version>
|
<mariadb.version>1.3.7</mariadb.version>
|
||||||
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
|
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
|
||||||
|
@ -697,6 +697,11 @@
|
||||||
<artifactId>pax-web-api</artifactId>
|
<artifactId>pax-web-api</artifactId>
|
||||||
<version>${pax.web.version}</version>
|
<version>${pax.web.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.ops4j.pax.web</groupId>
|
||||||
|
<artifactId>pax-web-spi</artifactId>
|
||||||
|
<version>${pax.web.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.jboss.aesh</groupId>
|
<groupId>org.jboss.aesh</groupId>
|
||||||
<artifactId>aesh</artifactId>
|
<artifactId>aesh</artifactId>
|
||||||
|
|
Loading…
Reference in a new issue