KEYCLOAK-5522 Base for Fuse 7 adapter

This commit is contained in:
Hynek Mlnarik 2018-05-18 12:46:13 +02:00 committed by Hynek Mlnařík
parent 06f108df3b
commit ae690e0679
6 changed files with 184 additions and 10 deletions

View file

@ -36,7 +36,7 @@
org.keycloak.adapters.osgi.* org.keycloak.adapters.osgi.*
</keycloak.osgi.export> </keycloak.osgi.export>
<keycloak.osgi.import> <keycloak.osgi.import>
org.ops4j.pax.web.*;version="[3.0,5)", org.ops4j.pax.web.*;version="[3.0,8)",
javax.servlet.*;version="[2.5,4)";resolution:=optional, javax.servlet.*;version="[2.5,4)";resolution:=optional,
org.eclipse.jetty.*;version="[8.1,10)";resolution:=optional, org.eclipse.jetty.*;version="[8.1,10)";resolution:=optional,
org.keycloak.*;version="${project.version}", org.keycloak.*;version="${project.version}",

View file

@ -29,6 +29,7 @@ import org.osgi.util.tracker.ServiceTrackerCustomizer;
import java.net.URL; import java.net.URL;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -47,7 +48,7 @@ public class PaxWebIntegrationService {
private BundleContext bundleContext; private BundleContext bundleContext;
private String jettyWebXmlLocation; private String jettyWebXmlLocation;
private List<ConstraintMapping> constraintMappings; // Using jetty constraint mapping just because of compatibility with other fuse services private List<Object> constraintMappings;
private ServiceTracker webContainerTracker; private ServiceTracker webContainerTracker;
private HttpContext httpContext; private HttpContext httpContext;
@ -68,11 +69,11 @@ public class PaxWebIntegrationService {
this.jettyWebXmlLocation = jettyWebXmlLocation; this.jettyWebXmlLocation = jettyWebXmlLocation;
} }
public List<ConstraintMapping> getConstraintMappings() { public List<Object> getConstraintMappings() {
return constraintMappings; return constraintMappings;
} }
public void setConstraintMappings(List<ConstraintMapping> constraintMappings) { public void setConstraintMappings(List<Object> constraintMappings) {
this.constraintMappings = constraintMappings; this.constraintMappings = constraintMappings;
} }
@ -120,8 +121,25 @@ public class PaxWebIntegrationService {
if (constraintMappings == null) { if (constraintMappings == null) {
throw new IllegalStateException("constraintMappings was null!"); throw new IllegalStateException("constraintMappings was null!");
} }
for (ConstraintMapping constraintMapping : constraintMappings) { List<ConstraintHandler> handlers = new ArrayList<>();
addConstraintMapping(service, constraintMapping); try {
handlers.add(new JettyConstraintHandler());
} catch (Throwable t) {
// Ignore
}
try {
handlers.add(new PaxWebConstraintHandler());
} catch (Throwable t) {
// Ignore
}
for (Object constraintMapping : constraintMappings) {
boolean handled = false;
for (ConstraintHandler handler : handlers) {
handled |= handler.addConstraintMapping(httpContext, service, constraintMapping);
}
if (!handled) {
log.warnv("Unable to add constraint mapping for constraint of type " + constraintMapping.getClass().toString());
}
} }
service.registerLoginConfig("BASIC", "does-not-matter", null, null, httpContext); service.registerLoginConfig("BASIC", "does-not-matter", null, null, httpContext);
@ -146,6 +164,16 @@ public class PaxWebIntegrationService {
} }
} }
protected void addConstraintMapping(WebContainer service, PaxWebSecurityConstraintMapping constraintMapping) {
String name = constraintMapping.getConstraintName();
if (name == null) {
name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
}
log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getUrl() + ", dataConstraint=" + constraintMapping.getDataConstraint() + ", canAuthenticate="
+ constraintMapping.isAuthentication() + ", roles=" + constraintMapping.getRoles());
service.registerConstraintMapping(name, constraintMapping.getUrl(), constraintMapping.getMapping(), constraintMapping.getDataConstraint(), constraintMapping.isAuthentication(), constraintMapping.getRoles(), httpContext);
}
protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) { protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) {
Constraint constraint = constraintMapping.getConstraint(); Constraint constraint = constraintMapping.getConstraint();
String[] roles = constraint.getRoles(); String[] roles = constraint.getRoles();
@ -178,4 +206,71 @@ public class PaxWebIntegrationService {
service.unregisterConstraintMapping(httpContext); service.unregisterConstraintMapping(httpContext);
} }
} }
private interface ConstraintHandler {
boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm);
}
private static class PaxWebConstraintHandler implements ConstraintHandler {
@Override
public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
if (cm instanceof PaxWebSecurityConstraintMapping) {
PaxWebSecurityConstraintMapping constraintMapping = (PaxWebSecurityConstraintMapping) cm;
String name = constraintMapping.getConstraintName();
if (name == null) {
name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
}
log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getUrl() + ", dataConstraint=" + constraintMapping.getDataConstraint() + ", canAuthenticate="
+ constraintMapping.isAuthentication() + ", roles=" + constraintMapping.getRoles());
service.registerConstraintMapping(name, constraintMapping.getUrl(), constraintMapping.getMapping(), constraintMapping.getDataConstraint(), constraintMapping.isAuthentication(), constraintMapping.getRoles(), httpContext);
return true;
}
return false;
}
}
private static class JettyConstraintHandler implements ConstraintHandler {
@Override
public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
if (cm instanceof ConstraintMapping) {
ConstraintMapping constraintMapping = (ConstraintMapping) cm;
Constraint constraint = constraintMapping.getConstraint();
String[] roles = constraint.getRoles();
// name property is unavailable on constraint object :/
String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
int dataConstraint = constraint.getDataConstraint();
String dataConstraintStr;
switch (dataConstraint) {
case Constraint.DC_UNSET:
dataConstraintStr = null;
break;
case Constraint.DC_NONE:
dataConstraintStr = "NONE";
break;
case Constraint.DC_CONFIDENTIAL:
dataConstraintStr = "CONFIDENTIAL";
break;
case Constraint.DC_INTEGRAL:
dataConstraintStr = "INTEGRAL";
break;
default:
log.warnv("Unknown data constraint: " + dataConstraint);
dataConstraintStr = "CONFIDENTIAL";
}
List<String> rolesList = Arrays.asList(roles);
log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
+ constraint.getAuthenticate() + ", roles=" + rolesList);
service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
return true;
}
return false;
}
}
} }

View file

@ -0,0 +1,73 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.keycloak.adapters.osgi;
import java.security.SecureRandom;
import java.util.LinkedList;
import java.util.List;
/**
*
* @author hmlnarik
*/
public class PaxWebSecurityConstraintMapping {
private String constraintName = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
private String mapping;
private String url;
private String dataConstraint = "NONE";
private boolean authentication = true;
private List<String> roles = new LinkedList<>();
public String getConstraintName() {
return constraintName;
}
public void setConstraintName(String constraintName) {
this.constraintName = constraintName;
}
public String getMapping() {
return mapping;
}
public void setMapping(String mapping) {
this.mapping = mapping;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public String getDataConstraint() {
return dataConstraint;
}
public void setDataConstraint(String dataConstraint) {
this.dataConstraint = dataConstraint;
}
public boolean isAuthentication() {
return authentication;
}
public void setAuthentication(boolean authentication) {
this.authentication = authentication;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(List<String> roles) {
this.roles = roles;
}
}

View file

@ -34,6 +34,7 @@
<module>adapter-core</module> <module>adapter-core</module>
<module>as7-eap6</module> <module>as7-eap6</module>
<module>installed</module> <module>installed</module>
<module>fuse7</module>
<module>kcinit</module> <module>kcinit</module>
<module>jaxrs-oauth-client</module> <module>jaxrs-oauth-client</module>
<module>jetty</module> <module>jetty</module>

View file

@ -30,7 +30,7 @@
<artifactId>keycloak-examples-fuse-parent</artifactId> <artifactId>keycloak-examples-fuse-parent</artifactId>
<packaging>pom</packaging> <packaging>pom</packaging>
<properties> <properties>
<camel.version>2.17.0</camel.version> <camel.version>2.21.0</camel.version>
</properties> </properties>
<modules> <modules>
<module>customer-app-fuse</module> <module>customer-app-fuse</module>

View file

@ -59,7 +59,7 @@
<apache.mime4j.version>0.6</apache.mime4j.version> <apache.mime4j.version>0.6</apache.mime4j.version>
<jboss.dmr.version>1.4.1.Final</jboss.dmr.version> <jboss.dmr.version>1.4.1.Final</jboss.dmr.version>
<bouncycastle.version>1.56</bouncycastle.version> <bouncycastle.version>1.56</bouncycastle.version>
<cxf.version>3.1.13</cxf.version> <cxf.version>3.2.0</cxf.version>
<dom4j.version>1.6.1</dom4j.version> <dom4j.version>1.6.1</dom4j.version>
<github.relaxng.version>2011.1</github.relaxng.version> <github.relaxng.version>2011.1</github.relaxng.version>
<h2.version>1.4.193</h2.version> <h2.version>1.4.193</h2.version>
@ -105,7 +105,7 @@
<liquibase.version>3.4.1</liquibase.version> <liquibase.version>3.4.1</liquibase.version>
<mysql.version>5.1.29</mysql.version> <mysql.version>5.1.29</mysql.version>
<osgi.version>4.2.0</osgi.version> <osgi.version>4.2.0</osgi.version>
<pax.web.version>4.2.4</pax.web.version> <pax.web.version>7.1.0</pax.web.version>
<postgresql.version>9.3-1100-jdbc41</postgresql.version> <postgresql.version>9.3-1100-jdbc41</postgresql.version>
<mariadb.version>1.3.7</mariadb.version> <mariadb.version>1.3.7</mariadb.version>
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version> <servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
@ -697,6 +697,11 @@
<artifactId>pax-web-api</artifactId> <artifactId>pax-web-api</artifactId>
<version>${pax.web.version}</version> <version>${pax.web.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.ops4j.pax.web</groupId>
<artifactId>pax-web-spi</artifactId>
<version>${pax.web.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.jboss.aesh</groupId> <groupId>org.jboss.aesh</groupId>
<artifactId>aesh</artifactId> <artifactId>aesh</artifactId>