diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java index 25e0b06dae..1334d92747 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java @@ -16,6 +16,8 @@ public class RealmRepresentation { protected boolean enabled; protected boolean sslNotRequired; protected boolean cookieLoginAllowed; + protected String privateKey; + protected String publicKey; protected Set roles; protected List requiredCredentials; protected List users; @@ -151,4 +153,20 @@ public class RealmRepresentation { public void setRoles(Set roles) { this.roles = roles; } + + public String getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(String privateKey) { + this.privateKey = privateKey; + } + + public String getPublicKey() { + return publicKey; + } + + public void setPublicKey(String publicKey) { + this.publicKey = publicKey; + } } diff --git a/examples/as7-eap-demo/customer-app/pom.xml b/examples/as7-eap-demo/customer-app/pom.xml new file mode 100755 index 0000000000..acd75e4bd1 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/pom.xml @@ -0,0 +1,79 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + customer-portal-example + war + Customer Portal - Secured via Valve + + + + + jboss + jboss repo + http://repository.jboss.org/nexus/content/groups/public/ + + + + + + junit + junit + 4.1 + test + + + javax.servlet + servlet-api + provided + + + org.jboss.resteasy + resteasy-client + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-as7-adapter + ${project.version} + + + + + customer-portal + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java b/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java new file mode 100755 index 0000000000..a50ccacab8 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java @@ -0,0 +1,36 @@ +package org.jboss.resteasy.example.oauth; + +import org.jboss.resteasy.client.jaxrs.ResteasyClient; +import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; +import org.keycloak.SkeletonKeySession; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.GenericType; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; +import java.util.List; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class CustomerDatabaseClient +{ + public static List getCustomers(HttpServletRequest request) + { + SkeletonKeySession session = (SkeletonKeySession)request.getAttribute(SkeletonKeySession.class.getName()); + ResteasyClient client = new ResteasyClientBuilder() + .trustStore(session.getMetadata().getTruststore()) + .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build(); + try + { + Response response = client.target("http://localhost:8080/database/customers").request() + .header(HttpHeaders.AUTHORIZATION, "Bearer " + session.getToken()).get(); + return response.readEntity(new GenericType>(){}); + } + finally + { + client.close(); + } + } +} diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 0000000000..1469973bc4 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100755 index 0000000000..3cec19cc47 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + org.keycloak.adapters.as7.OAuthManagedResourceValve + + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json new file mode 100755 index 0000000000..6d2cac8879 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json @@ -0,0 +1,11 @@ +{ + "realm" : "demo", + "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", + "auth-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/auth/request", + "code-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes", + "ssl-not-required" : true, + "client-id" : "customer-portal", + "client-credentials" : { + "password" : "password" + } +} diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 0000000000..b25af94e1b --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,46 @@ + + + + + Admins + /admin/* + + + admin + + + + + Customers + /customers/* + + + user + + + + + + + BASIC + commerce + + + + admin + + + user + + diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp new file mode 100644 index 0000000000..e132e3701f --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp @@ -0,0 +1,11 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Customer Admin Iterface + + +

Customer Admin Interface

+User <%=request.getUserPrincipal().getName()%> made this request. + + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp new file mode 100644 index 0000000000..f6bd0c5277 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp @@ -0,0 +1,23 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Customer View Page + + +

Goto: products | logout

+User <%=request.getUserPrincipal().getName()%> made this request. +

Customer Listing

+<% +java.util.List list = org.jboss.resteasy.example.oauth.CustomerDatabaseClient.getCustomers(request); +for (String cust : list) +{ + out.print("

"); + out.print(cust); + out.println("

"); + +} +%> +

+ + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/index.html b/examples/as7-eap-demo/customer-app/src/main/webapp/index.html new file mode 100644 index 0000000000..7b164dfeaf --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/index.html @@ -0,0 +1,14 @@ + + + + + + +

Customer Portal

+ +

Customer Listing

+

Customer Admin Interface

+ + + \ No newline at end of file diff --git a/examples/as7-eap-demo/database-service/pom.xml b/examples/as7-eap-demo/database-service/pom.xml new file mode 100755 index 0000000000..c202657b83 --- /dev/null +++ b/examples/as7-eap-demo/database-service/pom.xml @@ -0,0 +1,73 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + database-service + war + JAX-RS Database Service Using OAuth Bearer Tokens + + http://maven.apache.org + + + + jboss + jboss repo + http://repository.jboss.org/nexus/content/groups/public/ + + + + + + junit + junit + 4.1 + test + + + org.jboss.resteasy + resteasy-client + provided + + + org.jboss.resteasy + resteasy-client + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-as7-adapter + ${project.version} + + + + + database + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java new file mode 100644 index 0000000000..c6a0efc9db --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java @@ -0,0 +1,26 @@ +package org.jboss.resteasy.example.oauth; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@Path("customers") +public class CustomerService +{ + @GET + @Produces("application/json") + public List getCustomers() + { + ArrayList rtn = new ArrayList(); + rtn.add("Bill Burke"); + rtn.add("Ron Sigal"); + rtn.add("Weinan Li"); + return rtn; + } +} diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java new file mode 100644 index 0000000000..673ad167e6 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java @@ -0,0 +1,13 @@ +package org.jboss.resteasy.example.oauth; + +import javax.ws.rs.ApplicationPath; +import javax.ws.rs.core.Application; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@ApplicationPath("/") +public class DataApplication extends Application +{ +} diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java new file mode 100644 index 0000000000..8515dfe934 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java @@ -0,0 +1,26 @@ +package org.jboss.resteasy.example.oauth; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@Path("products") +public class ProductService +{ + @GET + @Produces("application/json") + public List getProducts() + { + ArrayList rtn = new ArrayList(); + rtn.add("iphone"); + rtn.add("ipad"); + rtn.add("ipod"); + return rtn; + } +} diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 0000000000..f1f1ffa354 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100755 index 0000000000..d1ca3931f9 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + org.keycloak.adapters.as7.BearerTokenAuthenticatorValve + + \ No newline at end of file diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json new file mode 100755 index 0000000000..156706f4e4 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json @@ -0,0 +1,4 @@ +{ + "realm" : "demo", + "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB" +} diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 0000000000..c19ce80907 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,26 @@ + + + + + /* + + + + user + + + + + BASIC + commerce + + + + user + + diff --git a/examples/as7-eap-demo/product-app/pom.xml b/examples/as7-eap-demo/product-app/pom.xml new file mode 100755 index 0000000000..07ea37a0b4 --- /dev/null +++ b/examples/as7-eap-demo/product-app/pom.xml @@ -0,0 +1,79 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + product-portal-example + war + Product Portal - Secured via Valve + + + + + jboss + jboss repo + http://repository.jboss.org/nexus/content/groups/public/ + + + + + + junit + junit + 4.1 + test + + + javax.servlet + servlet-api + provided + + + org.jboss.resteasy + resteasy-client + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-as7-adapter + ${project.version} + + + + + product-portal + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 0000000000..1469973bc4 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100755 index 0000000000..3cec19cc47 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + org.keycloak.adapters.as7.OAuthManagedResourceValve + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json new file mode 100755 index 0000000000..095cd12f2a --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json @@ -0,0 +1,11 @@ +{ + "realm" : "demo", + "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", + "auth-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/auth/request", + "code-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes", + "ssl-not-required" : true, + "client-id" : "product-portal", + "client-credentials" : { + "password" : "password" + } +} diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 0000000000..c9bc655000 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,46 @@ + + + + + Admins + /admin/* + + + admin + + + + + Products + /products/* + + + user + + + + + + BASIC + commerce + + + + admin + + + user + + diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp new file mode 100644 index 0000000000..b6448d7738 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp @@ -0,0 +1,11 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Product Admin Interface + + +

Product Admin Interface

+User <%=request.getUserPrincipal().getName()%> made this request. + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/index.html b/examples/as7-eap-demo/product-app/src/main/webapp/index.html new file mode 100644 index 0000000000..e30ebc5c1c --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/index.html @@ -0,0 +1,14 @@ + + + + + + +

Product Portal

+ +

Product Listing

+

Admin Interface

+ + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp new file mode 100644 index 0000000000..5a9a6410e6 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp @@ -0,0 +1,23 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Product View Page + + +

Goto: customers | logout

+User <%=request.getUserPrincipal().getName()%> made this request. +

Product Listing

+<% +java.util.List list = org.jboss.resteasy.example.oauth.ProductDatabaseClient.getProducts(request); +for (String cust : list) +{ + out.print("

"); + out.print(cust); + out.println("

"); + +} +%> +

+ + \ No newline at end of file diff --git a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json index 40e0fd35b1..2d8d016b6b 100755 --- a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json +++ b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json @@ -3,6 +3,8 @@ "enabled" : true, "tokenLifespan" : 6000, "accessCodeLifespan" : 30, + "privateKey" : "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=", + "publicKey" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", "requiredCredentials" : [ { "type" : "Password", @@ -12,90 +14,47 @@ ], "users" : [ { - "username" : "wburke", + "username" : "bburke@redhat.com", "enabled" : true, "attributes" : { "email" : "bburke@redhat.com" }, "credentials" : [ { "type" : "Password", - "value" : "userpassword" } + "value" : "password" } ] }, { - "username" : "loginclient", + "username" : "customer-portal", "enabled" : true, "credentials" : [ { "type" : "Password", - "value" : "clientpassword" } + "value" : "password" } ] }, { - "username" : "admin", + "username" : "product-portal", "enabled" : true, "credentials" : [ { "type" : "Password", - "value" : "adminpassword" } - ] - }, - { - "username" : "oauthclient", - "enabled" : true, - "credentials" : [ - { "type" : "Password", - "value" : "clientpassword" } + "value" : "password" } ] } ], "roleMappings" : [ { - "username" : "admin", - "roles" : ["admin"] + "username" : "bburke@redhat.com", + "roles" : ["user"] } ], "scopeMappings" : [ { - "username" : "loginclient", + "username" : "customer-portal", + "roles" : ["*"] + }, + { + "username" : "product-portal", "roles" : ["*"] } - ], - "resources" : [ - { - "name" : "Application", - "roles" : ["admin", "user"], - "roleMappings" : [ - { - "username" : "wburke", - "roles" : ["user"] - }, - { - "username" : "admin", - "roles" : ["admin"] - } - ], - "scopeMappings" : [ - { - "username" : "oauthclient", - "roles" : ["user"] - } - ] - }, - { - "name" : "OtherApp", - "roles" : ["admin", "user"], - "roleMappings" : [ - { - "username" : "wburke", - "roles" : ["user"] - }, - { - "username" : "admin", - "roles" : ["admin"] - } - ] - } - ] - - } \ No newline at end of file diff --git a/examples/pom.xml b/examples/pom.xml index 5e5a46fbd3..1fb476f5b6 100755 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -14,7 +14,29 @@ examples-pom pom + + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.1.1.Final + + true + + + + as7-eap-demo/server + as7-eap-demo/customer-app + as7-eap-demo/product-app + as7-eap-demo/database-service diff --git a/integration/as7-eap6/adapter/pom.xml b/integration/as7-eap6/adapter/pom.xml index b4ad78f447..69c4ff1188 100755 --- a/integration/as7-eap6/adapter/pom.xml +++ b/integration/as7-eap6/adapter/pom.xml @@ -28,12 +28,13 @@ org.jboss.resteasy jose-jwt + provided org.jboss.spec.javax.servlet jboss-servlet-api_3.0_spec - provided 1.0.0.Final + provided org.jboss.resteasy @@ -56,12 +57,13 @@ org.jboss.as jboss-as-web 7.1.2.Final + provided org.picketbox picketbox - provided 4.0.7.Final + provided junit diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java index 2fc961d18b..b87ed0bc85 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java @@ -46,9 +46,9 @@ public class BearerTokenAuthenticatorValve extends AuthenticatorBase implements protected void init() { ManagedResourceConfigLoader managedResourceConfigLoader = new ManagedResourceConfigLoader(context); - resourceMetadata = managedResourceConfigLoader.getResourceMetadata(); remoteSkeletonKeyConfig = managedResourceConfigLoader.getRemoteSkeletonKeyConfig(); managedResourceConfigLoader.init(false); + resourceMetadata = managedResourceConfigLoader.getResourceMetadata(); } @Override diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java index 77922a28ef..6c1385cd2a 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java @@ -82,6 +82,7 @@ public class OAuthManagedResourceValve extends FormAuthenticator implements Life } realmConfiguration.setMetadata(resourceMetadata); realmConfiguration.setClientId(client_id); + realmConfiguration.setSslRequired(!remoteSkeletonKeyConfig.isSslNotRequired()); for (Map.Entry entry : managedResourceConfigLoader.getRemoteSkeletonKeyConfig().getClientCredentials().entrySet()) { realmConfiguration.getCredentials().param(entry.getKey(), entry.getValue()); diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java index e3db0e34c7..8e177a8c22 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java @@ -7,6 +7,7 @@ import org.keycloak.RealmConfiguration; import org.keycloak.VerificationException; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.SkeletonKeyToken; +import org.keycloak.representations.idm.RequiredCredentialRepresentation; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; @@ -77,6 +78,7 @@ public class ServletOAuthLogin { protected void sendRedirect(String url) { try { + log.info("Sending redirect to: " + url); response.sendRedirect(url); } catch (IOException e) { throw new RuntimeException(e); @@ -223,18 +225,26 @@ public class ServletOAuthLogin { String client_id = realmInfo.getClientId(); String password = realmInfo.getCredentials().asMap().getFirst("password"); - String authHeader = BasicAuthHelper.createHeader(client_id, password); + //String authHeader = BasicAuthHelper.createHeader(client_id, password); String redirectUri = stripOauthParametersFromRedirect(); Form form = new Form(); form.param("grant_type", "authorization_code") .param("code", code) + .param("client_id", client_id) + .param(RequiredCredentialRepresentation.PASSWORD, password) .param("redirect_uri", redirectUri); - Response res = realmInfo.getCodeUrl().request().header(HttpHeaders.AUTHORIZATION, authHeader).post(Entity.form(form)); + Response res = realmInfo.getCodeUrl().request() + //.header(HttpHeaders.AUTHORIZATION, authHeader) + .post(Entity.form(form)); AccessTokenResponse tokenResponse; try { if (res.getStatus() != 200) { log.error("failed to turn code into token"); + log.error("status from server: " + res.getStatus()); + if (res.getStatus() == 400 && res.getMediaType() != null) { + log.error(" " + res.readEntity(String.class)); + } sendError(Response.Status.FORBIDDEN.getStatusCode()); return false; } @@ -248,7 +258,7 @@ public class ServletOAuthLogin { tokenString = tokenResponse.getToken(); try { token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata()); - log.debug("Verification succeeded!"); + log.info("Token Verification succeeded!"); } catch (VerificationException e) { log.error("failed verification of token"); sendError(Response.Status.FORBIDDEN.getStatusCode()); diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java index 140a69252c..756950c210 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java @@ -27,6 +27,8 @@ public class ManagedResourceConfig { @JsonProperty("code-url") protected String codeUrl; + @JsonProperty("ssl-not-required") + protected boolean sslNotRequired; @JsonProperty("allow-any-hostname") protected boolean allowAnyHostname; @JsonProperty("disable-trust-manager") @@ -50,6 +52,14 @@ public class ManagedResourceConfig { @JsonProperty("cancel-propagation") protected boolean cancelPropagation; + public boolean isSslNotRequired() { + return sslNotRequired; + } + + public void setSslNotRequired(boolean sslNotRequired) { + this.sslNotRequired = sslNotRequired; + } + public String getRealmUrl() { return realmUrl; } diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java index d40dd88781..e55c3c71b4 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java @@ -82,7 +82,6 @@ public class ManagedResourceConfigLoader { initClient(); - String realm = remoteSkeletonKeyConfig.getRealm(); if (remoteSkeletonKeyConfig.getRealmUrl() != null) { PublishedRealmRepresentation rep = null; @@ -99,7 +98,11 @@ public class ManagedResourceConfigLoader { remoteSkeletonKeyConfig.setRealmKey(rep.getPublicKeyPem()); remoteSkeletonKeyConfig.setAdminRole(rep.getAdminRole()); } + if (remoteSkeletonKeyConfig.getAdminRole() == null) { + remoteSkeletonKeyConfig.setAdminRole("$REALM-ADMIN$"); + } + String realm = remoteSkeletonKeyConfig.getRealm(); String resource = remoteSkeletonKeyConfig.getResource(); if (realm == null) throw new RuntimeException("Must set 'realm' in config"); diff --git a/services/pom.xml b/services/pom.xml index 87fa920dd3..fbfe298fdf 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -13,6 +13,11 @@ + + org.bouncycastle + bcprov-jdk16 + provided + org.keycloak keycloak-core diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index f1828f72d2..e9d879ef61 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -97,13 +97,19 @@ public class RealmManager { public void importRealm(RealmRepresentation rep, RealmModel newRealm) { - generateRealmKeys(newRealm); newRealm.setName(rep.getRealm()); newRealm.setEnabled(rep.isEnabled()); newRealm.setTokenLifespan(rep.getTokenLifespan()); newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); newRealm.setSslNotRequired(rep.isSslNotRequired()); newRealm.setCookieLoginAllowed(rep.isCookieLoginAllowed()); + if (rep.getPrivateKey() == null || rep.getPublicKey() == null) { + generateRealmKeys(newRealm); + } else { + newRealm.setPrivateKeyPem(rep.getPrivateKey()); + newRealm.setPublicKeyPem(rep.getPublicKey()); + } + newRealm.updateRealm(); diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index ca9eb6adef..c5cf4008e9 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -55,7 +55,6 @@ public class RealmsResource { @Path("{realm}/tokens") public TokenService getTokenService(@PathParam("realm") String id) { - logger.info("**** HERE token service****"); RealmManager realmManager = new RealmManager(identitySession); RealmModel realm = realmManager.getRealm(id); if (realm == null) { @@ -71,7 +70,6 @@ public class RealmsResource { @Path("{realm}") public RealmSubResource getRealmResource(@PathParam("realm") String id) { - logger.info("**** HERE @Path {realm} ****"); RealmManager realmManager = new RealmManager(identitySession); RealmModel realm = realmManager.getRealm(id); if (realm == null) { diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index c03a01a91f..ca761ef462 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -201,6 +201,7 @@ public class TokenService { @POST @Produces("application/json") public Response accessRequest(MultivaluedMap formData) { + logger.info("accessRequest <---"); if (!realm.isEnabled()) { throw new NotAuthorizedException("Realm not enabled"); } @@ -286,6 +287,7 @@ public class TokenService { res.put("error_description", "Auth error"); return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build(); } + logger.info("accessRequest SUCCESS"); AccessTokenResponse res = accessTokenResponse(realm.getPrivateKey(), accessCode.getToken()); return Response.ok(res).build(); diff --git a/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java b/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java new file mode 100755 index 0000000000..4f034d41cd --- /dev/null +++ b/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java @@ -0,0 +1,49 @@ +package org.keycloak.test; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMWriter; +import org.jboss.resteasy.security.PemUtils; +import org.keycloak.services.models.RealmModel; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.Security; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class RealmKeyGenerator { + static { + if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); + } + public static void main(String[] args) throws Exception { + KeyPair keyPair = null; + try { + keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + + System.out.println("privateKey : " + printKey(keyPair.getPrivate())); + System.out.println("publicKey : " + printKey(keyPair.getPublic())); + } + + private static String printKey(Object key){ + StringWriter writer = new StringWriter(); + PEMWriter pemWriter = new PEMWriter(writer); + try { + pemWriter.writeObject(key); + pemWriter.flush(); + } catch (IOException e) { + throw new RuntimeException(e); + } + String s = writer.toString(); + return PemUtils.removeBeginEnd(s); + + } +}