Merge pull request #2974 from mposolda/master

KEYCLOAK-3194 Fix fuse adapter. Remove karaf related steps from README
This commit is contained in:
Marek Posolda 2016-06-27 22:17:31 +02:00 committed by GitHub
commit bc82f18acb
4 changed files with 61 additions and 28 deletions

View file

@ -17,6 +17,17 @@
<name>KeyCloak Authz: Client API</name>
<description>KeyCloak AuthZ: Client API</description>
<properties>
<keycloak.osgi.export>
org.keycloak.authorization.client.*
</keycloak.osgi.export>
<keycloak.osgi.import>
org.keycloak.*;version="${project.version}",
org.apache.http.*;version=${apache.httpcomponents.version},
*;resolution:=optional
</keycloak.osgi.import>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
@ -50,4 +61,41 @@
</dependency>
</dependencies>
<build>
<plugins>
<!-- Adding OSGI metadata to the JAR without changing the packaging type. -->
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<executions>
<execution>
<id>bundle-manifest</id>
<phase>process-classes</phase>
<goals>
<goal>manifest</goal>
</goals>
</execution>
</executions>
<configuration>
<instructions>
<Bundle-ClassPath>.</Bundle-ClassPath>
<Bundle-Name>${project.name}</Bundle-Name>
<Bundle-SymbolicName>${project.groupId}.${project.artifactId}</Bundle-SymbolicName>
<Import-Package>${keycloak.osgi.import}</Import-Package>
<Export-Package>${keycloak.osgi.export}</Export-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
</project>

View file

@ -32,6 +32,7 @@
<bundle dependency="true">mvn:org.jboss.logging/jboss-logging/${jboss.logging.version}</bundle>
<bundle>mvn:org.keycloak/keycloak-common/${project.version}</bundle>
<bundle>mvn:org.keycloak/keycloak-core/${project.version}</bundle>
<bundle>mvn:org.keycloak/keycloak-authz-client/${project.version}</bundle>
<bundle>mvn:org.keycloak/keycloak-adapter-spi/${project.version}</bundle>
<bundle>mvn:org.keycloak/keycloak-adapter-core/${project.version}</bundle>
</feature>

View file

@ -5,12 +5,15 @@ Currently Keycloak supports securing your web applications running inside [JBoss
- Jetty8 adapter for both JBoss Fuse 6.2 and Apache Karaf 3, that include [Jetty8](http://eclipse.org/jetty/) server under the covers and Jetty is used for running various kinds of web applications
- Jetty9 adapter for both JBoss Fuse 6.3 and Apache Karaf 4, that include [Jetty9](http://eclipse.org/jetty/) server under the covers and Jetty is used for running various kinds of web applications
The Fuse example is slightly modified version of Keycloak base demo applications. The main difference among base demo is that for Fuse demo
are applications running on separate Fuse/Karaf server. Keycloak server is supposed to run separately on Wildfly.
**WARNING:** Running your applications inside standalone Apache Karaf may work, however we are testing just with JBoss Fuse and not with standalone Karaf server.
So if you really want adapter on standalone Karaf server, it's up to you to figure exact steps to have it working.
What is supported for Fuse/Karaf is:
* Security for classic WAR applications deployed on Fuse/Karaf with [pax-war extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+War).
* Security for servlets deployed on Fuse/Karaf as OSGI services with [pax-whiteboard extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+Whiteboard).
The Fuse example is slightly modified version of Keycloak base demo applications. The main difference among base demo is that for Fuse demo
are applications running on separate Fuse server. Keycloak server is supposed to run separately on Wildfly.
What is supported for Fuse is:
* Security for classic WAR applications deployed on Fuse with [pax-war extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+War).
* Security for servlets deployed on Fuse as OSGI services with [pax-whiteboard extender](https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+Whiteboard).
* Security for [Apache Camel](http://camel.apache.org/) Jetty endpoints running with [camel-jetty](http://camel.apache.org/jetty.html) component.
* Security for [Apache CXF](http://cxf.apache.org/) endpoints running on their own separate [Jetty engine](http://cxf.apache.org/docs/jetty-configuration.html).
Supports both securing JAX-RS and JAX-WS endpoints.
@ -27,7 +30,7 @@ The customer-app-fuse invokes the endpoint to get data
* **cxf-jaxws** [Apache CXF](http://cxf.apache.org/) JAX-WS endpoint running on separate Jetty engine on [http://localhost:8282/PersonServiceCF](http://localhost:8282/PersonServiceCF).
The product-app-fuse invokes the endpoint to get data.
Running of demo consists of 2 steps. First you need to run separate Keycloak server and then Fuse/Karaf server with the applications
Running of demo consists of 2 steps. First you need to run separate Keycloak server and then Fuse server with the applications
Base steps
----------
@ -74,25 +77,6 @@ features:addurl mvn:org.keycloak.example.demo/keycloak-fuse-example-features/1.9
features:install keycloak-fuse-6.3-example
```
Running demo on Apache Karaf 3.0.3
----------------------------------
Demo is using Apache camel and Apache CXF, which are not in standalone Karaf by default. So you will need to install feature repositories for both of them.
Next step is to add feature repository for main set of Keycloak karaf features and for the demo. Once all feature URLs are added, you just need to install `keycloak-fuse-example` feature,
which automatically installs all other needed stuff.
Once you run Apache Karaf, you need to run these commands from Karaf console (Make sure to replace keycloak versions in the example with actual Keycloak version):
```
feature:repo-add mvn:org.apache.camel.karaf/apache-camel/2.15.1/xml/features
feature:repo-add mvn:org.apache.cxf.karaf/apache-cxf/3.0.4/xml/features
feature:repo-add mvn:org.keycloak/keycloak-osgi-features/1.9.4.Final/xml/features
feature:repo-add mvn:org.keycloak.example.demo/keycloak-fuse-example-features/1.9.4.Final/xml/features
feature:install keycloak-fuse-example
```
Now you can test example applications similarly like described for "JBoss Fuse 6.2" section.
How to secure your own applications
-----------------------------------

View file

@ -70,15 +70,15 @@ may be still able to access MBeans remotely via HTTP (Hawtio). So make sure to p
really protect JMX mbeans.
SSH and JMX on JBoss Fuse 6.2 and Apache Karaf 3.0.3
----------------------------------------------------
SSH and JMX on JBoss Fuse 6.2
-----------------------------
For SSH steps are very similar to above for 6.1. In JBoss Fuse 6.2 you may need to install `ssh` feature as it doesn't seem to be installed here by default.
```
features:install ssh
```
For JMX, the steps are similar like for Fuse 6.1, however there is more fine grained authorization for JMX access in Fuse 6.2 and Karaf 3.
For JMX, the steps are similar like for Fuse 6.1, however there is more fine grained authorization for JMX access in Fuse 6.2.
Actually if you login as user `admin`, you have very limited privileges without possibility to do much JMX operations as this user has just `admin` role, which is not allowed to do much in JMX.