From c3bc77206adba90f262666e2bd9802ead5c3c105 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Fri, 10 Jun 2016 07:37:09 +0200 Subject: [PATCH] Fixes --- check.sh | 41 ++++++++++++++++++++ topics/oidc/java/application-clustering.adoc | 4 +- topics/oidc/java/fuse-adapter.adoc | 2 + topics/oidc/java/fuse/cxf-builtin.adoc | 2 +- topics/oidc/java/java-adapter-config.adoc | 2 +- topics/oidc/java/logout.adoc | 2 +- topics/oidc/oidc-generic.adoc | 4 +- topics/saml/java/idp-registration.adoc | 2 +- topics/saml/java/logout.adoc | 2 +- 9 files changed, 52 insertions(+), 9 deletions(-) create mode 100755 check.sh diff --git a/check.sh b/check.sh new file mode 100755 index 0000000000..0c012cb723 --- /dev/null +++ b/check.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +if [ "$1" == "" ]; then + DOC="target/master.html" +else + DOC="$1/target/master.html" +fi + +for i in `cat $DOC | grep -o -e 'href="[^"]*"' | cut -d '"' -f 2`; do + if ( echo $i | grep '^#' &>/dev/null ); then + i=`echo $i | sed 's/#//'` + if ( ! cat $DOC | grep "id=\"$i\"" &>/dev/null ); then + echo "Missing link: $i" + ERROR=1 + fi + else + if ( echo $i | grep 'redhat.com' &>/dev/null ); then + if ( ! curl --insecure -s $i | grep "attributes.set('Name'" &>/dev/null ); then + echo "Invalid link: $i" + ERROR=1 + fi + elif ( ! curl --output /dev/null --silent --head --fail "$i" --connect-timeout 2 ); then + echo "Invalid link: $i" + ERROR=1 + fi + fi +done + +if ( cat $DOC | grep ifeval &>/dev/null ); then + echo "Found ifeval in text" + ERROR=1 +fi + +for i in `cat $DOC | grep -o -e '{book_[^}]*}' | sed 's/{//' | sed 's/}//'`; do + echo "Invalid attribute: $i" + ERROR=1 +done + +if [ $ERROR ]; then + exit 1 +fi diff --git a/topics/oidc/java/application-clustering.adoc b/topics/oidc/java/application-clustering.adoc index 4f43429c68..798d7347e8 100644 --- a/topics/oidc/java/application-clustering.adoc +++ b/topics/oidc/java/application-clustering.adoc @@ -47,8 +47,8 @@ convenient to use relative URI options in your client configuration. With relative URIs the URI is resolved as relative to the URL of the URL used to access {{book.project.name}}. -For example if the URL to your application is `https://acme.org/myapp` and the URL to {{book.project.name}} is `https://acme.org/auth`, then you can use -the redirect-uri `/myapp` instead of `https://acme.org/myapp`. +For example if the URL to your application is `$$https://acme.org/myapp$$` and the URL to {{book.project.name}} is `$$https://acme.org/auth$$`, then you can use +the redirect-uri `/myapp` instead of `$$https://acme.org/myapp$$`. ===== Admin URL configuration diff --git a/topics/oidc/java/fuse-adapter.adoc b/topics/oidc/java/fuse-adapter.adoc index b8e8ca6a4b..53057c9282 100755 --- a/topics/oidc/java/fuse-adapter.adoc +++ b/topics/oidc/java/fuse-adapter.adoc @@ -5,8 +5,10 @@ NOTE: JBoss Fuse is a Technology Preview feature and is not fully supported Currently {{book.project.name}} supports securing your web applications running inside http://www.jboss.org/products/fuse/overview/[JBoss Fuse] . +{% if book.community %} It leverages <> as both JBoss Fuse 6.2 are bundled with http://eclipse.org/jetty/[Jetty 8.1 server] under the covers and Jetty is used for running various kinds of web applications. +{% endif %} What is supported for Fuse is: diff --git a/topics/oidc/java/fuse/cxf-builtin.adoc b/topics/oidc/java/fuse/cxf-builtin.adoc index 99a7f1761e..8fb2c01501 100644 --- a/topics/oidc/java/fuse/cxf-builtin.adoc +++ b/topics/oidc/java/fuse/cxf-builtin.adoc @@ -3,7 +3,7 @@ ===== Secure Apache CXF Endpoint on default Jetty Engine Some services automatically come with deployed servlets on startup. One of such services is CXF servlet running on -http://localhost:8181/cxf context. Securing such endpoints is quite tricky. The approach, which {{book.project.name}} is currently using, +$$http://localhost:8181/cxf$$ context. Securing such endpoints is quite tricky. The approach, which {{book.project.name}} is currently using, is providing ServletReregistrationService, which undeploys builtin servlet at startup, so you are able to re-deploy it again on context secured by {{book.project.name}}. This is how configuration file `OSGI-INF/blueprint/blueprint.xml` inside your application may look like. Note it adds JAX-RS `customerservice` endpoint, which is endpoint specific to your application, but more importantly, it secures whole `/cxf` context. diff --git a/topics/oidc/java/java-adapter-config.adoc b/topics/oidc/java/java-adapter-config.adoc index 0a9d097cf2..6e700e0ed6 100644 --- a/topics/oidc/java/java-adapter-config.adoc +++ b/topics/oidc/java/java-adapter-config.adoc @@ -55,7 +55,7 @@ realm-public-key:: This is _OPTIONAL_. If not set the adapter will download this from {{book.project.name}}. auth-server-url:: - The base URL of the {{book.project.name}} server. All other {{book.project.name}} pages and REST service endpoints are derived from this. It is usually of the form `https://host:port/auth`. + The base URL of the {{book.project.name}} server. All other {{book.project.name}} pages and REST service endpoints are derived from this. It is usually of the form `$$https://host:port/auth$$`. This is _REQUIRED._ ssl-required:: diff --git a/topics/oidc/java/logout.adoc b/topics/oidc/java/logout.adoc index 5ab7487c24..ee285201ab 100755 --- a/topics/oidc/java/logout.adoc +++ b/topics/oidc/java/logout.adoc @@ -2,4 +2,4 @@ There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call HttpServletRequest.logout(). For any other browser application, you can redirect the browser to -`http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri`. This will log you out if you have a SSO session with your browser. \ No newline at end of file +`$$http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri$$`. This will log you out if you have a SSO session with your browser. \ No newline at end of file diff --git a/topics/oidc/oidc-generic.adoc b/topics/oidc/oidc-generic.adoc index b1fb818162..d4c589bb22 100644 --- a/topics/oidc/oidc-generic.adoc +++ b/topics/oidc/oidc-generic.adoc @@ -16,7 +16,7 @@ Connect implementation in {{book.project.name}}. The endpoint is: To get the full URL add the base URL for {{book.project.name}} and replace `REALM-NAME` with the name of your realm. For example: -http://localhost:8080/auth/realms/master/.well-known/openid-configuration +$$http://localhost:8080/auth/realms/master/.well-known/openid-configuration$$ Some RP libraries will retrieve all required endpoints from this endpoint, but for others you may need to list the endpoints individually. @@ -179,7 +179,7 @@ In production for web applications always use `https` for all redirect URIs. Do There's also a few special redirect URIs: [[_installed_applications_url]] -`http://localhost`:: +`$$http://localhost$$`:: This redirect URI is useful for native applications and allows the native application to create a web server on a random port that can be used to obtain the authorization code. This redirect uri allows any port. diff --git a/topics/saml/java/idp-registration.adoc b/topics/saml/java/idp-registration.adoc index 630a29ae32..2d59109c9b 100644 --- a/topics/saml/java/idp-registration.adoc +++ b/topics/saml/java/idp-registration.adoc @@ -2,4 +2,4 @@ ==== Registering with an IDP For each servlet based adapter, the endpoint you register for the assert consumer service url and and single logout service -must be the base url of your servlet application with `/saml` appended to it i.e. `https://example.com/contextPath/saml` +must be the base url of your servlet application with `/saml` appended to it i.e. `$$https://example.com/contextPath/saml$$` diff --git a/topics/saml/java/logout.adoc b/topics/saml/java/logout.adoc index 25528af316..b6a9ed82c2 100644 --- a/topics/saml/java/logout.adoc +++ b/topics/saml/java/logout.adoc @@ -2,5 +2,5 @@ There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call `HttpServletRequest.logout()`. For any other browser application, you can point -the browser at any url of your web application that has a security constraint and pass in a query parameter GLO, i.e. `http://myapp?GLO=true`. +the browser at any url of your web application that has a security constraint and pass in a query parameter GLO, i.e. `$$http://myapp?GLO=true$$`. This will log you out if you have an SSO session with your browser.