From 16f5bbc54eb05a9b79212952feb2bf2a26d3f310 Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Wed, 18 Dec 2013 18:01:47 -0500
Subject: [PATCH 1/3] undertow/wildfly adapter fixes

---
 .../org/keycloak/util/JsonSerialization.java  |  2 +-
 .../example/CustomerDatabaseClient.java       |  4 +-
 .../src/main/webapp/customers/view.jsp        |  2 +-
 .../example/oauth/ProductDatabaseClient.java  |  5 +-
 .../src/main/webapp/products/view.jsp         |  2 +-
 examples/pom.xml                              |  1 +
 examples/wildfly-demo/customer-app/pom.xml    | 17 +----
 .../example/oauth/CustomerDatabaseClient.java | 36 -----------
 .../example/CustomerDatabaseClient.java       | 50 +++++++++++++++
 .../WEB-INF/jboss-deployment-structure.xml    |  4 --
 .../src/main/webapp/WEB-INF/jboss-web.xml     |  5 --
 .../src/main/webapp/admin/admin.jsp           |  2 +-
 .../src/main/webapp/customers/view.jsp        | 14 +++--
 .../wildfly-demo/database-service/pom.xml     | 29 ++++++---
 .../WEB-INF/jboss-deployment-structure.xml    |  2 -
 .../src/main/webapp/WEB-INF/jboss-web.xml     |  5 --
 .../src/main/webapp/WEB-INF/keycloak.json     |  4 +-
 examples/wildfly-demo/pom.xml                 |  2 +-
 examples/wildfly-demo/product-app/pom.xml     | 19 +-----
 .../example/oauth/ProductDatabaseClient.java  | 36 -----------
 .../example/oauth/ProductDatabaseClient.java  | 50 +++++++++++++++
 .../WEB-INF/jboss-deployment-structure.xml    |  4 --
 .../src/main/webapp/WEB-INF/jboss-web.xml     |  5 --
 .../src/main/webapp/products/view.jsp         | 11 ++--
 examples/wildfly-demo/server/pom.xml          | 58 +++++++++++++++--
 .../example/demo/DemoApplication.java         | 14 +----
 .../main/resources/META-INF/testrealm.json    | 62 ++++++++++++-------
 .../WEB-INF/jboss-deployment-structure.xml    | 29 ++++++---
 examples/wildfly-demo/third-party/pom.xml     | 16 +----
 .../example/oauth/Bootstrap.java              |  4 +-
 .../example/oauth/ProductDatabaseClient.java  | 59 +++++++++---------
 .../WEB-INF/jboss-deployment-structure.xml    |  2 -
 .../src/main/webapp/WEB-INF/web.xml           |  2 +-
 .../third-party/src/main/webapp/pull_data.jsp |  3 +-
 .../third-party/src/main/webapp/redirect.jsp  |  4 +-
 .../undertow/BearerTokenAuthenticator.java    |  2 +-
 .../KeycloakAuthenticationMechanism.java      |  2 +-
 .../undertow/KeycloakServletExtension.java    | 32 ++++++++--
 .../adapters/undertow/OAuthAuthenticator.java |  6 +-
 pom.xml                                       |  2 +-
 40 files changed, 337 insertions(+), 271 deletions(-)
 delete mode 100755 examples/wildfly-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java
 create mode 100755 examples/wildfly-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
 delete mode 100755 examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
 mode change 100644 => 100755 examples/wildfly-demo/customer-app/src/main/webapp/admin/admin.jsp
 delete mode 100755 examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml
 delete mode 100755 examples/wildfly-demo/product-app/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java
 create mode 100755 examples/wildfly-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
 delete mode 100755 examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml
 rename examples/wildfly-demo/third-party/src/main/java/org/{jboss/resteasy => keycloak}/example/oauth/Bootstrap.java (93%)
 rename examples/wildfly-demo/third-party/src/main/java/org/{jboss/resteasy => keycloak}/example/oauth/ProductDatabaseClient.java (54%)
 mode change 100644 => 100755 examples/wildfly-demo/third-party/src/main/webapp/pull_data.jsp
 mode change 100644 => 100755 examples/wildfly-demo/third-party/src/main/webapp/redirect.jsp

diff --git a/core/src/main/java/org/keycloak/util/JsonSerialization.java b/core/src/main/java/org/keycloak/util/JsonSerialization.java
index 3eb2d35c72..f69c971416 100755
--- a/core/src/main/java/org/keycloak/util/JsonSerialization.java
+++ b/core/src/main/java/org/keycloak/util/JsonSerialization.java
@@ -8,7 +8,7 @@ import java.io.IOException;
 import java.io.InputStream;
 
 /**
- * Any class that extends JsonWebToken will use NON_DEFAULT inclusion
+ * Utility class to handle simple JSON serializable for Keycloak.
  *
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
diff --git a/examples/as7-eap-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/as7-eap-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
index 6da784323c..2d6249849d 100755
--- a/examples/as7-eap-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
+++ b/examples/as7-eap-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
@@ -22,8 +22,8 @@ public class CustomerDatabaseClient {
 
     static class TypedList extends ArrayList<String> {}
 
-    public static List<String> getCustomers() {
-        SkeletonKeySession session = SkeletonKeySession.getContext();
+    public static List<String> getCustomers(HttpServletRequest req) {
+        SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
         HttpClient client = new HttpClientBuilder()
                 .trustStore(session.getMetadata().getTruststore())
                 .hostnameVerification(HttpClientBuilder.HostnameVerificationPolicy.ANY).build();
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
index 344bd3e6f6..71b4efc70f 100755
--- a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
@@ -16,7 +16,7 @@
 User <b><%=request.getUserPrincipal().getName()%></b> made this request.
 <h2>Customer Listing</h2>
 <%
-java.util.List<String> list = CustomerDatabaseClient.getCustomers();
+java.util.List<String> list = CustomerDatabaseClient.getCustomers(request);
 for (String cust : list)
 {
    out.print("<p>");
diff --git a/examples/as7-eap-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/as7-eap-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
index 61dcec6c13..e512597bed 100755
--- a/examples/as7-eap-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
+++ b/examples/as7-eap-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -8,6 +8,7 @@ import org.keycloak.SkeletonKeySession;
 import org.keycloak.adapters.HttpClientBuilder;
 import org.keycloak.util.JsonSerialization;
 
+import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
@@ -21,8 +22,8 @@ public class ProductDatabaseClient
 {
     static class TypedList extends ArrayList<String> {}
 
-    public static List<String> getProducts() {
-        SkeletonKeySession session = SkeletonKeySession.getContext();
+    public static List<String> getProducts(HttpServletRequest req) {
+        SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
         HttpClient client = new HttpClientBuilder()
                 .trustStore(session.getMetadata().getTruststore())
                 .hostnameVerification(HttpClientBuilder.HostnameVerificationPolicy.ANY).build();
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
index cd3d8d0ac9..bc9ef81992 100755
--- a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
@@ -17,7 +17,7 @@
 User <b><%=request.getUserPrincipal().getName()%></b> made this request.
 <h2>Product Listing</h2>
 <%
-java.util.List<String> list = ProductDatabaseClient.getProducts();
+java.util.List<String> list = ProductDatabaseClient.getProducts(request);
 for (String cust : list)
 {
    out.print("<p>");
diff --git a/examples/pom.xml b/examples/pom.xml
index 77c7171982..d44bde6d2c 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -35,5 +35,6 @@
     </build>
     <modules>
         <module>as7-eap-demo</module>
+        <module>wildfly-demo</module>
     </modules>
 </project>
diff --git a/examples/wildfly-demo/customer-app/pom.xml b/examples/wildfly-demo/customer-app/pom.xml
index a7ca1ec0b7..3619e6c2e6 100755
--- a/examples/wildfly-demo/customer-app/pom.xml
+++ b/examples/wildfly-demo/customer-app/pom.xml
@@ -11,7 +11,7 @@
     <groupId>org.keycloak.example.wildfly.demo</groupId>
     <artifactId>customer-portal-example</artifactId>
     <packaging>war</packaging>
-    <name>Customer Portal - Secured via Undertow</name>
+    <name>Customer Portal - Secured via Valve</name>
     <description/>
 
     <repositories>
@@ -28,21 +28,6 @@
             <artifactId>jboss-servlet-api_3.0_spec</artifactId>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-client</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-adapter-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-undertow-adapter</artifactId>
diff --git a/examples/wildfly-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java b/examples/wildfly-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java
deleted file mode 100755
index 2da2c84af1..0000000000
--- a/examples/wildfly-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.jboss.resteasy.example.oauth;
-
-import org.jboss.resteasy.client.jaxrs.ResteasyClient;
-import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
-import org.keycloak.SkeletonKeySession;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.GenericType;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import java.util.List;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class CustomerDatabaseClient
-{
-   public static List<String> getCustomers(HttpServletRequest request)
-   {
-      SkeletonKeySession session = (SkeletonKeySession)request.getAttribute(SkeletonKeySession.class.getName());
-      ResteasyClient client = new ResteasyClientBuilder()
-                 .trustStore(session.getMetadata().getTruststore())
-                 .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build();
-      try
-      {
-         Response response = client.target("http://localhost:8080/database/customers").request()
-                 .header(HttpHeaders.AUTHORIZATION, "Bearer " + session.getTokenString()).get();
-         return response.readEntity(new GenericType<List<String>>(){});
-      }
-      finally
-      {
-         client.close();
-      }
-   }
-}
diff --git a/examples/wildfly-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/wildfly-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
new file mode 100755
index 0000000000..81898b03a0
--- /dev/null
+++ b/examples/wildfly-demo/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
@@ -0,0 +1,50 @@
+package org.keycloak.example;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.keycloak.SkeletonKeySession;
+import org.keycloak.adapters.HttpClientBuilder;
+import org.keycloak.util.JsonSerialization;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class CustomerDatabaseClient {
+
+    static class TypedList extends ArrayList<String> {}
+
+    public static List<String> getCustomers(HttpServletRequest req) {
+        SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
+
+        HttpClient client = new HttpClientBuilder()
+                .trustStore(session.getMetadata().getTruststore())
+                .hostnameVerification(HttpClientBuilder.HostnameVerificationPolicy.ANY).build();
+        try {
+            HttpGet get = new HttpGet("http://localhost:8080/database/customers");
+            get.addHeader("Authorization", "Bearer " + session.getTokenString());
+            try {
+                HttpResponse response = client.execute(get);
+                HttpEntity entity = response.getEntity();
+                InputStream is = entity.getContent();
+                try {
+                    return JsonSerialization.readValue(is, TypedList.class);
+                } finally {
+                    is.close();
+                }
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        } finally {
+            client.getConnectionManager().shutdown();
+        }
+    }
+}
diff --git a/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index 1469973bc4..c54e4abec6 100755
--- a/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -2,10 +2,6 @@
     <deployment>
         <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
         <dependencies>
-            <module name="org.bouncycastle"/>
-            <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
-            <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
-            <module name="org.jboss.resteasy.jose-jwt" />
         </dependencies>
     </deployment>
 </jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
deleted file mode 100755
index 3cec19cc47..0000000000
--- a/examples/wildfly-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<jboss-web>
-    <valve>
-        <class-name>org.keycloak.adapters.as7.OAuthManagedResourceValve</class-name>
-    </valve>
-</jboss-web>
\ No newline at end of file
diff --git a/examples/wildfly-demo/customer-app/src/main/webapp/admin/admin.jsp b/examples/wildfly-demo/customer-app/src/main/webapp/admin/admin.jsp
old mode 100644
new mode 100755
index e132e3701f..39c2a439fe
--- a/examples/wildfly-demo/customer-app/src/main/webapp/admin/admin.jsp
+++ b/examples/wildfly-demo/customer-app/src/main/webapp/admin/admin.jsp
@@ -2,7 +2,7 @@
  pageEncoding="ISO-8859-1"%>
 <html>
 <head>
-    <title>Customer Admin Iterface</title>
+    <title>Customer Admin Interface</title>
 </head>
 <body bgcolor="#E3F6CE">
 <h1>Customer Admin Interface</h1>
diff --git a/examples/wildfly-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/wildfly-demo/customer-app/src/main/webapp/customers/view.jsp
index 6e825f7137..71b4efc70f 100755
--- a/examples/wildfly-demo/customer-app/src/main/webapp/customers/view.jsp
+++ b/examples/wildfly-demo/customer-app/src/main/webapp/customers/view.jsp
@@ -1,20 +1,22 @@
-<%@ page import="javax.ws.rs.core.UriBuilder" language="java" contentType="text/html; charset=ISO-8859-1"
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  pageEncoding="ISO-8859-1"%>
+<%@ page import="org.keycloak.example.CustomerDatabaseClient" %>
+<%@ page import="org.keycloak.util.KeycloakUriBuilder" %>
 <html>
 <head>
     <title>Customer View Page</title>
 </head>
 <body bgcolor="#E3F6CE">
 <%
-
-   String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
-                                     .queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString();
+    String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
+            .queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString();
+    String acctUri =   "http://localhost:8080/auth-server/rest/realms/demo/account";
 %>
-<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a></p>
+<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
 User <b><%=request.getUserPrincipal().getName()%></b> made this request.
 <h2>Customer Listing</h2>
 <%
-java.util.List<String> list = org.jboss.resteasy.example.oauth.CustomerDatabaseClient.getCustomers(request);
+java.util.List<String> list = CustomerDatabaseClient.getCustomers(request);
 for (String cust : list)
 {
    out.print("<p>");
diff --git a/examples/wildfly-demo/database-service/pom.xml b/examples/wildfly-demo/database-service/pom.xml
index 160a1be4fa..5229b7dddf 100755
--- a/examples/wildfly-demo/database-service/pom.xml
+++ b/examples/wildfly-demo/database-service/pom.xml
@@ -30,29 +30,40 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-adapter-core</artifactId>
-            <version>${project.version}</version>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>resteasy-jaxrs</artifactId>
+            <scope>provided</scope>
         </dependency>
+
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-undertow-adapter</artifactId>
             <version>${project.version}</version>
+            <!--
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpclient</artifactId>
+                </exclusion>
+            </exclusions>
+            -->
         </dependency>
     </dependencies>
 
     <build>
         <finalName>database</finalName>
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.jboss.as.plugins</groupId>
                 <artifactId>jboss-as-maven-plugin</artifactId>
-                <version>7.5.Final</version>
+                <version>7.4.Final</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index f1f1ffa354..c54e4abec6 100755
--- a/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -2,8 +2,6 @@
     <deployment>
         <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
         <dependencies>
-            <module name="org.bouncycastle"/>
-             <module name="org.jboss.resteasy.jose-jwt" />
         </dependencies>
     </deployment>
 </jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml b/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml
deleted file mode 100755
index d1ca3931f9..0000000000
--- a/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<jboss-web>
-    <valve>
-        <class-name>org.keycloak.adapters.as7.BearerTokenAuthenticatorValve</class-name>
-    </valve>
-</jboss-web>
\ No newline at end of file
diff --git a/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/keycloak.json b/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/keycloak.json
index 6b707d9046..2e02cc3590 100755
--- a/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/wildfly-demo/database-service/src/main/webapp/WEB-INF/keycloak.json
@@ -2,7 +2,7 @@
   "realm" : "demo",
   "resource" : "database-service",
   "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-  "enable-cors" : true,
-  "bearer-only" : true
+  "bearer-only" : true,
+  "enable-cors" : true
 
 }
diff --git a/examples/wildfly-demo/pom.xml b/examples/wildfly-demo/pom.xml
index 2f8020cc13..e170820bf7 100755
--- a/examples/wildfly-demo/pom.xml
+++ b/examples/wildfly-demo/pom.xml
@@ -26,7 +26,7 @@
             <plugin>
                 <groupId>org.jboss.as.plugins</groupId>
                 <artifactId>jboss-as-maven-plugin</artifactId>
-                <version>7.5.Final</version>
+                <version>7.1.1.Final</version>
                 <configuration>
                     <skip>true</skip>
                 </configuration>
diff --git a/examples/wildfly-demo/product-app/pom.xml b/examples/wildfly-demo/product-app/pom.xml
index e7191c7ed5..2830bc169e 100755
--- a/examples/wildfly-demo/product-app/pom.xml
+++ b/examples/wildfly-demo/product-app/pom.xml
@@ -11,7 +11,7 @@
     <groupId>org.keycloak.example.wildfly.demo</groupId>
     <artifactId>product-portal-example</artifactId>
     <packaging>war</packaging>
-    <name>Product Portal - Secured via Undertow</name>
+    <name>Product Portal </name>
     <description/>
 
     <repositories>
@@ -28,21 +28,6 @@
             <artifactId>jboss-servlet-api_3.0_spec</artifactId>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-client</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-adapter-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-undertow-adapter</artifactId>
@@ -56,7 +41,7 @@
             <plugin>
                 <groupId>org.jboss.as.plugins</groupId>
                 <artifactId>jboss-as-maven-plugin</artifactId>
-                <version>7.5.Final</version>
+                <version>7.4.Final</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/examples/wildfly-demo/product-app/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java b/examples/wildfly-demo/product-app/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java
deleted file mode 100755
index 1111268381..0000000000
--- a/examples/wildfly-demo/product-app/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.jboss.resteasy.example.oauth;
-
-import org.jboss.resteasy.client.jaxrs.ResteasyClient;
-import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
-import org.keycloak.SkeletonKeySession;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.GenericType;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import java.util.List;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class ProductDatabaseClient
-{
-   public static List<String> getProducts(HttpServletRequest request)
-   {
-      SkeletonKeySession session = (SkeletonKeySession)request.getAttribute(SkeletonKeySession.class.getName());
-      ResteasyClient client = new ResteasyClientBuilder()
-                 .trustStore(session.getMetadata().getTruststore())
-                 .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build();
-      try
-      {
-         Response response = client.target("http://localhost:8080/database/products").request()
-                 .header(HttpHeaders.AUTHORIZATION, "Bearer " + session.getTokenString()).get();
-         return response.readEntity(new GenericType<List<String>>(){});
-      }
-      finally
-      {
-         client.close();
-      }
-   }
-}
diff --git a/examples/wildfly-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/wildfly-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
new file mode 100755
index 0000000000..e512597bed
--- /dev/null
+++ b/examples/wildfly-demo/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -0,0 +1,50 @@
+package org.keycloak.example.oauth;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.keycloak.SkeletonKeySession;
+import org.keycloak.adapters.HttpClientBuilder;
+import org.keycloak.util.JsonSerialization;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class ProductDatabaseClient
+{
+    static class TypedList extends ArrayList<String> {}
+
+    public static List<String> getProducts(HttpServletRequest req) {
+        SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
+        HttpClient client = new HttpClientBuilder()
+                .trustStore(session.getMetadata().getTruststore())
+                .hostnameVerification(HttpClientBuilder.HostnameVerificationPolicy.ANY).build();
+        try {
+            HttpGet get = new HttpGet("http://localhost:8080/database/products");
+            get.addHeader("Authorization", "Bearer " + session.getTokenString());
+            try {
+                HttpResponse response = client.execute(get);
+                HttpEntity entity = response.getEntity();
+                InputStream is = entity.getContent();
+                try {
+                    return JsonSerialization.readValue(is, TypedList.class);
+                } finally {
+                    is.close();
+                }
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        } finally {
+            client.getConnectionManager().shutdown();
+        }
+    }
+
+}
diff --git a/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index 1469973bc4..c54e4abec6 100755
--- a/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -2,10 +2,6 @@
     <deployment>
         <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
         <dependencies>
-            <module name="org.bouncycastle"/>
-            <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
-            <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
-            <module name="org.jboss.resteasy.jose-jwt" />
         </dependencies>
     </deployment>
 </jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml
deleted file mode 100755
index 3cec19cc47..0000000000
--- a/examples/wildfly-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<jboss-web>
-    <valve>
-        <class-name>org.keycloak.adapters.as7.OAuthManagedResourceValve</class-name>
-    </valve>
-</jboss-web>
\ No newline at end of file
diff --git a/examples/wildfly-demo/product-app/src/main/webapp/products/view.jsp b/examples/wildfly-demo/product-app/src/main/webapp/products/view.jsp
index bf1ca5ad91..bc9ef81992 100755
--- a/examples/wildfly-demo/product-app/src/main/webapp/products/view.jsp
+++ b/examples/wildfly-demo/product-app/src/main/webapp/products/view.jsp
@@ -1,20 +1,23 @@
-<%@ page import="javax.ws.rs.core.UriBuilder" language="java" contentType="text/html; charset=ISO-8859-1"
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  pageEncoding="ISO-8859-1"%>
+<%@ page import="org.keycloak.example.oauth.ProductDatabaseClient" %>
+<%@ page import="org.keycloak.util.KeycloakUriBuilder" %>
 <html>
 <head>
     <title>Product View Page</title>
 </head>
 <body bgcolor="#F5F6CE">
 <%
-   String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
+   String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
                                      .queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString();
+    String acctUri =   "http://localhost:8080/auth-server/rest/realms/demo/account";
 %>
 
-<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a></p>
+<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
 User <b><%=request.getUserPrincipal().getName()%></b> made this request.
 <h2>Product Listing</h2>
 <%
-java.util.List<String> list = org.jboss.resteasy.example.oauth.ProductDatabaseClient.getProducts(request);
+java.util.List<String> list = ProductDatabaseClient.getProducts(request);
 for (String cust : list)
 {
    out.print("<p>");
diff --git a/examples/wildfly-demo/server/pom.xml b/examples/wildfly-demo/server/pom.xml
index 1870a90c35..2b4207d7d4 100755
--- a/examples/wildfly-demo/server/pom.xml
+++ b/examples/wildfly-demo/server/pom.xml
@@ -15,11 +15,20 @@
     <description/>
 
     <dependencies>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk16</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-core</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core-jaxrs</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-services</artifactId>
@@ -30,6 +39,11 @@
             <artifactId>keycloak-model-api</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-jpa</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-social-core</artifactId>
@@ -65,6 +79,7 @@
             <artifactId>keycloak-admin-ui-styles</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <!--
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-jaxrs</artifactId>
@@ -89,6 +104,7 @@
             <artifactId>jaxrs-api</artifactId>
             <scope>provided</scope>
         </dependency>
+        -->
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
@@ -101,16 +117,48 @@
             <groupId>de.flapdoodle.embed</groupId>
             <artifactId>de.flapdoodle.embed.mongo</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.spec.javax.servlet</groupId>
-            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
-        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <version>4.1</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.spec.javax.servlet</groupId>
+            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <!-- resteasy -->
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>resteasy-jaxrs</artifactId>
+            <version>${resteasy.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>resteasy-multipart-provider</artifactId>
+            <version>${resteasy.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>resteasy-client</artifactId>
+            <version>${resteasy.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>async-http-servlet-3.0</artifactId>
+            <version>${resteasy.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>jaxrs-api</artifactId>
+            <version>${resteasy.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>resteasy-jackson-provider</artifactId>
+            <version>${resteasy.version}</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -119,7 +167,7 @@
             <plugin>
                 <groupId>org.jboss.as.plugins</groupId>
                 <artifactId>jboss-as-maven-plugin</artifactId>
-                <version>7.5.Final</version>
+                <version>7.4.Final</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/examples/wildfly-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/wildfly-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
index 0b7b49d934..ee95beb654 100755
--- a/examples/wildfly-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/wildfly-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -1,6 +1,6 @@
 package org.keycloak.example.demo;
 
-import org.jboss.resteasy.jwt.JsonSerialization;
+import org.keycloak.util.JsonSerialization;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.idm.RealmRepresentation;
@@ -10,7 +10,6 @@ import org.keycloak.services.resources.KeycloakApplication;
 
 import javax.servlet.ServletContext;
 import javax.ws.rs.core.Context;
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 /**
@@ -39,17 +38,8 @@ public class DemoApplication extends KeycloakApplication {
     public static RealmRepresentation loadJson(String path)
     {
         InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
-        ByteArrayOutputStream os = new ByteArrayOutputStream();
-        int c;
         try {
-            while ( (c = is.read()) != -1)
-            {
-                os.write(c);
-            }
-            byte[] bytes = os.toByteArray();
-            //System.out.println(new String(bytes));
-
-            return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
+            return JsonSerialization.readValue(is, RealmRepresentation.class);
         } catch (IOException e) {
             throw new RuntimeException(e);
         }
diff --git a/examples/wildfly-demo/server/src/main/resources/META-INF/testrealm.json b/examples/wildfly-demo/server/src/main/resources/META-INF/testrealm.json
index 284a4be550..fca38a9348 100755
--- a/examples/wildfly-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/wildfly-demo/server/src/main/resources/META-INF/testrealm.json
@@ -1,20 +1,20 @@
 {
     "realm": "demo",
     "enabled": true,
-    "tokenLifespan": 300,
+    "tokenLifespan": 3000,
     "accessCodeLifespan": 10,
-    "accessCodeLifespanUserAction": 600,
+    "accessCodeLifespanUserAction": 6000,
+    "accountManagement": true,
     "sslNotRequired": true,
     "cookieLoginAllowed": true,
-    "registrationAllowed": true,
-    "social": true,
+    "registrationAllowed": false,
+    "social": false,
     "automaticRegistrationAfterSocialLogin": false,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],
     "requiredApplicationCredentials": [ "password" ],
     "requiredOAuthClientCredentials": [ "password" ],
-    "defaultRoles": [ "user" ],
     "users" : [
         {
             "username" : "bburke@redhat.com",
@@ -26,48 +26,44 @@
                 { "type" : "password",
                     "value" : "password" }
             ]
-        },
-        {
-            "username" : "third-party",
-            "enabled": true,
-            "credentials" : [
-                { "type" : "password",
-                    "value" : "password" }
-            ]
         }
     ],
     "roles": [
         {
             "name": "user",
-            "description": "Have User privileges"
+            "description": "User privileges"
         },
         {
             "name": "admin",
-            "description": "Have Administrator privileges"
+            "description": "Administrator privileges"
         }
     ],
     "roleMappings": [
         {
             "username": "bburke@redhat.com",
             "roles": ["user"]
-        },
-        {
-            "username": "third-party",
-            "roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
         }
     ],
     "scopeMappings": [
         {
             "username": "third-party",
             "roles": ["user"]
+        },
+        {
+            "username": "customer-portal",
+            "roles": ["user"]
+        },
+        {
+            "username": "product-portal",
+            "roles": ["user"]
         }
+
     ],
     "applications": [
         {
             "name": "customer-portal",
             "enabled": true,
             "adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
-            "useRealmMappings": true,
             "credentials": [
                 {
                     "type": "password",
@@ -79,7 +75,6 @@
             "name": "product-portal",
             "enabled": true,
             "adminUrl": "http://localhost:8080/product-portal/j_admin_request",
-            "useRealmMappings": true,
             "credentials": [
                 {
                     "type": "password",
@@ -87,5 +82,26 @@
                 }
             ]
         }
-    ]
-}
\ No newline at end of file
+    ],
+    "oauthClients": [
+        {
+            "name": "third-party",
+            "enabled": true,
+            "credentials": [
+                {
+                    "type": "password",
+                    "value": "password"
+                }
+            ]
+        }
+    ],
+    "applicationRoleMappings": {
+        "Account": [
+            {
+                "username": "bburke@redhat.com",
+                "roles": ["manage-account"]
+            }
+        ]
+    }
+
+}
diff --git a/examples/wildfly-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/wildfly-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index 8caa96f6a0..2654f310d6 100755
--- a/examples/wildfly-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/wildfly-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -1,10 +1,21 @@
-<jboss-deployment-structure>
-    <deployment>
-        <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
-        <dependencies>
-            <module name="org.jboss.resteasy.jose-jwt"/>
-            <module name="org.jboss.resteasy.resteasy-crypto"/>
-            <module name="org.bouncycastle"/>
-        </dependencies>
-    </deployment>
+<jboss-deployment-structure>
+    <deployment>
+        <exclusions>
+
+            <!-- Exclude Version cxf of JBOSS -->
+            <module name="org.apache.cxf" />
+            <!-- Exclude JAVA EE of JBOSS (javax.ws..) => Add dependency javax.annotation -->
+            <module name="javaee.api" />
+            <!-- Exclude RestEasy conflict (javax.ws.rs.ext.RunDelegate) -->
+            <module name="org.jboss.resteasy.resteasy-atom-provider" />
+            <module name="org.jboss.resteasy.resteasy-cdi" />
+            <module name="org.jboss.resteasy.resteasy-jackson-provider" />
+            <module name="org.jboss.resteasy.resteasy-jaxb-provider" />
+            <module name="org.jboss.resteasy.resteasy-jaxrs" />
+            <module name="org.jboss.resteasy.resteasy-jettison-provider" />
+            <module name="org.jboss.resteasy.resteasy-jsapi" />
+            <module name="org.jboss.resteasy.resteasy-multipart-provider" />
+            <module name="org.jboss.resteasy.resteasy-yaml-provider" />
+        </exclusions>
+    </deployment>
 </jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/wildfly-demo/third-party/pom.xml b/examples/wildfly-demo/third-party/pom.xml
index 79cfe97fa4..b708b835a2 100755
--- a/examples/wildfly-demo/third-party/pom.xml
+++ b/examples/wildfly-demo/third-party/pom.xml
@@ -11,7 +11,7 @@
     <groupId>org.keycloak.example.wildfly.demo</groupId>
     <artifactId>oauth-client-example</artifactId>
     <packaging>war</packaging>
-    <name>Simple OAuth Wildfly Client</name>
+    <name>Simple OAuth Client</name>
     <description/>
 
     <dependencies>
@@ -21,19 +21,9 @@
             <version>1.0.1.Final</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-client</artifactId>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-adapter-core</artifactId>
+            <artifactId>keycloak-servlet-oauth-client</artifactId>
             <version>${project.version}</version>
         </dependency>
     </dependencies>
@@ -44,7 +34,7 @@
             <plugin>
                 <groupId>org.jboss.as.plugins</groupId>
                 <artifactId>jboss-as-maven-plugin</artifactId>
-                <version>7.5.Final</version>
+                <version>7.4.Final</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
diff --git a/examples/wildfly-demo/third-party/src/main/java/org/jboss/resteasy/example/oauth/Bootstrap.java b/examples/wildfly-demo/third-party/src/main/java/org/keycloak/example/oauth/Bootstrap.java
similarity index 93%
rename from examples/wildfly-demo/third-party/src/main/java/org/jboss/resteasy/example/oauth/Bootstrap.java
rename to examples/wildfly-demo/third-party/src/main/java/org/keycloak/example/oauth/Bootstrap.java
index 717cd3e5a1..121af39b0a 100755
--- a/examples/wildfly-demo/third-party/src/main/java/org/jboss/resteasy/example/oauth/Bootstrap.java
+++ b/examples/wildfly-demo/third-party/src/main/java/org/keycloak/example/oauth/Bootstrap.java
@@ -1,6 +1,5 @@
-package org.jboss.resteasy.example.oauth;
+package org.keycloak.example.oauth;
 
-import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.keycloak.servlet.ServletOAuthClient;
 
 import javax.servlet.ServletContextEvent;
@@ -55,7 +54,6 @@ public class Bootstrap implements ServletContextListener {
         client.setPassword("password");
         client.setAuthUrl("http://localhost:8080/auth-server/rest/realms/demo/tokens/login");
         client.setCodeUrl("http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes");
-        client.setClient(new ResteasyClientBuilder().build());
         client.start();
         sce.getServletContext().setAttribute(ServletOAuthClient.class.getName(), client);
 
diff --git a/examples/wildfly-demo/third-party/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java b/examples/wildfly-demo/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
similarity index 54%
rename from examples/wildfly-demo/third-party/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java
rename to examples/wildfly-demo/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
index d21c823bd8..2b4cbd5c72 100755
--- a/examples/wildfly-demo/third-party/src/main/java/org/jboss/resteasy/example/oauth/ProductDatabaseClient.java
+++ b/examples/wildfly-demo/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -1,15 +1,18 @@
-package org.jboss.resteasy.example.oauth;
+package org.keycloak.example.oauth;
 
-import org.jboss.resteasy.client.jaxrs.ResteasyClient;
-import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.keycloak.adapters.TokenGrantRequest;
 import org.keycloak.servlet.ServletOAuthClient;
+import org.keycloak.util.JsonSerialization;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.GenericType;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
 import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
 import java.util.List;
 
 /**
@@ -31,6 +34,8 @@ public class ProductDatabaseClient {
         }
     }
 
+    static class TypedList extends ArrayList<String> {}
+
     public static List<String> getProducts(HttpServletRequest request) {
         // This is really the worst code ever. The ServletOAuthClient is obtained by getting a context attribute
         // that is set in the Bootstrap context listenr in this project.
@@ -38,32 +43,30 @@ public class ProductDatabaseClient {
         // and obtain the ServletOAuthClient.  I actually suggest downloading the ServletOAuthClient code
         // and take a look how it works.
         ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
-        String token = oAuthClient.getBearerToken(request);
-        ResteasyClient client = new ResteasyClientBuilder()
-                .trustStore(oAuthClient.getTruststore())
-                .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build();
+        String token = null;
         try {
-            // invoke without the Authorization header
-            Response response = client.target("http://localhost:8080/database/products").request().get();
-            response.close();
-            if (response.getStatus() != 401) {
-                response.close();
-                client.close();
-                throw new RuntimeException("Expecting an auth status code: " + response.getStatus());
-            }
-        } finally {
+            token = oAuthClient.getBearerToken(request);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        } catch (TokenGrantRequest.HttpFailure failure) {
+            throw new RuntimeException(failure);
         }
+
+        HttpClient client = oAuthClient.getClient();
+
+        HttpGet get = new HttpGet("http://localhost:8080/database/products");
+        get.addHeader("Authorization", "Bearer " + token);
         try {
-            Response response = client.target("http://localhost:8080/database/products").request()
-                    .header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
-            if (response.getStatus() != 200) {
-               response.close();
-               throw new RuntimeException("Failed to access!: " + response.getStatus());
+            HttpResponse response = client.execute(get);
+            HttpEntity entity = response.getEntity();
+            InputStream is = entity.getContent();
+            try {
+                return JsonSerialization.readValue(is, TypedList.class);
+            } finally {
+                is.close();
             }
-                return response.readEntity(new GenericType<List<String>>() {
-                });
-        } finally {
-            client.close();
+        } catch (IOException e) {
+            throw new RuntimeException(e);
         }
     }
 }
diff --git a/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index 74f5dff8db..c54e4abec6 100755
--- a/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -2,8 +2,6 @@
     <deployment>
         <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
         <dependencies>
-            <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
-            <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
         </dependencies>
     </deployment>
 </jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/web.xml b/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/web.xml
index 501b203606..958839db9f 100755
--- a/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/web.xml
+++ b/examples/wildfly-demo/third-party/src/main/webapp/WEB-INF/web.xml
@@ -7,7 +7,7 @@
 	<module-name>oauth-client</module-name>
 
     <listener>
-        <listener-class>org.jboss.resteasy.example.oauth.Bootstrap</listener-class>
+        <listener-class>org.keycloak.example.oauth.Bootstrap</listener-class>
     </listener>
     <!--
     <security-constraint>
diff --git a/examples/wildfly-demo/third-party/src/main/webapp/pull_data.jsp b/examples/wildfly-demo/third-party/src/main/webapp/pull_data.jsp
old mode 100644
new mode 100755
index 63ad9d9016..a64f674d50
--- a/examples/wildfly-demo/third-party/src/main/webapp/pull_data.jsp
+++ b/examples/wildfly-demo/third-party/src/main/webapp/pull_data.jsp
@@ -1,3 +1,4 @@
+<%@ page import="org.keycloak.example.oauth.ProductDatabaseClient" %>
 <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  pageEncoding="ISO-8859-1"%>
 <html>
@@ -7,7 +8,7 @@
 <body>
 <h2>Pulled Product Listing</h2>
 <%
-java.util.List<String> list = org.jboss.resteasy.example.oauth.ProductDatabaseClient.getProducts(request);
+java.util.List<String> list = ProductDatabaseClient.getProducts(request);
 for (String prod : list)
 {
    out.print("<p>");
diff --git a/examples/wildfly-demo/third-party/src/main/webapp/redirect.jsp b/examples/wildfly-demo/third-party/src/main/webapp/redirect.jsp
old mode 100644
new mode 100755
index 35ff870ca1..c74a9ae9e5
--- a/examples/wildfly-demo/third-party/src/main/webapp/redirect.jsp
+++ b/examples/wildfly-demo/third-party/src/main/webapp/redirect.jsp
@@ -1,3 +1,3 @@
-<%
-   org.jboss.resteasy.example.oauth.ProductDatabaseClient.redirect(request, response);
+<%@ page import="org.keycloak.example.oauth.ProductDatabaseClient" %><%
+   ProductDatabaseClient.redirect(request, response);
 %>
\ No newline at end of file
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java
index cd0019456c..cce080c11c 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java
@@ -104,7 +104,7 @@ public class BearerTokenAuthenticator {
             X509Certificate[] chain = new X509Certificate[0];
             try {
                 chain = exchange.getConnection().getSslSessionInfo().getPeerCertificateChain();
-            } catch (SSLPeerUnverifiedException ignore) {
+            } catch (Exception ignore) {
 
             }
             if (chain == null || chain.length == 0) {
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
index 5183d7a026..69981bd31c 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
@@ -115,7 +115,7 @@ public class KeycloakAuthenticationMechanism implements AuthenticationMechanism
                 return accountRoles;
             }
         };
-        securityContext.authenticationComplete(account, "FORM");
+        securityContext.authenticationComplete(account, "KEYCLOAK", true);
     }
 
     protected void propagateBearer(HttpServerExchange exchange, SkeletonKeySession session) {
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
index fa4ff2ecd8..7a39424398 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
@@ -1,10 +1,15 @@
 package org.keycloak.adapters.undertow;
 
+import io.undertow.security.api.AuthenticationMechanism;
+import io.undertow.security.api.AuthenticationMechanismFactory;
 import io.undertow.security.idm.Account;
 import io.undertow.security.idm.Credential;
 import io.undertow.security.idm.IdentityManager;
+import io.undertow.server.handlers.form.FormParserFactory;
 import io.undertow.servlet.ServletExtension;
+import io.undertow.servlet.api.AuthMethodConfig;
 import io.undertow.servlet.api.DeploymentInfo;
+import io.undertow.servlet.api.LoginConfig;
 import io.undertow.servlet.api.ServletSessionConfig;
 import org.jboss.logging.Logger;
 import org.keycloak.representations.config.AdapterConfig;
@@ -12,6 +17,7 @@ import org.keycloak.adapters.config.RealmConfigurationLoader;
 
 import javax.servlet.ServletContext;
 import java.io.InputStream;
+import java.util.Map;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -20,21 +26,34 @@ import java.io.InputStream;
 public class KeycloakServletExtension implements ServletExtension {
     protected Logger log = Logger.getLogger(KeycloakServletExtension.class);
 
+    // todo when this DeploymentInfo method of the same name is fixed.
+    public boolean isAuthenticationMechanismPresent(DeploymentInfo deploymentInfo, final String mechanismName) {
+        LoginConfig loginConfig = deploymentInfo.getLoginConfig();
+        if(loginConfig != null) {
+            for(AuthMethodConfig method : loginConfig.getAuthMethods()) {
+                if(method.getName().equalsIgnoreCase(mechanismName)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
+
     @Override
     public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
-        if (deploymentInfo.getLoginConfig() == null || !deploymentInfo.getLoginConfig().getAuthMethod().equalsIgnoreCase("keycloak")) {
+        if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK")) {
             log.info("auth-method is not keycloak!");
             return;
         }
         log.info("KeycloakServletException initialization");
-        deploymentInfo.setIgnoreStandardAuthenticationMechanism(true);
         InputStream is = servletContext.getResourceAsStream("/WEB-INF/keycloak.json");
         if (is == null) throw new RuntimeException("Unable to find /WEB-INF/keycloak.json configuration file");
         RealmConfigurationLoader loader = new RealmConfigurationLoader(is);
         loader.init(true);
         AdapterConfig keycloakConfig = loader.getAdapterConfig();
         PreflightCorsHandler.Wrapper preflight = new PreflightCorsHandler.Wrapper(keycloakConfig);
-        ServletKeycloakAuthenticationMechanism auth = new ServletKeycloakAuthenticationMechanism(loader.getResourceMetadata(),
+        final ServletKeycloakAuthenticationMechanism auth = new ServletKeycloakAuthenticationMechanism(loader.getResourceMetadata(),
                 keycloakConfig,
                 loader.getRealmConfiguration(),
                 deploymentInfo.getConfidentialPortManager());
@@ -43,7 +62,12 @@ public class KeycloakServletExtension implements ServletExtension {
         // setup handlers
 
         deploymentInfo.addInitialHandlerChainWrapper(preflight); // cors preflight
-        deploymentInfo.addAuthenticationMechanism(auth); // authentication
+        deploymentInfo.addAuthenticationMechanism("KEYCLOAK", new AuthenticationMechanismFactory() {
+            @Override
+            public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
+                return auth;
+            }
+        }); // authentication
         deploymentInfo.addInnerHandlerChainWrapper(ServletPropagateSessionHandler.WRAPPER); // propagates SkeletonKeySession
         deploymentInfo.addInnerHandlerChainWrapper(actions); // handles authenticated actions and cors.
 
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
index 433feb263b..8cd222d149 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
@@ -32,7 +32,6 @@ public class OAuthAuthenticator {
     protected String tokenString;
     protected SkeletonKeyToken token;
     protected HttpServerExchange exchange;
-    protected String redirectUri;
     protected KeycloakChallenge challenge;
 
     public OAuthAuthenticator(HttpServerExchange exchange, RealmConfiguration realmInfo,  int sslRedirectPort) {
@@ -53,10 +52,6 @@ public class OAuthAuthenticator {
         return token;
     }
 
-    public String getRedirectUri() {
-        return redirectUri;
-    }
-
     protected String getRequestUrl() {
         KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(exchange.getRequestURI())
                 .replaceQuery(exchange.getQueryString());
@@ -236,6 +231,7 @@ public class OAuthAuthenticator {
         if (challenge != null) return challenge;
 
         AccessTokenResponse tokenResponse = null;
+        String redirectUri = stripOauthParametersFromRedirect();
         try {
             tokenResponse = TokenGrantRequest.invoke(realmInfo, code, redirectUri);
         } catch (TokenGrantRequest.HttpFailure failure) {
diff --git a/pom.xml b/pom.xml
index 0921449b83..d65c2ab2d8 100755
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
 
     <properties>
         <resteasy.version>3.0.5.Final</resteasy.version>
-        <undertow.version>1.0.0.Beta21</undertow.version>
+        <undertow.version>1.0.0.Beta28</undertow.version>
         <picketlink.version>2.5.0.Beta6</picketlink.version>
         <mongo.driver.version>2.11.2</mongo.driver.version>
         <jboss.logging.version>3.1.1.GA</jboss.logging.version>

From 0ec80f65905e33e9c1509551dfe530383cf44779 Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Wed, 18 Dec 2013 18:08:48 -0500
Subject: [PATCH 2/3] remove ThreadLocal SkeletonKeySession

---
 .../main/java/org/keycloak/SkeletonKeySession.java   | 12 ------------
 .../adapters/as7/BearerTokenAuthenticatorValve.java  |  1 -
 .../as7/CatalinaBearerTokenAuthenticator.java        |  1 -
 .../adapters/as7/OAuthAuthenticatorValve.java        |  3 ---
 4 files changed, 17 deletions(-)

diff --git a/core/src/main/java/org/keycloak/SkeletonKeySession.java b/core/src/main/java/org/keycloak/SkeletonKeySession.java
index 68592839f6..e58b5061db 100755
--- a/core/src/main/java/org/keycloak/SkeletonKeySession.java
+++ b/core/src/main/java/org/keycloak/SkeletonKeySession.java
@@ -36,16 +36,4 @@ public class SkeletonKeySession implements Serializable {
 
     protected static ThreadLocal<SkeletonKeySession> local = new ThreadLocal<SkeletonKeySession>();
 
-    public static void pushContext(SkeletonKeySession session) {
-        local.set(session);
-    }
-
-    public static void clearContext() {
-        local.set(null);
-    }
-
-    public static SkeletonKeySession getContext() {
-        return local.get();
-    }
-
 }
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
index 6ee7141f08..e6afc2622d 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
@@ -63,7 +63,6 @@ public class BearerTokenAuthenticatorValve extends AuthenticatorBase implements
             }
             super.invoke(request, response);
         } finally {
-            SkeletonKeySession.clearContext();
         }
     }
 
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java
index 5745444c2f..f289a02d40 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java
@@ -108,7 +108,6 @@ public class CatalinaBearerTokenAuthenticator {
         request.setAuthType("OAUTH_BEARER");
         SkeletonKeySession skSession = new SkeletonKeySession(tokenString, token, resourceMetadata);
         request.setAttribute(SkeletonKeySession.class.getName(), skSession);
-        SkeletonKeySession.pushContext(skSession);
 
         return true;
     }
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java
index 1a2e1ef01a..46717d2838 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java
@@ -86,7 +86,6 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
             }
             super.invoke(request, response);
         } finally {
-            SkeletonKeySession.clearContext();
         }
     }
 
@@ -199,8 +198,6 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
             SkeletonKeySession skSession = (SkeletonKeySession) session.getNote(SkeletonKeySession.class.getName());
             if (skSession != null) {
                 request.setAttribute(SkeletonKeySession.class.getName(), skSession);
-                SkeletonKeySession.pushContext(skSession);
-
             }
         }
         return true;

From 40e8a26a3b113f47ab21ff2512bb43edff9e0d22 Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Wed, 18 Dec 2013 18:10:28 -0500
Subject: [PATCH 3/3] threadlocal

---
 core/src/main/java/org/keycloak/SkeletonKeySession.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/core/src/main/java/org/keycloak/SkeletonKeySession.java b/core/src/main/java/org/keycloak/SkeletonKeySession.java
index e58b5061db..3f10c7e896 100755
--- a/core/src/main/java/org/keycloak/SkeletonKeySession.java
+++ b/core/src/main/java/org/keycloak/SkeletonKeySession.java
@@ -34,6 +34,4 @@ public class SkeletonKeySession implements Serializable {
         return metadata;
     }
 
-    protected static ThreadLocal<SkeletonKeySession> local = new ThreadLocal<SkeletonKeySession>();
-
 }