libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-230 Convert third-party example to be CDI+JSF application with reading config from JSON file. Renamed package org.jboss.resteasy to org.keycloak in database example. Added ServletOAuthClientConfigLoader

Browse source
This commit is contained in:
mposolda 2014-01-02 16:08:06 +01:00
parent 2e40e63c4c
commit e904ca8b58
23 changed files with 574 additions and 198 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java → examples/as7-eap-demo/database-service/src/main/java/org/keycloak/example/oauth/CustomerService.java
View file

@ -1,4 +1,4 @@
package org.jboss.resteasy.example.oauth;
package org.keycloak.example.oauth;
import javax.ws.rs.GET;
import javax.ws.rs.Path;

2
examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java → examples/as7-eap-demo/database-service/src/main/java/org/keycloak/example/oauth/DataApplication.java
View file

@ -1,4 +1,4 @@
package org.jboss.resteasy.example.oauth;
package org.keycloak.example.oauth;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

2
examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java → examples/as7-eap-demo/database-service/src/main/java/org/keycloak/example/oauth/ProductService.java
View file

@ -1,4 +1,4 @@
package org.jboss.resteasy.example.oauth;
package org.keycloak.example.oauth;
import javax.ws.rs.GET;
import javax.ws.rs.Path;

18
examples/as7-eap-demo/third-party/pom.xml vendored
View file

@ -21,6 +21,24 @@
<version>1.0.1.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.enterprise</groupId>
<artifactId>cdi-api</artifactId>
<version>1.0-SP4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.faces</groupId>
<artifactId>jboss-jsf-api_2.1_spec</artifactId>
<version>2.0.1.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>3.1.2.GA</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-servlet-oauth-client</artifactId>

57
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/AppContextListener.java vendored Normal file
View file

@ -0,0 +1,57 @@
package org.keycloak.example.oauth;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;
import org.jboss.logging.Logger;
import org.keycloak.servlet.ServletOAuthClient;
import org.keycloak.servlet.ServletOAuthClientConfigLoader;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@WebListener
public class AppContextListener implements ServletContextListener {
private static final Logger logger = Logger.getLogger(AppContextListener.class);
@Inject
private ServletOAuthClient oauthClient;
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContext context = sce.getServletContext();
InputStream is = null;
String path = context.getInitParameter("keycloak.config.file");
if (path == null) {
is = context.getResourceAsStream("/WEB-INF/keycloak.json");
} else {
try {
is = new FileInputStream(path);
} catch (FileNotFoundException e) {
throw new RuntimeException(e);
}
}
ServletOAuthClientConfigLoader loader = new ServletOAuthClientConfigLoader(is);
loader.initOAuthClientConfiguration(true);
loader.configureServletOAuthClient(oauthClient);
oauthClient.start();
logger.info("OAuth client configured and started");
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
oauthClient.stop();
logger.info("OAuth client stopped");
}
}

67
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/Bootstrap.java vendored
View file

@ -1,67 +0,0 @@
package org.keycloak.example.oauth;
import org.keycloak.servlet.ServletOAuthClient;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
/**
* Stupid init code to load up the truststore so we can make appropriate SSL connections
* You really should use a better way of initializing this stuff.
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class Bootstrap implements ServletContextListener {
private ServletOAuthClient client;
private static KeyStore loadKeyStore(String filename, String password) throws Exception {
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
File truststoreFile = new File(filename);
FileInputStream trustStream = new FileInputStream(truststoreFile);
trustStore.load(trustStream, password.toCharArray());
trustStream.close();
return trustStore;
}
@Override
public void contextInitialized(ServletContextEvent sce) {
client = new ServletOAuthClient();
/*
// hardcoded, WARNING, you should really have a better way of doing this
// configuration. Either use something like Spring or CDI, or even pull
// config vales from context-params
String truststorePath = "${jboss.server.config.dir}/client-truststore.ts";
String truststorePassword = "password";
truststorePath = EnvUtil.replace(truststorePath);
KeyStore truststore = null;
try
{
truststore = loadKeyStore(truststorePath, truststorePassword);
}
catch (Exception e)
{
throw new RuntimeException(e);
}
client.setTruststore(truststore);
*/
client.setClientId("third-party");
client.setPassword("password");
client.setAuthUrl("http://localhost:8080/auth-server/rest/realms/demo/tokens/login");
client.setCodeUrl("http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes");
client.start();
sce.getServletContext().setAttribute(ServletOAuthClient.class.getName(), client);
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
client.stop();
}
}

40
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/CDIResourcesProducer.java vendored Normal file
View file

@ -0,0 +1,40 @@
package org.keycloak.example.oauth;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.inject.Produces;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.servlet.ServletOAuthClient;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class CDIResourcesProducer {
@Produces
@RequestScoped
public FacesContext produceFacesContext() {
return FacesContext.getCurrentInstance();
}
@Produces
@RequestScoped
public HttpServletRequest produceServletRequest() {
return (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
}
@Produces
@RequestScoped
public HttpServletResponse produceServletResponse() {
return (HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse();
}
@Produces
@ApplicationScoped
public ServletOAuthClient produceOAuthClient() {
return new ServletOAuthClient();
}
}

103
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/DatabaseClient.java vendored Executable file
View file

@ -0,0 +1,103 @@
package org.keycloak.example.oauth;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.jboss.logging.Logger;
import org.keycloak.adapters.TokenGrantRequest;
import org.keycloak.servlet.ServletOAuthClient;
import org.keycloak.util.JsonSerialization;
import javax.enterprise.context.ApplicationScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
* @version $Revision: 1 $
*/
@ApplicationScoped
@Named("databaseClient")
public class DatabaseClient {
@Inject
private HttpServletRequest request;
@Inject
private HttpServletResponse response;
@Inject
private FacesContext facesContext;
@Inject
private ServletOAuthClient oauthClient;
@Inject
private UserData userData;
private static final Logger logger = Logger.getLogger(DatabaseClient.class);
public void retrieveAccessToken() {
try {
oauthClient.redirectRelative("client.jsf", request, response);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
static class TypedList extends ArrayList<String> {}
public void sendCustomersRequest() {
List<String> customers = sendRequestToDBApplication("http://localhost:8080/database/customers");
userData.setCustomers(customers);
}
public void sendProductsRequest() {
List<String> products = sendRequestToDBApplication("http://localhost:8080/database/products");
userData.setProducts(products);
}
protected List<String> sendRequestToDBApplication(String dbUri) {
HttpClient client = oauthClient.getClient();
HttpGet get = new HttpGet(dbUri);
try {
if (userData.isHasAccessToken()) {
get.addHeader("Authorization", "Bearer " + userData.getAccessToken());
}
HttpResponse response = client.execute(get);
switch (response.getStatusLine().getStatusCode()) {
case 200: HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
return JsonSerialization.readValue(is, TypedList.class);
} finally {
is.close();
}
case 401: facesContext.addMessage(null, new FacesMessage("Status: 401. Request not authenticated! You need to retrieve access token first."));
break;
case 403: facesContext.addMessage(null, new FacesMessage("Status: 403. Access token has insufficient privileges"));
break;
default: facesContext.addMessage(null, new FacesMessage("Status: " + response.getStatusLine() + ". Not able to retrieve data. See log for details"));
logger.warn("Error occured. Status: " + response.getStatusLine());
}
return null;
} catch (IOException e) {
e.printStackTrace();
facesContext.addMessage(null, new FacesMessage("Unknown error. See log for details"));
return null;
}
}
}

33
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/MessagesChecker.java vendored Normal file
View file

@ -0,0 +1,33 @@
package org.keycloak.example.oauth;
import javax.enterprise.context.RequestScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
/**
* This is needed because Faces context is not available in HTTP filters
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@RequestScoped
@Named("messagesChecker")
public class MessagesChecker {
@Inject
private HttpServletRequest request;
@Inject
private FacesContext facesContext;
public String getCheckMessage() {
String oauthError = (String)request.getAttribute(RefreshTokenFilter.OAUTH_ERROR_ATTR);
if (oauthError != null) {
facesContext.addMessage(null, new FacesMessage("OAuth error occured: " + oauthError));
}
return null;
}
}

72
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java vendored
View file

@ -1,72 +0,0 @@
package org.keycloak.example.oauth;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.keycloak.adapters.TokenGrantRequest;
import org.keycloak.servlet.ServletOAuthClient;
import org.keycloak.util.JsonSerialization;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProductDatabaseClient {
public static void redirect(HttpServletRequest request, HttpServletResponse response) {
// This is really the worst code ever. The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listenr in this project.
// You really should come up with a better way to initialize
// and obtain the ServletOAuthClient. I actually suggest downloading the ServletOAuthClient code
// and take a look how it works.
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
try {
oAuthClient.redirectRelative("pull_data.jsp", request, response);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
static class TypedList extends ArrayList<String> {}
public static List<String> getProducts(HttpServletRequest request) {
// This is really the worst code ever. The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listenr in this project.
// You really should come up with a better way to initialize
// and obtain the ServletOAuthClient. I actually suggest downloading the ServletOAuthClient code
// and take a look how it works.
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
String token = null;
try {
token = oAuthClient.getBearerToken(request);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (TokenGrantRequest.HttpFailure failure) {
throw new RuntimeException(failure);
}
HttpClient client = oAuthClient.getClient();
HttpGet get = new HttpGet("http://localhost:8080/database/products");
get.addHeader("Authorization", "Bearer " + token);
try {
HttpResponse response = client.execute(get);
HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
return JsonSerialization.readValue(is, TypedList.class);
} finally {
is.close();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}

62
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java vendored Normal file
View file

@ -0,0 +1,62 @@
package org.keycloak.example.oauth;
import java.io.IOException;
import java.util.Map;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.adapters.TokenGrantRequest;
import org.keycloak.servlet.ServletOAuthClient;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@WebFilter(value = "/client.jsf")
public class RefreshTokenFilter implements Filter {
public static final String OAUTH_ERROR_ATTR = "oauthErrorAttr";
@Inject
private ServletOAuthClient oauthClient;
@Inject
private UserData userData;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
Map<String, String[]> reqParams = request.getParameterMap();
if (reqParams.containsKey("code")) {
try {
String accessToken = oauthClient.getBearerToken(request);
userData.setAccessToken(accessToken);
} catch (TokenGrantRequest.HttpFailure e) {
throw new ServletException(e);
}
} else if (reqParams.containsKey("error")) {
String oauthError = reqParams.get("error")[0];
request.setAttribute(OAUTH_ERROR_ATTR, oauthError);
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}

63
examples/as7-eap-demo/third-party/src/main/java/org/keycloak/example/oauth/UserData.java vendored Normal file
View file

@ -0,0 +1,63 @@
package org.keycloak.example.oauth;
import java.io.Serializable;
import java.util.List;
import javax.enterprise.context.SessionScoped;
import javax.inject.Named;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@SessionScoped
@Named("userData")
public class UserData implements Serializable {
private String accessToken;
private List<String> products;
private List<String> customers;
public String getAccessToken() {
return accessToken;
}
public void setAccessToken(String accessToken) {
this.accessToken = accessToken;
}
public boolean isHasAccessToken() {
return accessToken != null;
}
public String getAccessTokenAvailabilityMessage() {
StringBuilder builder = new StringBuilder("Access token ");
if (!isHasAccessToken()) {
builder.append("not ");
}
return builder.append("available!").toString();
}
public List<String> getProducts() {
return products;
}
public void setProducts(List<String> products) {
this.products = products;
}
public boolean isHasProducts() {
return products != null;
}
public List<String> getCustomers() {
return customers;
}
public void setCustomers(List<String> customers) {
this.customers = customers;
}
public boolean isHasCustomers() {
return customers != null;
}
}

23
examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/beans.xml vendored Normal file
View file

@ -0,0 +1,23 @@
<!--
JBoss, Home of Professional Open Source
Copyright 2013, Red Hat, Inc. and/or its affiliates, and individual
contributors by the @authors tag. See the copyright.txt in the
distribution for a full listing of individual contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Marker file indicating CDI should be enabled -->
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
</beans>

23
examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/faces-config.xml vendored Normal file
View file

@ -0,0 +1,23 @@
<?xml version="1.0"?>
<!--
JBoss, Home of Professional Open Source
Copyright 2013, Red Hat, Inc. and/or its affiliates, and individual
contributors by the @authors tag. See the copyright.txt in the
distribution for a full listing of individual contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Marker file indicating JSF should be enabled -->
<faces-config version="2.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
</faces-config>

9
examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/keycloak.json vendored Normal file
View file

@ -0,0 +1,9 @@
{
"resource" : "third-party",
"auth-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"
}
}

3
examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/web.xml vendored
View file

@ -6,9 +6,6 @@
<module-name>oauth-client</module-name>
<listener>
<listener-class>org.keycloak.example.oauth.Bootstrap</listener-class>
</listener>
<!--
<security-constraint>
<web-resource-collection>

37
examples/as7-eap-demo/third-party/src/main/webapp/client.xhtml vendored Normal file
View file

@ -0,0 +1,37 @@
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core">
<body>
<h1>Third Party App That Pulls Data Using OAuth</h1>
<h:form>
#{userData.accessTokenAvailabilityMessage}
<br />
<h:commandButton id="retrieve_token" value="Retrieve/refresh access token" action="#{databaseClient.retrieveAccessToken}"/>
<h:commandButton id="products_request" value="Load products list" action="#{databaseClient.sendProductsRequest}"/>
<h:commandButton id="customers_request" value="Load customers list" action="#{databaseClient.sendCustomersRequest}"/>
</h:form>
<ui:fragment rendered="#{userData.hasProducts}">
<hr />
<h3>Products data available</h3>
<ui:repeat value="#{userData.products}" var="product">
#{product}<br/>
</ui:repeat>
</ui:fragment>
<ui:fragment rendered="#{userData.hasCustomers}">
<hr />
<h3>Customers data available</h3>
<ui:repeat value="#{userData.customers}" var="customer">
#{customer}<br/>
</ui:repeat>
</ui:fragment>
<div style="color: red">
#{messagesChecker.checkMessage}
<h:messages globalOnly="true"/>
</div>
</body>
</html>

7
examples/as7-eap-demo/third-party/src/main/webapp/index.html vendored
View file

@ -1,6 +1,5 @@
<html>
<body>
<h1>Third Party App That Pulls Data Using OAuth</h1>
<a href="redirect.jsp">Pull Data</a>
</body>
<head>
<meta http-equiv="Refresh" content="0; URL=client.jsf">
</head>
</html>

22
examples/as7-eap-demo/third-party/src/main/webapp/pull_data.jsp vendored
View file

@ -1,22 +0,0 @@
<%@ page import="org.keycloak.example.oauth.ProductDatabaseClient" %>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<html>
<head>
<title>Pull Page</title>
</head>
<body>
<h2>Pulled Product Listing</h2>
<%
java.util.List<String> list = ProductDatabaseClient.getProducts(request);
for (String prod : list)
{
out.print("<p>");
out.print(prod);
out.println("</p>");
}
%>
<br><br>
</body>
</html>

3
examples/as7-eap-demo/third-party/src/main/webapp/redirect.jsp vendored
View file

@ -1,3 +0,0 @@
<%@ page import="org.keycloak.example.oauth.ProductDatabaseClient" %><%
ProductDatabaseClient.redirect(request, response);
%>

54
integration/adapter-core/src/main/java/org/keycloak/adapters/config/AdapterConfigLoader.java
View file

@ -35,29 +35,8 @@ public class AdapterConfigLoader {
}
public void init() {
String truststorePath = adapterConfig.getTruststore();
if (truststorePath != null) {
truststorePath = EnvUtil.replace(truststorePath);
String truststorePassword = adapterConfig.getTruststorePassword();
truststorePath = null;
try {
this.truststore = loadKeyStore(truststorePath, truststorePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to load truststore", e);
}
}
String clientKeystore = adapterConfig.getClientKeystore();
String clientKeyPassword = null;
if (clientKeystore != null) {
clientKeystore = EnvUtil.replace(clientKeystore);
String clientKeystorePassword = adapterConfig.getClientKeystorePassword();
clientCertKeystore = null;
try {
clientCertKeystore = loadKeyStore(clientKeystore, clientKeystorePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to load keystore", e);
}
}
initTruststore();
initClientKeystore();
String realm = adapterConfig.getRealm();
if (realm == null) throw new RuntimeException("Must set 'realm' in config");
@ -81,7 +60,7 @@ public class AdapterConfigLoader {
resourceMetadata.setResourceName(resource);
resourceMetadata.setRealmKey(realmKey);
resourceMetadata.setClientKeystore(clientCertKeystore);
clientKeyPassword = adapterConfig.getClientKeyPassword();
String clientKeyPassword = adapterConfig.getClientKeyPassword();
resourceMetadata.setClientKeyPassword(clientKeyPassword);
resourceMetadata.setTruststore(this.truststore);
@ -113,4 +92,31 @@ public class AdapterConfigLoader {
throw new RuntimeException(e);
}
}
protected void initTruststore() {
String truststorePath = adapterConfig.getTruststore();
if (truststorePath != null) {
truststorePath = EnvUtil.replace(truststorePath);
String truststorePassword = adapterConfig.getTruststorePassword();
try {
this.truststore = loadKeyStore(truststorePath, truststorePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to load truststore", e);
}
}
}
protected void initClientKeystore() {
String clientKeystore = adapterConfig.getClientKeystore();
if (clientKeystore != null) {
clientKeystore = EnvUtil.replace(clientKeystore);
String clientKeystorePassword = adapterConfig.getClientKeystorePassword();
clientCertKeystore = null;
try {
clientCertKeystore = loadKeyStore(clientKeystore, clientKeystorePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to load keystore", e);
}
}
}
}

34
integration/adapter-core/src/main/java/org/keycloak/adapters/config/OAuthClientConfigLoader.java Normal file
View file

@ -0,0 +1,34 @@
package org.keycloak.adapters.config;
import java.io.InputStream;
import org.keycloak.AbstractOAuthClient;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public abstract class OAuthClientConfigLoader extends RealmConfigurationLoader {
public OAuthClientConfigLoader() {
}
public OAuthClientConfigLoader(InputStream is) {
super(is);
}
/**
* For now, configure just things supported by AbstractOAuthClient
*/
public void initOAuthClientConfiguration() {
initTruststore();
initClientKeystore();
}
public void configureOAuthClient(AbstractOAuthClient oauthClient) {
oauthClient.setClientId(adapterConfig.getResource());
oauthClient.setPassword(adapterConfig.getCredentials().get("password"));
oauthClient.setAuthUrl(adapterConfig.getAuthUrl());
oauthClient.setCodeUrl(adapterConfig.getCodeUrl());
oauthClient.setTruststore(truststore);
}
}

36
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientConfigLoader.java Normal file
View file

@ -0,0 +1,36 @@
package org.keycloak.servlet;
import java.io.InputStream;
import org.keycloak.adapters.config.OAuthClientConfigLoader;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ServletOAuthClientConfigLoader extends OAuthClientConfigLoader {
public ServletOAuthClientConfigLoader() {
}
public ServletOAuthClientConfigLoader(InputStream is) {
super(is);
}
/**
* For now, configure just things supported by ServletOAuthClient
* @param setupClient
*/
public void initOAuthClientConfiguration(boolean setupClient) {
initOAuthClientConfiguration();
if (setupClient) {
initClient();
}
}
public void configureServletOAuthClient(ServletOAuthClient oauthClient) {
configureOAuthClient(oauthClient);
if (client != null) {
oauthClient.setClient(client);
}
}
}