libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

use resteasy 2.3.7

Browse source
This commit is contained in:
Bill Burke 2014-04-10 05:21:07 -04:00
parent cdc35d99bc
commit ecaa0d1401
38 changed files with 701 additions and 278 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core-jaxrs/pom.xml
View file

@ -19,11 +19,6 @@
<artifactId>resteasy-jaxrs</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>

5
examples/demo-template/database-service/pom.xml
View file

@ -24,11 +24,6 @@
</repositories>
<dependencies>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>

5
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
View file

@ -117,7 +117,10 @@ public class FreeMarkerLoginForms implements LoginForms {
UriBuilder uriBuilder = UriBuilder.fromUri(requestURI);
for (String k : queryParameterMap.keySet()) {
uriBuilder.replaceQueryParam(k, queryParameterMap.get(k).toArray());
Object[] objects = queryParameterMap.get(k).toArray();
if (objects.length == 1 && objects[0] == null) continue; //
uriBuilder.replaceQueryParam(k, objects);
}
if (accessCode != null) {

9
integration/jaxrs-oauth-client/pom.xml
View file

@ -14,14 +14,22 @@
<description/>
<dependencies>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<version>${resteasy.version.latest}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<version>${resteasy.version.latest}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<version>${resteasy.version.latest}</version>
<scope>provided</scope>
</dependency>
<dependency>
@ -43,6 +51,7 @@
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson-provider</artifactId>
<version>${resteasy.version.latest}</version>
<scope>provided</scope>
</dependency>
<dependency>

4
model/tests/src/test/java/org/keycloak/model/test/AuthProvidersExternalModelTest.java
View file

@ -6,9 +6,9 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.junit.Assert;
import org.junit.Before;
@ -186,7 +186,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
}
public static MultivaluedMap<String, String> createFormData(String username, String password) {
MultivaluedMap<String, String> formData = new MultivaluedHashMap<String, String>();
MultivaluedMap<String, String> formData = new MultivaluedMapImpl<String, String>();
formData.add("username", username);
formData.add(CredentialRepresentation.PASSWORD, password);
return formData;

4
model/tests/src/test/java/org/keycloak/model/test/AuthenticationManagerTest.java
View file

@ -1,5 +1,6 @@
package org.keycloak.model.test;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@ -13,7 +14,6 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import java.util.Arrays;
@ -154,7 +154,7 @@ public class AuthenticationManagerTest extends AbstractModelTest {
realm.updateCredential(user, credential);
formData = new MultivaluedHashMap<String, String>();
formData = new MultivaluedMapImpl<String, String>();
formData.add("username", "test");
formData.add(CredentialRepresentation.PASSWORD, "password");

4
pom.xml
View file

@ -13,7 +13,9 @@
<properties>
<keycloak.apache.httpcomponents.version>4.1.2</keycloak.apache.httpcomponents.version>
<resteasy.version>3.0.6.Final</resteasy.version>
<resteasy.version>2.3.7.Final</resteasy.version>
<resteasy.version.eap.6.3>2.3.7.Final</resteasy.version.eap.6.3>
<resteasy.version.latest>3.0.8.Final</resteasy.version.latest>
<undertow.version>1.0.0.Final</undertow.version>
<picketlink.version>2.6.0.CR1</picketlink.version>
<picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>

5
server/pom.xml
View file

@ -184,11 +184,6 @@
<artifactId>resteasy-multipart-provider</artifactId>
<version>${resteasy.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<version>${resteasy.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>async-http-servlet-3.0</artifactId>

15
services/pom.xml
View file

@ -93,6 +93,11 @@
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
@ -122,11 +127,6 @@
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-crypto</artifactId>
@ -147,11 +147,6 @@
<artifactId>jackson-mapper-asl</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-xc</artifactId>

48
services/src/main/java/org/keycloak/services/ForbiddenException.java Executable file
View file

@ -0,0 +1,48 @@
package org.keycloak.services;
import org.jboss.resteasy.spi.LoggableFailure;
import javax.ws.rs.core.Response;
/**
* To provide a typed exception for Forbidden (This doesn't exist in Resteasy 2.3.7)
*/
public class ForbiddenException extends LoggableFailure
{
public ForbiddenException()
{
super(403);
}
public ForbiddenException(String s)
{
super(s, 403);
}
public ForbiddenException(String s, Response response)
{
super(s, response);
}
public ForbiddenException(String s, Throwable throwable, Response response)
{
super(s, throwable, response);
}
public ForbiddenException(String s, Throwable throwable)
{
super(s, throwable, 403);
}
public ForbiddenException(Throwable throwable)
{
super(throwable, 403);
}
public ForbiddenException(Throwable throwable, Response response)
{
super(throwable, response);
}
}

2
services/src/main/java/org/keycloak/services/filters/ClientConnectionFilter.java
View file

@ -18,7 +18,6 @@ import java.io.IOException;
public class ClientConnectionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//To change body of implemented methods use File | Settings | File Templates.
}
@Override
@ -44,6 +43,5 @@ public class ClientConnectionFilter implements Filter {
@Override
public void destroy() {
//To change body of implemented methods use File | Settings | File Templates.
}
}

4
services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.managers;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -8,7 +9,6 @@ import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.representations.AccessToken;
import org.keycloak.util.Time;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import java.util.ArrayList;
import java.util.List;
@ -35,7 +35,7 @@ public class AccessCodeEntry {
protected Set<RequiredAction> requiredActions;
protected ClientModel client;
protected List<RoleModel> realmRolesRequested = new ArrayList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedHashMap<String, RoleModel>();
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedMapImpl<String, RoleModel>();
public boolean isExpired() {
return expiration != 0 && Time.currentTime() > expiration;

30
services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
View file

@ -3,6 +3,7 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.spi.UnauthorizedException;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSBuilder;
@ -15,8 +16,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderSession;
import org.keycloak.representations.AccessToken;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotAuthorizedException;
import org.jboss.resteasy.spi.BadRequestException;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.NewCookie;
@ -48,30 +48,30 @@ public class AppAuthManager extends AuthenticationManager {
}
if (!verifiedCode) {
logger.debug("unverified access code");
throw new BadRequestException();
throw new BadRequestException("unverified access code");
}
String key = input.readContentAsString();
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
logger.debug("bad access code");
throw new BadRequestException();
throw new BadRequestException("bad access code");
}
if (accessCode.isExpired()) {
logger.debug("access code expired");
throw new BadRequestException();
throw new BadRequestException("access code expired");
}
if (!accessCode.getToken().isActive()) {
logger.debug("access token expired");
throw new BadRequestException();
throw new BadRequestException("access token expired");
}
if (!accessCode.getRealm().getId().equals(realm.getId())) {
logger.debug("bad realm");
throw new BadRequestException();
throw new BadRequestException("bad realm");
}
if (!client.getClientId().equals(accessCode.getClient().getClientId())) {
logger.debug("bad client");
throw new BadRequestException();
throw new BadRequestException("bad client");
}
return createLoginCookie(realm, accessCode.getUser(), accessCode.getClient(), cookieName, uri.getRawPath(), false);
@ -140,39 +140,39 @@ public class AppAuthManager extends AuthenticationManager {
private Auth authenticateBearerToken(RealmModel realm, HttpHeaders headers) {
String tokenString;
String authHeader = headers.getHeaderString(HttpHeaders.AUTHORIZATION);
String authHeader = headers.getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
if (authHeader == null) {
return null;
} else {
String[] split = authHeader.trim().split("\\s+");
if (split == null || split.length != 2) throw new NotAuthorizedException("Bearer");
if (!split[0].equalsIgnoreCase("Bearer")) throw new NotAuthorizedException("Bearer");
if (split == null || split.length != 2) throw new UnauthorizedException("Bearer");
if (!split[0].equalsIgnoreCase("Bearer")) throw new UnauthorizedException("Bearer");
tokenString = split[1];
}
try {
AccessToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName());
if (!token.isActive()) {
throw new NotAuthorizedException("token_expired");
throw new UnauthorizedException("token_expired");
}
UserModel user = realm.getUserById(token.getSubject());
if (user == null || !user.isEnabled()) {
throw new NotAuthorizedException("invalid_user");
throw new UnauthorizedException("invalid_user");
}
ClientModel client = null;
if (token.getIssuedFor() != null) {
client = realm.findClient(token.getIssuedFor());
if (client == null || !client.isEnabled()) {
throw new NotAuthorizedException("invalid_user");
throw new UnauthorizedException("invalid_user");
}
}
return new Auth(token, user, client);
} catch (VerificationException e) {
logger.error("Failed to verify token", e);
throw new NotAuthorizedException("invalid_token");
throw new UnauthorizedException("invalid_token");
}
}

4
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -87,7 +87,7 @@ public class AuthenticationManager {
maxAge = realm.getCentralLoginLifespan();
logger.info("createLoginCookie maxAge: " + maxAge);
}
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly, true);
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly);// todo httponly , true);
return cookie;
}
@ -95,7 +95,7 @@ public class AuthenticationManager {
String path = getIdentityCookiePath(realm, uriInfo);
boolean secureOnly = !realm.isSslNotRequired();
// remember me cookie should be persistent
NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly, true);
NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
return cookie;
}

185
services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
View file

@ -1,7 +1,9 @@
package org.keycloak.services.managers;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.apache.http.client.HttpClient;
import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;
import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.adapters.AdapterConstants;
@ -14,10 +16,12 @@ import org.keycloak.representations.adapters.action.SessionStats;
import org.keycloak.representations.adapters.action.SessionStatsAction;
import org.keycloak.representations.adapters.action.UserStats;
import org.keycloak.representations.adapters.action.UserStatsAction;
import org.keycloak.services.util.HttpClientBuilder;
import org.keycloak.util.Time;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -30,44 +34,59 @@ public class ResourceAdminManager {
protected static Logger logger = Logger.getLogger(ResourceAdminManager.class);
public SessionStats getSessionStats(RealmModel realm, ApplicationModel application, boolean users) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
return getSessionStats(realm, application, users, client);
return getSessionStats(realm, application, users, executor);
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
public SessionStats getSessionStats(RealmModel realm, ApplicationModel application, boolean users, ResteasyClient client) {
public static ApacheHttpClient4Executor createExecutor() {
HttpClient client = new HttpClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
return new ApacheHttpClient4Executor(client);
}
public SessionStats getSessionStats(RealmModel realm, ApplicationModel application, boolean users, ApacheHttpClient4Executor client) {
String managementUrl = application.getManagementUrl();
if (managementUrl != null) {
SessionStatsAction adminAction = new SessionStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName());
adminAction.setListUsers(users);
String token = new TokenManager().encodeToken(realm, adminAction);
logger.info("session stats for application: {0} url: {1}", application.getName(), managementUrl);
Response response = client.target(managementUrl).path(AdapterConstants.K_GET_SESSION_STATS).request().post(Entity.text(token));
if (response.getStatus() != 200) {
logger.warn("Failed to get stats: " + response.getStatus());
return null;
ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_GET_SESSION_STATS).build().toString());
ClientResponse<SessionStats> response = null;
try {
response = request.body(MediaType.TEXT_PLAIN_TYPE, token).post(SessionStats.class);
} catch (Exception e) {
throw new RuntimeException(e);
}
SessionStats stats = response.readEntity(SessionStats.class);
// replace with username
if (users && stats.getUsers() != null) {
Map<String, UserStats> newUsers = new HashMap<String, UserStats>();
for (Map.Entry<String, UserStats> entry : stats.getUsers().entrySet()) {
UserModel user = realm.getUserById(entry.getKey());
if (user == null) continue;
newUsers.put(user.getLoginName(), entry.getValue());
try {
if (response.getStatus() != 200) {
logger.warn("Failed to get stats: " + response.getStatus());
return null;
}
stats.setUsers(newUsers);
SessionStats stats = response.getEntity();
// replace with username
if (users && stats.getUsers() != null) {
Map<String, UserStats> newUsers = new HashMap<String, UserStats>();
for (Map.Entry<String, UserStats> entry : stats.getUsers().entrySet()) {
UserModel user = realm.getUserById(entry.getKey());
if (user == null) continue;
newUsers.put(user.getLoginName(), entry.getValue());
}
stats.setUsers(newUsers);
}
return stats;
} finally {
response.releaseConnection();
}
return stats;
} else {
logger.info("no management url.");
return null;
@ -76,32 +95,41 @@ public class ResourceAdminManager {
}
public UserStats getUserStats(RealmModel realm, ApplicationModel application, UserModel user) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
return getUserStats(realm, application, user, client);
return getUserStats(realm, application, user, executor);
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
public UserStats getUserStats(RealmModel realm, ApplicationModel application, UserModel user, ResteasyClient client) {
public UserStats getUserStats(RealmModel realm, ApplicationModel application, UserModel user, ApacheHttpClient4Executor client) {
String managementUrl = application.getManagementUrl();
if (managementUrl != null) {
UserStatsAction adminAction = new UserStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName(), user.getId());
String token = new TokenManager().encodeToken(realm, adminAction);
logger.info("session stats for application: {0} url: {1}", application.getName(), managementUrl);
Response response = client.target(managementUrl).path(AdapterConstants.K_GET_USER_STATS).request().post(Entity.text(token));
if (response.getStatus() != 200) {
logger.warn("Failed to get stats: " + response.getStatus());
return null;
ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_GET_USER_STATS).build().toString());
ClientResponse<UserStats> response = null;
try {
response = request.body(MediaType.TEXT_PLAIN_TYPE, token).post(UserStats.class);
} catch (Exception e) {
throw new RuntimeException(e);
}
try {
if (response.getStatus() != 200) {
logger.warn("Failed to get stats: " + response.getStatus());
return null;
}
UserStats stats = response.getEntity();
return stats;
} finally {
response.releaseConnection();
}
UserStats stats = response.readEntity(UserStats.class);
return stats;
} else {
logger.info("no management url.");
return null;
@ -110,64 +138,67 @@ public class ResourceAdminManager {
}
public void logoutUser(RealmModel realm, UserModel user) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
// don't set user notBefore as we don't want a database hit on a user driven logout
List<ApplicationModel> resources = realm.getApplications();
logger.debug("logging out {0} resources ", resources.size());
for (ApplicationModel resource : resources) {
logoutApplication(realm, resource, user.getId(), client, 0);
logoutApplication(realm, resource, user.getId(), executor, 0);
}
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
public void logoutAll(RealmModel realm) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
realm.setNotBefore(Time.currentTime());
List<ApplicationModel> resources = realm.getApplications();
logger.debug("logging out {0} resources ", resources.size());
for (ApplicationModel resource : resources) {
logoutApplication(realm, resource, null, client, realm.getNotBefore());
logoutApplication(realm, resource, null, executor, realm.getNotBefore());
}
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
public void logoutApplication(RealmModel realm, ApplicationModel resource, String user) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
resource.setNotBefore(Time.currentTime());
logoutApplication(realm, resource, user, client, resource.getNotBefore());
logoutApplication(realm, resource, user, executor, resource.getNotBefore());
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
protected boolean logoutApplication(RealmModel realm, ApplicationModel resource, String user, ResteasyClient client, int notBefore) {
protected boolean logoutApplication(RealmModel realm, ApplicationModel resource, String user, ApacheHttpClient4Executor client, int notBefore) {
String managementUrl = resource.getManagementUrl();
if (managementUrl != null) {
LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getName(), user, notBefore);
String token = new TokenManager().encodeToken(realm, adminAction);
logger.info("logout user: {0} resource: {1} url: {2}", user, resource.getName(), managementUrl);
Response response = client.target(managementUrl).path(AdapterConstants.K_LOGOUT).request().post(Entity.text(token));
boolean success = response.getStatus() == 204;
response.close();
logger.info("logout success.");
return success;
ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_LOGOUT).build().toString());
ClientResponse response = null;
try {
response = request.body(MediaType.TEXT_PLAIN_TYPE, token).post(UserStats.class);
} catch (Exception e) {
throw new RuntimeException(e);
}
try {
boolean success = response.getStatus() == 204;
logger.info("logout success.");
return success;
} finally {
response.releaseConnection();
}
} else {
logger.info("Can't logout" + resource.getName() + " no mgmt url.");
return false;
@ -175,44 +206,50 @@ public class ResourceAdminManager {
}
public void pushRealmRevocationPolicy(RealmModel realm) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
for (ApplicationModel application : realm.getApplications()) {
pushRevocationPolicy(realm, application, realm.getNotBefore(), client);
pushRevocationPolicy(realm, application, realm.getNotBefore(), executor);
}
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
public void pushApplicationRevocationPolicy(RealmModel realm, ApplicationModel application) {
ResteasyClient client = new ResteasyClientBuilder()
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
ApacheHttpClient4Executor executor = createExecutor();
try {
pushRevocationPolicy(realm, application, application.getNotBefore(), client);
pushRevocationPolicy(realm, application, application.getNotBefore(), executor);
} finally {
client.close();
executor.getHttpClient().getConnectionManager().shutdown();
}
}
protected boolean pushRevocationPolicy(RealmModel realm, ApplicationModel resource, int notBefore, ResteasyClient client) {
protected boolean pushRevocationPolicy(RealmModel realm, ApplicationModel resource, int notBefore, ApacheHttpClient4Executor client) {
if (notBefore <= 0) return false;
String managementUrl = resource.getManagementUrl();
if (managementUrl != null) {
PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getName(), notBefore);
String token = new TokenManager().encodeToken(realm, adminAction);
logger.info("pushRevocation resource: {0} url: {1}", resource.getName(), managementUrl);
Response response = client.target(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).request().post(Entity.text(token));
boolean success = response.getStatus() == 204;
response.close();
logger.info("pushRevocation success.");
return success;
ClientRequest request = client.createRequest(UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build().toString());
ClientResponse response = null;
try {
response = request.body(MediaType.TEXT_PLAIN_TYPE, token).post();
} catch (Exception e) {
throw new RuntimeException(e);
}
try {
boolean success = response.getStatus() == 204;
logger.info("pushRevocation success.");
return success;
} finally {
response.releaseConnection();
}
} else {
logger.info("no management URL for application: " + resource.getName());
return false;

4
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -1,6 +1,7 @@
package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.keycloak.OAuthErrorException;
import org.keycloak.audit.Audit;
import org.keycloak.audit.Details;
@ -20,7 +21,6 @@ import org.keycloak.representations.IDToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.Time;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@ -186,7 +186,7 @@ public class TokenManager {
}
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user) {
return createClientAccessToken(scopeParam, realm, client, user, new LinkedList<RoleModel>(), new MultivaluedHashMap<String, RoleModel>());
return createClientAccessToken(scopeParam, realm, client, user, new LinkedList<RoleModel>(), new MultivaluedMapImpl<String, RoleModel>());
}
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {

8
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -22,6 +22,7 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.account.Account;
@ -46,6 +47,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.provider.ProviderSession;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.ModelToRepresentation;
@ -62,9 +64,7 @@ import org.keycloak.authentication.AuthProviderStatus;
import org.keycloak.authentication.AuthenticationProviderException;
import org.keycloak.authentication.AuthenticationProviderManager;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
@ -443,11 +443,11 @@ public class AccountService {
}
if (code == null) {
logger.debug("code not specified");
throw new BadRequestException();
throw new BadRequestException("code not specified");
}
if (state == null) {
logger.debug("state not specified");
throw new BadRequestException();
throw new BadRequestException("state not specified");
}
URI accountUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName());

2
services/src/main/java/org/keycloak/services/resources/Cors.java
View file

@ -66,7 +66,7 @@ public class Cors {
}
public Response build() {
String origin = request.getHttpHeaders().getHeaderString(ORIGIN);
String origin = request.getHttpHeaders().getRequestHeaders().getFirst(ORIGIN);
if (origin == null) {
return response.build();
}

17
services/src/main/java/org/keycloak/services/resources/RealmsResource.java
View file

@ -1,6 +1,8 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.audit.Audit;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
@ -14,10 +16,8 @@ import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.SocialRequestManager;
import org.keycloak.services.managers.TokenManager;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.UriBuilder;
@ -37,8 +37,10 @@ public class RealmsResource {
@Context
protected HttpHeaders headers;
/*
@Context
protected ResourceContext resourceContext;
*/
@Context
protected KeycloakSession session;
@ -68,7 +70,8 @@ public class RealmsResource {
Audit audit = new AuditManager(realm, providers, clientConnection).createAudit();
AuthenticationManager authManager = new AuthenticationManager(providers);
TokenService tokenService = new TokenService(realm, tokenManager, audit, authManager);
resourceContext.initResource(tokenService);
ResteasyProviderFactory.getInstance().injectProperties(tokenService);
//resourceContext.initResource(tokenService);
return tokenService;
}
@ -88,12 +91,13 @@ public class RealmsResource {
ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_MANAGEMENT_APP);
if (application == null || !application.isEnabled()) {
logger.debug("account management not enabled");
throw new NotFoundException();
throw new NotFoundException("account management not enabled");
}
Audit audit = new AuditManager(realm, providers, clientConnection).createAudit();
AccountService accountService = new AccountService(realm, application, tokenManager, socialRequestManager, audit);
resourceContext.initResource(accountService);
ResteasyProviderFactory.getInstance().injectProperties(accountService);
//resourceContext.initResource(accountService);
accountService.init();
return accountService;
}
@ -103,7 +107,8 @@ public class RealmsResource {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = locateRealm(name, realmManager);
PublicRealmResource realmResource = new PublicRealmResource(realm);
resourceContext.initResource(realmResource);
ResteasyProviderFactory.getInstance().injectProperties(realmResource);
//resourceContext.initResource(realmResource);
return realmResource;
}

10
services/src/main/java/org/keycloak/services/resources/SocialResource.java
View file

@ -22,6 +22,7 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.audit.Audit;
@ -59,10 +60,9 @@ import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriBuilder;
@ -90,8 +90,10 @@ public class SocialResource {
@Context
private HttpRequest request;
/*
@Context
ResourceContext resourceContext;
*/
@Context
protected KeycloakSession session;
@ -166,7 +168,7 @@ public class SocialResource {
try {
socialUser = provider.processCallback(config, callback);
} catch (SocialAccessDeniedException e) {
MultivaluedHashMap<String, String> queryParms = new MultivaluedHashMap<String, String>();
MultivaluedMap<String, String> queryParms = new MultivaluedMapImpl<String, String>();
queryParms.putSingle(OAuth2Constants.CLIENT_ID, clientId);
queryParms.putSingle(OAuth2Constants.STATE, state);
queryParms.putSingle(OAuth2Constants.SCOPE, scope);
@ -216,7 +218,7 @@ public class SocialResource {
logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getLoginName());
audit.success();
return Response.status(Status.FOUND).location(UriBuilder.fromUri(redirectUri).build()).build();
return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
}
if (user == null) {

28
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -2,8 +2,12 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.NotAcceptableException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.spi.UnauthorizedException;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.audit.Audit;
@ -26,6 +30,7 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.ClientConnection;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
@ -40,19 +45,14 @@ import org.keycloak.authentication.AuthenticationProviderManager;
import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.Time;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.NotAcceptableException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
@ -103,8 +103,10 @@ public class TokenService {
@Context
protected ProviderSession providerSession;
/*
@Context
protected ResourceContext resourceContext;
*/
private ResourceAdminManager resourceAdminManager = new ResourceAdminManager();
@ -169,17 +171,17 @@ public class TokenService {
String username = form.getFirst(AuthenticationManager.FORM_USERNAME);
if (username == null) {
audit.error(Errors.USERNAME_MISSING);
throw new NotAuthorizedException("No username");
throw new UnauthorizedException("No username");
}
audit.detail(Details.USERNAME, username);
if (!realm.isEnabled()) {
audit.error(Errors.REALM_DISABLED);
throw new NotAuthorizedException("Disabled realm");
throw new UnauthorizedException("Disabled realm");
}
if (authManager.authenticateForm(clientConnection, realm, form) != AuthenticationStatus.SUCCESS) {
audit.error(Errors.INVALID_USER_CREDENTIALS);
throw new NotAuthorizedException("Auth failed");
throw new UnauthorizedException("Auth failed");
}
UserModel user = realm.getUser(form.getFirst(AuthenticationManager.FORM_USERNAME));
@ -218,7 +220,7 @@ public class TokenService {
error.put(OAuth2Constants.ERROR, e.getError());
if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
audit.error(Errors.INVALID_TOKEN);
throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(), e);
throw new BadRequestException("OAuth Error", e, Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
AccessTokenResponse res = tokenManager.responseBuilder(realm, client, audit)
@ -318,7 +320,9 @@ public class TokenService {
@Path("auth/request/login-actions")
public RequiredActionsService getRequiredActionsService() {
RequiredActionsService service = new RequiredActionsService(realm, tokenManager, audit);
resourceContext.initResource(service);
ResteasyProviderFactory.getInstance().injectProperties(service);
//resourceContext.initResource(service);
return service;
}
@ -451,7 +455,7 @@ public class TokenService {
if (!realm.isEnabled()) {
audit.error(Errors.REALM_DISABLED);
throw new NotAuthorizedException("Realm not enabled");
throw new UnauthorizedException("Realm not enabled");
}
String code = formData.getFirst(OAuth2Constants.CODE);
@ -539,7 +543,7 @@ public class TokenService {
if (authorizationHeader != null) {
String[] usernameSecret = BasicAuthHelper.parseHeader(authorizationHeader);
if (usernameSecret == null) {
throw new NotAuthorizedException("Bad Authorization header", "Basic realm=\"" + realm.getName() + "\"");
throw new UnauthorizedException("Bad Authorization header", Response.status(401).header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"" + realm.getName() + "\"").build());
}
client_id = usernameSecret[0];
clientSecret = usernameSecret[1];

28
services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
View file

@ -5,6 +5,9 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.spi.UnauthorizedException;
import org.keycloak.OAuth2Constants;
import org.keycloak.jaxrs.JaxrsOAuthClient;
import org.keycloak.models.AdminRoles;
@ -24,12 +27,9 @@ import org.keycloak.services.resources.TokenService;
import org.keycloak.services.resources.flows.Flows;
import javax.ws.rs.GET;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.NewCookie;
@ -63,8 +63,10 @@ public class AdminService {
@Context
protected KeycloakSession session;
/*
@Context
protected ResourceContext resourceContext;
*/
@Context
protected Providers providers;
@ -157,7 +159,7 @@ public class AdminService {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = getAdminstrationRealm(realmManager);
if (realm == null)
throw new NotFoundException();
throw new NotFoundException("No realm found");
Auth auth = authManager.authenticateCookie(realm, headers);
if (auth == null) {
return Response.status(401).build();
@ -174,7 +176,7 @@ public class AdminService {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = getAdminstrationRealm(realmManager);
if (realm == null)
throw new NotFoundException();
throw new NotFoundException("No realm found");
Auth auth = authManager.authenticateCookie(realm, headers);
if (auth == null) {
logger.debug("No auth cookie");
@ -255,14 +257,15 @@ public class AdminService {
RealmManager realmManager = new RealmManager(session);
RealmModel adminRealm = getAdminstrationRealm(realmManager);
if (adminRealm == null)
throw new NotFoundException();
throw new NotFoundException("Admin realm not found");
Auth auth = authManager.authenticate(adminRealm, headers);
if (auth == null) {
throw new NotAuthorizedException("Bearer");
throw new UnauthorizedException("Bearer");
}
RealmsAdminResource adminResource = new RealmsAdminResource(auth, tokenManager);
resourceContext.initResource(adminResource);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
//resourceContext.initResource(adminResource);
return adminResource;
}
@ -271,18 +274,19 @@ public class AdminService {
RealmManager realmManager = new RealmManager(session);
RealmModel adminRealm = getAdminstrationRealm(realmManager);
if (adminRealm == null)
throw new NotFoundException();
throw new NotFoundException("Admin realm not found");
Auth auth = authManager.authenticate(adminRealm, headers);
UserModel admin = auth.getUser();
if (admin == null) {
throw new NotAuthorizedException("Bearer");
throw new UnauthorizedException("Bearer");
}
ApplicationModel adminConsole = adminRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
if (adminConsole == null) {
throw new NotFoundException();
throw new NotFoundException("Admin console application not found");
}
ServerInfoAdminResource adminResource = new ServerInfoAdminResource();
resourceContext.initResource(adminResource);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
//resourceContext.initResource(adminResource);
return adminResource;
}

4
services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
View file

@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -22,7 +23,6 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
@ -237,7 +237,7 @@ public class ApplicationResource {
auth.requireManage();
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
new ResourceAdminManager().logoutApplication(realm, application, user.getId());
}

10
services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java
View file

@ -2,6 +2,8 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -12,12 +14,10 @@ import org.keycloak.services.resources.flows.Flows;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -34,9 +34,6 @@ public class ApplicationsResource {
protected RealmModel realm;
private RealmAuth auth;
@Context
protected ResourceContext resourceContext;
@Context
protected KeycloakSession session;
@ -90,7 +87,8 @@ public class ApplicationsResource {
throw new NotFoundException("Could not find application: " + name);
}
ApplicationResource applicationResource = new ApplicationResource(realm, auth, applicationModel, session);
resourceContext.initResource(applicationResource);
ResteasyProviderFactory.getInstance().injectProperties(applicationResource);
//resourceContext.initResource(applicationResource);
return applicationResource;
}

2
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
View file

@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
@ -16,7 +17,6 @@ import org.keycloak.util.JsonSerialization;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;

12
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java
View file

@ -2,6 +2,8 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
@ -10,12 +12,10 @@ import org.keycloak.services.managers.OAuthClientManager;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -33,8 +33,11 @@ public class OAuthClientsResource {
protected KeycloakSession session;
/*
@Context
protected ResourceContext resourceContext;
*/
private RealmAuth auth;
public OAuthClientsResource(RealmModel realm, RealmAuth auth, KeycloakSession session) {
@ -81,10 +84,11 @@ public class OAuthClientsResource {
OAuthClientModel oauth = realm.getOAuthClientById(id);
if (oauth == null) {
throw new NotFoundException();
throw new NotFoundException("OAuth Client not found");
}
OAuthClientResource oAuthClientResource = new OAuthClientResource(realm, auth, oauth, session);
resourceContext.initResource(oAuthClientResource);
ResteasyProviderFactory.getInstance().injectProperties(oAuthClientResource);
//resourceContext.initResource(oAuthClientResource);
return oAuthClientResource;
}

19
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -2,6 +2,8 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.audit.AuditProvider;
import org.keycloak.audit.Event;
import org.keycloak.audit.EventQuery;
@ -18,7 +20,6 @@ import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.managers.TokenManager;
import javax.ws.rs.*;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import java.util.HashMap;
@ -35,8 +36,10 @@ public class RealmAdminResource {
protected RealmModel realm;
private TokenManager tokenManager;
/*
@Context
protected ResourceContext resourceContext;
*/
@Context
protected KeycloakSession session;
@ -55,14 +58,16 @@ public class RealmAdminResource {
@Path("applications")
public ApplicationsResource getApplications() {
ApplicationsResource applicationsResource = new ApplicationsResource(realm, auth);
resourceContext.initResource(applicationsResource);
ResteasyProviderFactory.getInstance().injectProperties(applicationsResource);
//resourceContext.initResource(applicationsResource);
return applicationsResource;
}
@Path("oauth-clients")
public OAuthClientsResource getOAuthClients() {
OAuthClientsResource oauth = new OAuthClientsResource(realm, auth, session);
resourceContext.initResource(oauth);
ResteasyProviderFactory.getInstance().injectProperties(oauth);
//resourceContext.initResource(oauth);
return oauth;
}
@ -101,21 +106,23 @@ public class RealmAdminResource {
auth.requireManage();
if (!new RealmManager(session).removeRealm(realm)) {
throw new NotFoundException();
throw new NotFoundException("Realm doesn't exist");
}
}
@Path("users")
public UsersResource users() {
UsersResource users = new UsersResource(realm, auth, tokenManager);
resourceContext.initResource(users);
ResteasyProviderFactory.getInstance().injectProperties(users);
//resourceContext.initResource(users);
return users;
}
@Path("roles-by-id")
public RoleByIdResource rolesById() {
RoleByIdResource resource = new RoleByIdResource(realm, auth);
resourceContext.initResource(resource);
ResteasyProviderFactory.getInstance().injectProperties(resource);
//resourceContext.initResource(resource);
return resource;
}

4
services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java Normal file → Executable file
View file

@ -1,9 +1,11 @@
package org.keycloak.services.resources.admin;
import org.keycloak.models.AdminRoles;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.Auth;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.WebApplicationException;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>

9
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -4,6 +4,8 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.plugins.providers.multipart.InputPart;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.util.GenericType;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
@ -11,6 +13,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
@ -18,7 +21,6 @@ import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.resources.flows.Flows;
import javax.ws.rs.*;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
@ -51,8 +53,10 @@ public class RealmsAdminResource {
noCache.setNoCache(true);
}
/*
@Context
protected ResourceContext resourceContext;
*/
@Context
protected KeycloakSession session;
@ -158,7 +162,8 @@ public class RealmsAdminResource {
RealmAuth realmAuth = new RealmAuth(auth, AdminRoles.getAdminApp(realm));
RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager);
resourceContext.initResource(adminResource);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
//resourceContext.initResource(adminResource);
return adminResource;
}

2
services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
View file

@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
@ -13,7 +14,6 @@ import org.keycloak.representations.idm.RoleRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;

6
services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@ -12,7 +13,6 @@ import org.keycloak.services.resources.flows.Flows;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
@ -41,7 +41,6 @@ public class RoleContainerResource extends RoleResource {
this.roleContainer = roleContainer;
}
@Path("")
@GET
@NoCache
@Produces("application/json")
@ -58,7 +57,6 @@ public class RoleContainerResource extends RoleResource {
return roles;
}
@Path("")
@POST
@Consumes("application/json")
public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
@ -69,7 +67,7 @@ public class RoleContainerResource extends RoleResource {
}
RoleModel role = roleContainer.addRole(rep.getName());
if (role == null) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
role.setDescription(rep.getDescription());
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();

4
services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java
View file

@ -1,12 +1,12 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import javax.ws.rs.NotFoundException;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
@ -29,7 +29,7 @@ public abstract class RoleResource {
protected void deleteRole(RoleModel role) {
if (!role.getContainer().removeRole(role)) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
}

16
services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
@ -16,7 +17,6 @@ import org.keycloak.services.managers.RealmManager;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
@ -108,7 +108,7 @@ public class ScopeMappedResource {
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRoleById(role.getId());
if (roleModel == null) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.addScopeMapping(client, roleModel);
}
@ -132,7 +132,7 @@ public class ScopeMappedResource {
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRoleById(role.getId());
if (roleModel == null) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.deleteScopeMapping(client, roleModel);
}
@ -149,7 +149,7 @@ public class ScopeMappedResource {
ApplicationModel app = realm.getApplicationByName(appName);
if (app == null) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
Set<RoleModel> mappings = app.getApplicationScopeMappings(client);
@ -169,13 +169,13 @@ public class ScopeMappedResource {
ApplicationModel app = realm.getApplicationByName(appName);
if (app == null) {
throw new NotFoundException();
throw new NotFoundException("Application not found");
}
for (RoleRepresentation role : roles) {
RoleModel roleModel = app.getRole(role.getName());
if (roleModel == null) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.addScopeMapping(client, roleModel);
}
@ -191,7 +191,7 @@ public class ScopeMappedResource {
ApplicationModel app = realm.getApplicationByName(appName);
if (app == null) {
throw new NotFoundException();
throw new NotFoundException("Application not found");
}
if (roles == null) {
@ -204,7 +204,7 @@ public class ScopeMappedResource {
for (RoleRepresentation role : roles) {
RoleModel roleModel = app.getRole(role.getName());
if (roleModel == null) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.deleteScopeMapping(client, roleModel);
}

53
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -2,6 +2,8 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
@ -27,18 +29,15 @@ import org.keycloak.services.resources.flows.Flows;
import org.keycloak.services.resources.flows.Urls;
import org.keycloak.util.Time;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@ -73,8 +72,10 @@ public class UsersResource {
@Context
protected UriInfo uriInfo;
/*
@Context
protected ResourceContext resourceContext;
*/
@Context
protected KeycloakSession session;
@ -88,7 +89,7 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
updateUserFromRep(user, rep);
}
@ -103,7 +104,7 @@ public class UsersResource {
}
UserModel user = realm.addUser(rep.getUsername());
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
updateUserFromRep(user, rep);
@ -148,7 +149,7 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
return ModelToRepresentation.toRepresentation(user);
}
@ -162,7 +163,7 @@ public class UsersResource {
auth.requireView();
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
Map<String, UserStats> stats = new HashMap<String, UserStats>();
for (ApplicationModel applicationModel : realm.getApplications()) {
@ -179,7 +180,7 @@ public class UsersResource {
auth.requireManage();
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
// set notBefore so that user will be forced to log in.
user.setNotBefore(Time.currentTime());
@ -248,7 +249,7 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
MappingsRepresentation all = new MappingsRepresentation();
@ -293,7 +294,7 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
Set<RoleModel> realmMappings = realm.getRealmRoleMappings(user);
@ -314,13 +315,13 @@ public class UsersResource {
logger.debug("** addRealmRoleMappings: {0}", roles);
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.grantRole(user, roleModel);
}
@ -337,7 +338,7 @@ public class UsersResource {
logger.debug("deleteRealmRoleMappings");
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
if (roles == null) {
@ -350,7 +351,7 @@ public class UsersResource {
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.deleteRoleMapping(user, roleModel);
}
@ -368,13 +369,13 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
ApplicationModel application = realm.getApplicationByName(appName);
if (application == null) {
throw new NotFoundException();
throw new NotFoundException("Application not found");
}
Set<RoleModel> mappings = application.getApplicationRoleMappings(user);
@ -395,19 +396,19 @@ public class UsersResource {
logger.debug("addApplicationRoleMapping");
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
ApplicationModel application = realm.getApplicationByName(appName);
if (application == null) {
throw new NotFoundException();
throw new NotFoundException("Application not found");
}
for (RoleRepresentation role : roles) {
RoleModel roleModel = application.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.grantRole(user, roleModel);
}
@ -422,13 +423,13 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
ApplicationModel application = realm.getApplicationByName(appName);
if (application == null) {
throw new NotFoundException();
throw new NotFoundException("Application not found");
}
if (roles == null) {
@ -445,7 +446,7 @@ public class UsersResource {
for (RoleRepresentation role : roles) {
RoleModel roleModel = application.getRole(role.getName());
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
throw new NotFoundException();
throw new NotFoundException("Role not found");
}
realm.deleteRoleMapping(user, roleModel);
}
@ -460,10 +461,10 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
if (pass == null || pass.getValue() == null || !CredentialRepresentation.PASSWORD.equals(pass.getType())) {
throw new BadRequestException();
throw new BadRequestException("No password provided");
}
UserCredentialModel cred = RealmManager.fromRepresentation(pass);
@ -479,7 +480,7 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
user.setTotp(false);
@ -493,7 +494,7 @@ public class UsersResource {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
throw new NotFoundException("User not found");
}
if (user.getEmail() == null) {

2
services/src/main/java/org/keycloak/services/resources/flows/SocialRedirectFlows.java Normal file → Executable file
View file

@ -46,6 +46,6 @@ public class SocialRedirectFlows {
AuthRequest authRequest = socialProvider.getAuthUrl(config);
RequestDetails socialRequest = socialRequestBuilder.putSocialAttributes(authRequest.getAttributes()).build();
socialRequestManager.addRequest(authRequest.getId(), socialRequest);
return Response.status(Response.Status.FOUND).location(authRequest.getAuthUri()).build();
return Response.status(302).location(authRequest.getAuthUri()).build();
}
}

314
services/src/main/java/org/keycloak/services/util/HttpClientBuilder.java Executable file
View file

@ -0,0 +1,314 @@
package org.keycloak.services.util;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.EnvUtil;
import org.keycloak.util.KeystoreUtil;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
/**
* Abstraction for creating HttpClients. Allows SSL configuration.
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class HttpClientBuilder {
public static enum HostnameVerificationPolicy {
/**
* Hostname verification is not done on the server's certificate
*/
ANY,
/**
* Allows wildcards in subdomain names i.e. *.foo.com
*/
WILDCARD,
/**
* CN must match hostname connecting to
*/
STRICT
}
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
private static class PassthroughTrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
protected KeyStore truststore;
protected KeyStore clientKeyStore;
protected String clientPrivateKeyPassword;
protected boolean disableTrustManager;
protected HostnameVerificationPolicy policy = HostnameVerificationPolicy.WILDCARD;
protected SSLContext sslContext;
protected int connectionPoolSize = 100;
protected int maxPooledPerRoute = 0;
protected long connectionTTL = -1;
protected TimeUnit connectionTTLUnit = TimeUnit.MILLISECONDS;
protected HostnameVerifier verifier = null;
protected long socketTimeout = -1;
protected TimeUnit socketTimeoutUnits = TimeUnit.MILLISECONDS;
protected long establishConnectionTimeout = -1;
protected TimeUnit establishConnectionTimeoutUnits = TimeUnit.MILLISECONDS;
/**
* Socket inactivity timeout
*
* @param timeout
* @param unit
* @return
*/
public HttpClientBuilder socketTimeout(long timeout, TimeUnit unit)
{
this.socketTimeout = timeout;
this.socketTimeoutUnits = unit;
return this;
}
/**
* When trying to make an initial socket connection, what is the timeout?
*
* @param timeout
* @param unit
* @return
*/
public HttpClientBuilder establishConnectionTimeout(long timeout, TimeUnit unit)
{
this.establishConnectionTimeout = timeout;
this.establishConnectionTimeoutUnits = unit;
return this;
}
public HttpClientBuilder connectionTTL(long ttl, TimeUnit unit) {
this.connectionTTL = ttl;
this.connectionTTLUnit = unit;
return this;
}
public HttpClientBuilder maxPooledPerRoute(int maxPooledPerRoute) {
this.maxPooledPerRoute = maxPooledPerRoute;
return this;
}
public HttpClientBuilder connectionPoolSize(int connectionPoolSize) {
this.connectionPoolSize = connectionPoolSize;
return this;
}
/**
* Disable trust management and hostname verification. <i>NOTE</i> this is a security
* hole, so only set this option if you cannot or do not want to verify the identity of the
* host you are communicating with.
*/
public HttpClientBuilder disableTrustManager() {
this.disableTrustManager = true;
return this;
}
/**
* SSL policy used to verify hostnames
*
* @param policy
* @return
*/
public HttpClientBuilder hostnameVerification(HostnameVerificationPolicy policy) {
this.policy = policy;
return this;
}
public HttpClientBuilder sslContext(SSLContext sslContext) {
this.sslContext = sslContext;
return this;
}
public HttpClientBuilder trustStore(KeyStore truststore) {
this.truststore = truststore;
return this;
}
public HttpClientBuilder keyStore(KeyStore keyStore, String password) {
this.clientKeyStore = keyStore;
this.clientPrivateKeyPassword = password;
return this;
}
public HttpClientBuilder keyStore(KeyStore keyStore, char[] password) {
this.clientKeyStore = keyStore;
this.clientPrivateKeyPassword = new String(password);
return this;
}
static class VerifierWrapper implements X509HostnameVerifier {
protected HostnameVerifier verifier;
VerifierWrapper(HostnameVerifier verifier) {
this.verifier = verifier;
}
@Override
public void verify(String host, SSLSocket ssl) throws IOException {
if (!verifier.verify(host, ssl.getSession())) throw new SSLException("Hostname verification failure");
}
@Override
public void verify(String host, X509Certificate cert) throws SSLException {
throw new SSLException("This verification path not implemented");
}
@Override
public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {
throw new SSLException("This verification path not implemented");
}
@Override
public boolean verify(String s, SSLSession sslSession) {
return verifier.verify(s, sslSession);
}
}
public HttpClient build() {
X509HostnameVerifier verifier = null;
if (this.verifier != null) verifier = new VerifierWrapper(this.verifier);
else {
switch (policy) {
case ANY:
verifier = new AllowAllHostnameVerifier();
break;
case WILDCARD:
verifier = new BrowserCompatHostnameVerifier();
break;
case STRICT:
verifier = new StrictHostnameVerifier();
break;
}
}
try {
SSLSocketFactory sslsf = null;
SSLContext theContext = sslContext;
if (disableTrustManager) {
theContext = SSLContext.getInstance("SSL");
theContext.init(null, new TrustManager[]{new PassthroughTrustManager()},
new SecureRandom());
verifier = new AllowAllHostnameVerifier();
sslsf = new SSLSocketFactory(theContext, verifier);
} else if (theContext != null) {
sslsf = new SSLSocketFactory(theContext, verifier);
} else if (clientKeyStore != null || truststore != null) {
sslsf = new SSLSocketFactory(SSLSocketFactory.TLS, clientKeyStore, clientPrivateKeyPassword, truststore, null, verifier);
} else {
final SSLContext tlsContext = SSLContext.getInstance(SSLSocketFactory.TLS);
tlsContext.init(null, null, null);
sslsf = new SSLSocketFactory(tlsContext, verifier);
}
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
Scheme httpsScheme = new Scheme("https", 443, sslsf);
registry.register(httpsScheme);
ClientConnectionManager cm = null;
if (connectionPoolSize > 0) {
ThreadSafeClientConnManager tcm = new ThreadSafeClientConnManager(registry, connectionTTL, connectionTTLUnit);
tcm.setMaxTotal(connectionPoolSize);
if (maxPooledPerRoute == 0) maxPooledPerRoute = connectionPoolSize;
tcm.setDefaultMaxPerRoute(maxPooledPerRoute);
cm = tcm;
} else {
cm = new SingleClientConnManager(registry);
}
BasicHttpParams params = new BasicHttpParams();
if (socketTimeout > -1)
{
HttpConnectionParams.setSoTimeout(params, (int) socketTimeoutUnits.toMillis(socketTimeout));
}
if (establishConnectionTimeout > -1)
{
HttpConnectionParams.setConnectionTimeout(params, (int)establishConnectionTimeoutUnits.toMillis(establishConnectionTimeout));
}
return new DefaultHttpClient(cm, params);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public HttpClient build(AdapterConfig adapterConfig) {
String truststorePath = adapterConfig.getTruststore();
if (truststorePath != null) {
truststorePath = EnvUtil.replace(truststorePath);
String truststorePassword = adapterConfig.getTruststorePassword();
try {
this.truststore = KeystoreUtil.loadKeyStore(truststorePath, truststorePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to load truststore", e);
}
}
String clientKeystore = adapterConfig.getClientKeystore();
if (clientKeystore != null) {
clientKeystore = EnvUtil.replace(clientKeystore);
String clientKeystorePassword = adapterConfig.getClientKeystorePassword();
try {
KeyStore clientCertKeystore = KeystoreUtil.loadKeyStore(clientKeystore, clientKeystorePassword);
keyStore(clientCertKeystore, clientKeystorePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to load keystore", e);
}
}
int size = 10;
if (adapterConfig.getConnectionPoolSize() > 0)
size = adapterConfig.getConnectionPoolSize();
HttpClientBuilder.HostnameVerificationPolicy policy = HttpClientBuilder.HostnameVerificationPolicy.WILDCARD;
if (adapterConfig.isAllowAnyHostname())
policy = HttpClientBuilder.HostnameVerificationPolicy.ANY;
connectionPoolSize(size);
hostnameVerification(policy);
if (adapterConfig.isDisableTrustManager()) {
disableTrustManager();
} else {
trustStore(truststore);
}
return build();
}
}

91
testsuite/integration/pom.xml
View file

@ -28,6 +28,55 @@
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.1_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<version>${resteasy.version.latest}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-crypto</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson-provider</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-undertow</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
@ -211,48 +260,6 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-crypto</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-undertow</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>

5
testsuite/performance/pom.xml
View file

@ -54,11 +54,6 @@
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.jmeter</groupId>
<artifactId>ApacheJMeter_java</artifactId>