commit
f689747fd6
9 changed files with 185 additions and 11 deletions
|
@ -242,7 +242,8 @@ public abstract class OAuthRequestAuthenticator {
|
||||||
protected AuthChallenge resolveCode(String code) {
|
protected AuthChallenge resolveCode(String code) {
|
||||||
// abort if not HTTPS
|
// abort if not HTTPS
|
||||||
if (deployment.isSslRequired() && !isRequestSecure()) {
|
if (deployment.isSslRequired() && !isRequestSecure()) {
|
||||||
log.error("SSL is required");
|
|
||||||
|
log.error("Adapter requires SSL. Request: " + facade.getRequest().getURI());
|
||||||
return challenge(403);
|
return challenge(403);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -32,10 +32,6 @@ public abstract class RequestAuthenticator {
|
||||||
|
|
||||||
public AuthOutcome authenticate() {
|
public AuthOutcome authenticate() {
|
||||||
log.info("--> authenticate()");
|
log.info("--> authenticate()");
|
||||||
if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
|
|
||||||
log.warn("SSL is required to authenticate");
|
|
||||||
return AuthOutcome.FAILED;
|
|
||||||
}
|
|
||||||
BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
|
BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
|
||||||
log.info("try bearer");
|
log.info("try bearer");
|
||||||
AuthOutcome outcome = bearer.authenticate(facade);
|
AuthOutcome outcome = bearer.authenticate(facade);
|
||||||
|
@ -44,6 +40,7 @@ public abstract class RequestAuthenticator {
|
||||||
log.info("Bearer FAILED");
|
log.info("Bearer FAILED");
|
||||||
return AuthOutcome.FAILED;
|
return AuthOutcome.FAILED;
|
||||||
} else if (outcome == AuthOutcome.AUTHENTICATED) {
|
} else if (outcome == AuthOutcome.AUTHENTICATED) {
|
||||||
|
if (verifySSL()) return AuthOutcome.FAILED;
|
||||||
completeAuthentication(bearer);
|
completeAuthentication(bearer);
|
||||||
log.info("Bearer AUTHENTICATED");
|
log.info("Bearer AUTHENTICATED");
|
||||||
return AuthOutcome.AUTHENTICATED;
|
return AuthOutcome.AUTHENTICATED;
|
||||||
|
@ -55,6 +52,7 @@ public abstract class RequestAuthenticator {
|
||||||
|
|
||||||
log.info("try oauth");
|
log.info("try oauth");
|
||||||
if (isCached()) {
|
if (isCached()) {
|
||||||
|
if (verifySSL()) return AuthOutcome.FAILED;
|
||||||
log.info("AUTHENTICATED: was cached");
|
log.info("AUTHENTICATED: was cached");
|
||||||
return AuthOutcome.AUTHENTICATED;
|
return AuthOutcome.AUTHENTICATED;
|
||||||
}
|
}
|
||||||
|
@ -70,6 +68,8 @@ public abstract class RequestAuthenticator {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (verifySSL()) return AuthOutcome.FAILED;
|
||||||
|
|
||||||
completeAuthentication(oauth);
|
completeAuthentication(oauth);
|
||||||
|
|
||||||
// redirect to strip out access code and state query parameters
|
// redirect to strip out access code and state query parameters
|
||||||
|
@ -81,6 +81,14 @@ public abstract class RequestAuthenticator {
|
||||||
return AuthOutcome.AUTHENTICATED;
|
return AuthOutcome.AUTHENTICATED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected boolean verifySSL() {
|
||||||
|
if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
|
||||||
|
log.warn("SSL is required to authenticate");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
protected abstract OAuthRequestAuthenticator createOAuthAuthenticator();
|
protected abstract OAuthRequestAuthenticator createOAuthAuthenticator();
|
||||||
|
|
||||||
protected BearerTokenRequestAuthenticator createBearerTokenAuthenticator() {
|
protected BearerTokenRequestAuthenticator createBearerTokenAuthenticator() {
|
||||||
|
|
|
@ -51,12 +51,22 @@ public class ServletKeycloakAuthMech implements AuthenticationMechanism {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
|
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
|
||||||
int confidentialPort = 8443;
|
|
||||||
if (portManager != null) confidentialPort = portManager.getConfidentialPort(exchange);
|
int confidentialPort = getConfidentilPort(exchange);
|
||||||
return new ServletRequestAuthenticator(facade, deployment,
|
return new ServletRequestAuthenticator(facade, deployment,
|
||||||
confidentialPort, securityContext, exchange, userSessionManagement);
|
confidentialPort, securityContext, exchange, userSessionManagement);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected int getConfidentilPort(HttpServerExchange exchange) {
|
||||||
|
int confidentialPort = 8443;
|
||||||
|
if (exchange.getRequestScheme().equalsIgnoreCase("HTTPS")) {
|
||||||
|
confidentialPort = exchange.getHostPort();
|
||||||
|
} else if (portManager != null) {
|
||||||
|
confidentialPort = portManager.getConfidentialPort(exchange);
|
||||||
|
}
|
||||||
|
return confidentialPort;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
|
public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
|
||||||
AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
|
AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
|
||||||
|
|
|
@ -6,6 +6,7 @@ import io.undertow.server.handlers.CookieImpl;
|
||||||
import io.undertow.util.AttachmentKey;
|
import io.undertow.util.AttachmentKey;
|
||||||
import io.undertow.util.Headers;
|
import io.undertow.util.Headers;
|
||||||
import io.undertow.util.HttpString;
|
import io.undertow.util.HttpString;
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.KeycloakSecurityContext;
|
import org.keycloak.KeycloakSecurityContext;
|
||||||
import org.keycloak.adapters.AuthChallenge;
|
import org.keycloak.adapters.AuthChallenge;
|
||||||
import org.keycloak.adapters.HttpFacade;
|
import org.keycloak.adapters.HttpFacade;
|
||||||
|
@ -24,6 +25,7 @@ import java.util.Map;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UndertowHttpFacade implements HttpFacade {
|
public class UndertowHttpFacade implements HttpFacade {
|
||||||
|
private static final Logger log = Logger.getLogger(UndertowHttpFacade.class);
|
||||||
public static final AttachmentKey<KeycloakSecurityContext> KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class);
|
public static final AttachmentKey<KeycloakSecurityContext> KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class);
|
||||||
|
|
||||||
protected HttpServerExchange exchange;
|
protected HttpServerExchange exchange;
|
||||||
|
@ -41,7 +43,8 @@ public class UndertowHttpFacade implements HttpFacade {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isSecure() {
|
public boolean isSecure() {
|
||||||
return exchange.getProtocol().toString().equalsIgnoreCase("https");
|
String protocol = exchange.getRequestScheme();
|
||||||
|
return protocol.equalsIgnoreCase("https");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -24,7 +24,8 @@ public class WildflyAuthenticationMechanism extends ServletKeycloakAuthMech {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
|
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
|
||||||
|
int confidentialPort = getConfidentilPort(exchange);
|
||||||
return new WildflyRequestAuthenticator(facade, deployment,
|
return new WildflyRequestAuthenticator(facade, deployment,
|
||||||
portManager.getConfidentialPort(exchange), securityContext, exchange, userSessionManagement);
|
confidentialPort, securityContext, exchange, userSessionManagement);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
120
model/invalidation-cache/model-adapters/pom.xml
Executable file
120
model/invalidation-cache/model-adapters/pom.xml
Executable file
|
@ -0,0 +1,120 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.0-beta-2-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<artifactId>keycloak-invalidation-cache-model</artifactId>
|
||||||
|
<name>Keycloak Model JPA</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcprov-jdk16</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>net.iharder</groupId>
|
||||||
|
<artifactId>base64</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-core</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-model-api</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.hibernate.javax.persistence</groupId>
|
||||||
|
<artifactId>hibernate-jpa-2.0-api</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.hibernate</groupId>
|
||||||
|
<artifactId>hibernate-entitymanager</artifactId>
|
||||||
|
<version>${hibernate.entitymanager.version}</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.resteasy</groupId>
|
||||||
|
<artifactId>resteasy-jaxrs</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
<exclusions>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>log4j</groupId>
|
||||||
|
<artifactId>log4j</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-api</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-simple</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
</exclusions>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.h2database</groupId>
|
||||||
|
<artifactId>h2</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<source>${maven.compiler.source}</source>
|
||||||
|
<target>${maven.compiler.target}</target>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<!-- Test jar used in export-import -->
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-jar-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>package-tests-jar</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>test-jar</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-surefire-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>default-test</id>
|
||||||
|
<configuration>
|
||||||
|
<dependenciesToScan>
|
||||||
|
<dependency>org.keycloak:keycloak-model-tests</dependency>
|
||||||
|
</dependenciesToScan>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
30
model/invalidation-cache/pom.xml
Executable file
30
model/invalidation-cache/pom.xml
Executable file
|
@ -0,0 +1,30 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.0-beta-2-SNAPSHOT</version>
|
||||||
|
<relativePath>../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<name>Model Parent</name>
|
||||||
|
<description/>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<artifactId>keycloak-invalidation-cache-model-pom</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-deploy-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<skip>true</skip>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
<modules>
|
||||||
|
<module>model-adapters</module>
|
||||||
|
</modules>
|
||||||
|
</project>
|
|
@ -29,6 +29,7 @@
|
||||||
<!-- <module>picketlink</module> -->
|
<!-- <module>picketlink</module> -->
|
||||||
<module>jpa</module>
|
<module>jpa</module>
|
||||||
<module>mongo</module>
|
<module>mongo</module>
|
||||||
|
<module>invalidation-cache</module>
|
||||||
<module>tests</module>
|
<module>tests</module>
|
||||||
</modules>
|
</modules>
|
||||||
</project>
|
</project>
|
||||||
|
|
4
pom.xml
4
pom.xml
|
@ -18,7 +18,7 @@
|
||||||
<resteasy.version>2.3.7.Final</resteasy.version>
|
<resteasy.version>2.3.7.Final</resteasy.version>
|
||||||
<resteasy.version.eap.6.3>2.3.7.Final</resteasy.version.eap.6.3>
|
<resteasy.version.eap.6.3>2.3.7.Final</resteasy.version.eap.6.3>
|
||||||
<resteasy.version.latest>3.0.8.Final</resteasy.version.latest>
|
<resteasy.version.latest>3.0.8.Final</resteasy.version.latest>
|
||||||
<undertow.version>1.0.0.Final</undertow.version>
|
<undertow.version>1.0.15.Final</undertow.version>
|
||||||
<picketlink.version>2.6.0.CR2</picketlink.version>
|
<picketlink.version>2.6.0.CR2</picketlink.version>
|
||||||
<picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>
|
<picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>
|
||||||
<mongo.driver.version>2.11.3</mongo.driver.version>
|
<mongo.driver.version>2.11.3</mongo.driver.version>
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
<mysql.version>5.1.25</mysql.version>
|
<mysql.version>5.1.25</mysql.version>
|
||||||
<slf4j.version>1.5.10</slf4j.version>
|
<slf4j.version>1.5.10</slf4j.version>
|
||||||
<jboss.version>7.1.1.Final</jboss.version>
|
<jboss.version>7.1.1.Final</jboss.version>
|
||||||
<wildfly.version>8.0.0.Final</wildfly.version>
|
<wildfly.version>8.1.0.Final</wildfly.version>
|
||||||
<servlet.api.30.version>1.0.1.Final</servlet.api.30.version>
|
<servlet.api.30.version>1.0.1.Final</servlet.api.30.version>
|
||||||
<google.zxing.version>2.2</google.zxing.version>
|
<google.zxing.version>2.2</google.zxing.version>
|
||||||
<google.client.version>1.14.1-beta</google.client.version>
|
<google.client.version>1.14.1-beta</google.client.version>
|
||||||
|
|
Loading…
Reference in a new issue