keycloak-memoizeit
Changes
examples/demo-template/pom.xml 1(+1 -0)
examples/demo-template/rest-resources/src/main/java/org/keycloak/example/PublicResources.java 36(+36 -0)
examples/demo-template/rest-resources/src/main/java/org/keycloak/example/ResourceApplication.java 9(+9 -0)
examples/demo-template/rest-resources/src/main/java/org/keycloak/example/SecretResources.java 33(+33 -0)
examples/demo-template/rest-resources/src/main/webapp/WEB-INF/jboss-deployment-structure.xml 9(+9 -0)
examples/demo-template/testrealm.json 10(+10 -0)
integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettyRequestAuthenticator.java 5(+5 -0)
integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java 6(+6 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java 1(+0 -1)
Details
examples/demo-template/pom.xml 1(+1 -0)
diff --git a/examples/demo-template/pom.xml b/examples/demo-template/pom.xml
index 7c33c28..d6f3c12 100755
--- a/examples/demo-template/pom.xml
+++ b/examples/demo-template/pom.xml
@@ -34,6 +34,7 @@
<module>admin-access-app</module>
<module>angular-product-app</module>
<module>database-service</module>
+ <module>rest-resources</module>
<module>third-party</module>
<module>third-party-cdi</module>
</modules>
diff --git a/examples/demo-template/rest-resources/pom.xml b/examples/demo-template/rest-resources/pom.xml
new file mode 100755
index 0000000..d27b9c0
--- /dev/null
+++ b/examples/demo-template/rest-resources/pom.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.1.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.keycloak.example.demo</groupId>
+ <artifactId>rest-resources</artifactId>
+ <packaging>war</packaging>
+ <name>Rest Resources</name>
+ <description/>
+
+ <repositories>
+ <repository>
+ <id>jboss</id>
+ <name>jboss repo</name>
+ <url>http://repository.jboss.org/nexus/content/groups/public/</url>
+ </repository>
+ </repositories>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.spec.javax.servlet</groupId>
+ <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-adapter-core</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>${keycloak.apache.httpcomponents.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <finalName>rest-resources</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.wildfly.plugins</groupId>
+ <artifactId>wildfly-maven-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>${maven.compiler.source}</source>
+ <target>${maven.compiler.target}</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/PublicResources.java b/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/PublicResources.java
new file mode 100755
index 0000000..056f1d5
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/PublicResources.java
@@ -0,0 +1,36 @@
+package org.keycloak.example;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.spi.HttpRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Request;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+@Path("public")
+public class PublicResources {
+
+ @Context
+ HttpServletRequest request;
+
+ @POST
+ @Consumes("text/plain")
+ @Produces("text/plain")
+ @NoCache
+ public String get(String text) {
+ StringBuilder result = new StringBuilder();
+ Principal userPrincipal = request.getUserPrincipal();
+ if(userPrincipal != null){
+ result.append("Hello ").append(userPrincipal.getName()).append("\r\n");
+ }
+ result.append("You said: ").append(text);
+
+ return result.toString();
+ }
+}
diff --git a/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/ResourceApplication.java b/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/ResourceApplication.java
new file mode 100755
index 0000000..ab0040c
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/ResourceApplication.java
@@ -0,0 +1,9 @@
+package org.keycloak.example;
+
+import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.core.Application;
+
+@ApplicationPath("/")
+public class ResourceApplication extends Application
+{
+}
diff --git a/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/SecretResources.java b/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/SecretResources.java
new file mode 100755
index 0000000..ee5efa9
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/java/org/keycloak/example/SecretResources.java
@@ -0,0 +1,33 @@
+package org.keycloak.example;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import java.security.Principal;
+
+@Path("secret")
+public class SecretResources {
+
+ @Context
+ HttpServletRequest request;
+
+ @POST
+ @Consumes("text/plain")
+ @Produces("text/plain")
+ @NoCache
+ public String get(String text) {
+ StringBuilder result = new StringBuilder();
+ Principal userPrincipal = request.getUserPrincipal();
+ if(userPrincipal != null){
+ result.append("Hello ").append(userPrincipal.getName()).append("\r\n");
+ }
+ result.append("You said: ").append(text);
+
+ return result.toString();
+ }
+}
diff --git a/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100755
index 0000000..9c1bac9
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,9 @@
+<jboss-deployment-structure>
+ <deployment>
+ <dependencies>
+ <!-- the Demo code uses classes in these modules. These are optional to import if you are not using
+ Apache Http Client or the HttpClientBuilder that comes with the adapter core -->
+ <module name="org.apache.httpcomponents"/>
+ </dependencies>
+ </deployment>
+</jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/keycloak.json
new file mode 100755
index 0000000..caed050
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/keycloak.json
@@ -0,0 +1,7 @@
+{
+ "realm" : "demo",
+ "resource" : "rest-resources",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url": "/auth",
+ "ssl-required" : "external"
+}
diff --git a/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000..1c619b0
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>rest-resources</module-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Public</web-resource-name>
+ <url-pattern>/public/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secure</web-resource-name>
+ <url-pattern>/secure/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!--
+ <security-constraint>
+ <web-resource-collection>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint> -->
+
+ <login-config>
+ <auth-method>KEYCLOAK</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/web.xml.unconfigured b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/web.xml.unconfigured
new file mode 100755
index 0000000..cce3b0b
--- /dev/null
+++ b/examples/demo-template/rest-resources/src/main/webapp/WEB-INF/web.xml.unconfigured
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>rest-resources</module-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Public</web-resource-name>
+ <url-pattern>/public/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secure</web-resource-name>
+ <url-pattern>/secure/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ <role-name>admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!--
+ <security-constraint>
+ <web-resource-collection>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint> -->
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
examples/demo-template/testrealm.json 10(+10 -0)
diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index da92138..a16e58e 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -148,6 +148,16 @@
"adminUrl": "/database",
"baseUrl": "/database",
"bearerOnly": true
+ },
+ {
+ "name": "rest-resources",
+ "enabled": true,
+ "publicClient": true,
+ "adminUrl": "/rest",
+ "baseUrl": "/rest",
+ "redirectUris": [
+ "/rest-resources/*"
+ ]
}
],
"oauthClients": [
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
index bd853da..05a2773 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
@@ -76,6 +76,11 @@ public abstract class RequestAuthenticator {
}
}
+ if(!isAuthenticationRequired()){
+ log.debug("NOT_ATTEMPTED: authentication is not required");
+ return AuthOutcome.NOT_ATTEMPTED;
+ }
+
if (log.isTraceEnabled()) {
log.trace("try oauth");
}
@@ -137,6 +142,7 @@ public abstract class RequestAuthenticator {
protected abstract void completeOAuthAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal);
protected abstract void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method);
protected abstract String getHttpSessionId(boolean create);
+ protected abstract boolean isAuthenticationRequired();
protected void completeAuthentication(BearerTokenRequestAuthenticator bearer, String method) {
RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
diff --git a/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettyRequestAuthenticator.java b/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettyRequestAuthenticator.java
index 0556b01..7e90aef 100755
--- a/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettyRequestAuthenticator.java
+++ b/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettyRequestAuthenticator.java
@@ -82,4 +82,9 @@ public class JettyRequestAuthenticator extends RequestAuthenticator {
}
+ @Override
+ protected boolean isAuthenticationRequired() {
+ //TODO: find out if authentication is required
+ return true;
+ }
}
diff --git a/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java b/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
index 58989ef..356c4a5 100755
--- a/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
+++ b/integration/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
@@ -90,4 +90,10 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
HttpSession session = request.getSession(create);
return session != null ? session.getId() : null;
}
+
+ @Override
+ protected boolean isAuthenticationRequired() {
+ //TODO: find out if authentication is required
+ return true;
+ }
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
index 1e49be9..9a35896 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
@@ -103,7 +103,6 @@ public abstract class AbstractUndertowKeycloakAuthMech implements Authentication
if (outcome == AuthOutcome.FAILED) {
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
-
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java
index f154ba3..26be637 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowRequestAuthenticator.java
@@ -87,4 +87,9 @@ public abstract class AbstractUndertowRequestAuthenticator extends RequestAuthen
* @return The account
*/
protected abstract KeycloakUndertowAccount createAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal);
+
+ @Override
+ protected boolean isAuthenticationRequired() {
+ return securityContext.isAuthenticationRequired();
+ }
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
index 2c7ece0..0ae5b6e 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
@@ -49,7 +49,7 @@ public class ServletKeycloakAuthMech extends AbstractUndertowKeycloakAuthMech {
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
UndertowHttpFacade facade = new UndertowHttpFacade(exchange);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
- if (!deployment.isConfigured() || !securityContext.isAuthenticationRequired()) {
+ if (!deployment.isConfigured()) {
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}