keycloak-uncached
Changes
examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java 17(+16 -1)
examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java 17(+16 -1)
examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java 19(+18 -1)
integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java 2(+2 -0)
integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java 13(+13 -0)
integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java 4(+4 -0)
Details
diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
index 2c701b0..f94df45 100755
--- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@@ -4,6 +4,9 @@
<title>Migrating from 1.0 Alpha 1 to 1.0 Alpha 2</title>
<itemizedlist>
<listitem>
+ DB Schema has changed. We don't have any data migration utilities yet as of Alpha 2.
+ </listitem>
+ <listitem>
JBoss and Wildfly adapters are now installed via a JBoss/Wildfly subsystem. Please review the adapter
installation documentation. Edits to standalone.xml are now required.
</listitem>
diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
index abc5bf4..e4f2172 100755
--- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
+++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
@@ -23,7 +23,19 @@ public class CustomerDatabaseClient {
static class TypedList extends ArrayList<String> {
}
- public static List<String> getCustomers(HttpServletRequest req) {
+ public static class Failure extends Exception {
+ private int status;
+
+ public Failure(int status) {
+ this.status = status;
+ }
+
+ public int getStatus() {
+ return status;
+ }
+ }
+
+ public static List<String> getCustomers(HttpServletRequest req) throws Failure {
SkeletonKeySession session = (SkeletonKeySession) req.getAttribute(SkeletonKeySession.class.getName());
HttpClient client = new HttpClientBuilder()
@@ -34,6 +46,9 @@ public class CustomerDatabaseClient {
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
+ if (response.getStatusLine().getStatusCode() != 200) {
+ throw new Failure(response.getStatusLine().getStatusCode());
+ }
HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
diff --git a/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp b/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
index 7588db9..0e9ab0e 100755
--- a/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
+++ b/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
@@ -18,7 +18,15 @@ User <b><%=request.getUserPrincipal().getName()%>
</b> made this request.
<h2>Customer Listing</h2>
<%
- java.util.List<String> list = CustomerDatabaseClient.getCustomers(request);
+ java.util.List<String> list = null;
+ try {
+ list = CustomerDatabaseClient.getCustomers(request);
+ } catch (CustomerDatabaseClient.Failure failure) {
+ out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
+ "you just forgot to secure the database service?");
+ out.println("Status from database service invocation was: " + failure.getStatus());
+ return;
+ }
for (String cust : list) {
out.print("<p>");
out.print(cust);
diff --git a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
index e512597..0d529a3 100755
--- a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
+++ b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -22,7 +22,19 @@ public class ProductDatabaseClient
{
static class TypedList extends ArrayList<String> {}
- public static List<String> getProducts(HttpServletRequest req) {
+ public static class Failure extends Exception {
+ private int status;
+
+ public Failure(int status) {
+ this.status = status;
+ }
+
+ public int getStatus() {
+ return status;
+ }
+ }
+
+ public static List<String> getProducts(HttpServletRequest req) throws Failure {
SkeletonKeySession session = (SkeletonKeySession)req.getAttribute(SkeletonKeySession.class.getName());
HttpClient client = new HttpClientBuilder()
.trustStore(session.getMetadata().getTruststore())
@@ -32,6 +44,9 @@ public class ProductDatabaseClient
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
+ if (response.getStatusLine().getStatusCode() != 200) {
+ throw new Failure(response.getStatusLine().getStatusCode());
+ }
HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
diff --git a/examples/demo-template/product-app/src/main/webapp/products/view.jsp b/examples/demo-template/product-app/src/main/webapp/products/view.jsp
index f476872..8bb6281 100755
--- a/examples/demo-template/product-app/src/main/webapp/products/view.jsp
+++ b/examples/demo-template/product-app/src/main/webapp/products/view.jsp
@@ -17,8 +17,17 @@
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Product Listing</h2>
<%
-java.util.List<String> list = ProductDatabaseClient.getProducts(request);
-for (String cust : list)
+ java.util.List<String> list = null;
+ try {
+ list = ProductDatabaseClient.getProducts(request);
+ } catch (ProductDatabaseClient.Failure failure) {
+ out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
+ "you just forgot to secure the database service?");
+ out.println("Status from database service invocation was: " + failure.getStatus());
+ return;
+
+ }
+ for (String cust : list)
{
out.print("<p>");
out.print(cust);
diff --git a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
index a1983dc..be32a39 100755
--- a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
+++ b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -20,6 +20,20 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class ProductDatabaseClient {
+
+ public static class Failure extends Exception {
+ private int status;
+
+ public Failure(int status) {
+ this.status = status;
+ }
+
+ public int getStatus() {
+ return status;
+ }
+ }
+
+
public static void redirect(HttpServletRequest request, HttpServletResponse response) {
// The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listener in this project.
@@ -36,7 +50,7 @@ public class ProductDatabaseClient {
static class TypedList extends ArrayList<String> {}
- public static List<String> getProducts(HttpServletRequest request) {
+ public static List<String> getProducts(HttpServletRequest request) throws Failure {
// The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listener in this project.
// You really should come up with a better way to initialize
@@ -58,6 +72,9 @@ public class ProductDatabaseClient {
get.addHeader("Authorization", "Bearer " + token);
try {
HttpResponse response = client.execute(get);
+ if (response.getStatusLine().getStatusCode() != 200) {
+ throw new Failure(response.getStatusLine().getStatusCode());
+ }
HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
diff --git a/examples/demo-template/third-party/src/main/webapp/pull_data.jsp b/examples/demo-template/third-party/src/main/webapp/pull_data.jsp
index a64f674..0ccfbcb 100755
--- a/examples/demo-template/third-party/src/main/webapp/pull_data.jsp
+++ b/examples/demo-template/third-party/src/main/webapp/pull_data.jsp
@@ -8,8 +8,16 @@
<body>
<h2>Pulled Product Listing</h2>
<%
-java.util.List<String> list = ProductDatabaseClient.getProducts(request);
-for (String prod : list)
+ java.util.List<String> list = null;
+ try {
+ list = ProductDatabaseClient.getProducts(request);
+ } catch (ProductDatabaseClient.Failure failure) {
+ out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
+ "you just forgot to secure the database service?");
+ out.println("Status from database service invocation was: " + failure.getStatus());
+ return;
+ }
+ for (String prod : list)
{
out.print("<p>");
out.print(prod);
diff --git a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java
index e3a7c4b..483d895 100755
--- a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java
@@ -31,6 +31,7 @@ import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.jboss.ValveMetaData;
import org.jboss.metadata.web.spec.LoginConfigMetaData;
import org.keycloak.adapters.as7.KeycloakAuthenticatorValve;
+import org.keycloak.subsystem.logging.KeycloakLogger;
/**
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
@@ -93,6 +94,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
}
loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName));
+ KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
}
private void addValve(JBossWebMetaData webMetaData) {
diff --git a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
index fb45f69..8bf2033 100755
--- a/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
+++ b/integration/as7-eap-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
@@ -17,9 +17,14 @@
package org.keycloak.subsystem.logging;
import org.jboss.logging.BasicLogger;
+import org.jboss.logging.LogMessage;
import org.jboss.logging.Logger;
+import org.jboss.logging.Message;
import org.jboss.logging.MessageLogger;
+import static org.jboss.logging.Logger.Level.INFO;
+import static org.jboss.logging.Logger.Level.DEBUG;
+
/**
* This interface to be fleshed out later when error messages are fully externalized.
*
@@ -33,4 +38,12 @@ public interface KeycloakLogger extends BasicLogger {
*/
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
+ @LogMessage(level = INFO)
+ @Message(value = "Keycloak subsystem override for deployment %s")
+ void deploymentSecured(String deployment);
+
+ @LogMessage(level = DEBUG)
+ @Message(value = "Keycloak has overriden and secured deployment %s")
+ void warSecured(String deployment);
+
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
index 74c614e..9bf321a 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
@@ -94,7 +94,7 @@ public class OAuthAuthenticator {
protected String getRedirectUri(String state) {
String url = getRequestUrl();
- log.info("sending redirect uri: " + url);
+ log.infof("sending redirect uri: %s", url);
if (!isRequestSecure() && realmInfo.isSslRequired()) {
int port = sslRedirectPort();
if (port < 0) {
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java
index 9599158..59fd9aa 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java
@@ -29,6 +29,7 @@ import org.jboss.logging.Logger;
import org.jboss.metadata.javaee.spec.ParamValueMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.spec.LoginConfigMetaData;
+import org.keycloak.subsystem.logging.KeycloakLogger;
/**
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
@@ -58,6 +59,8 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
addKeycloakAuthData(phaseContext, deploymentName, service);
}
+
+ // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
}
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) {
@@ -77,6 +80,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
}
loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName));
+ KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
}
private void addJSONData(String json, WarMetaData warMetaData) {
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
old mode 100644
new mode 100755
index 61c3608..0ab14f7
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakLogger.java
@@ -16,9 +16,17 @@
*/
package org.keycloak.subsystem.logging;
+import java.util.List;
import org.jboss.logging.BasicLogger;
+import org.jboss.logging.annotations.LogMessage;
import org.jboss.logging.Logger;
+import org.jboss.logging.annotations.Message;
import org.jboss.logging.annotations.MessageLogger;
+import org.jboss.vfs.VirtualFile;
+
+import static org.jboss.logging.Logger.Level.ERROR;
+import static org.jboss.logging.Logger.Level.INFO;
+import static org.jboss.logging.Logger.Level.WARN;
/**
* This interface to be fleshed out later when error messages are fully externalized.
@@ -33,4 +41,9 @@ public interface KeycloakLogger extends BasicLogger {
*/
KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
+ @LogMessage(level = INFO)
+ @Message(value = "Keycloak subsystem override for deployment %s")
+ void deploymentSecured(String deployment);
+
+
}
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java
old mode 100644
new mode 100755
index 93b5e2c..4859f24
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/logging/KeycloakMessages.java
@@ -24,7 +24,7 @@ import org.jboss.logging.Messages;
*
* @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc.
*/
-@MessageBundle(projectCode = "TLIP")
+@MessageBundle(projectCode = "KEYCLOAK")
public interface KeycloakMessages {
/**