keycloak-uncached
Changes
integration/adapter-core/pom.xml 10(+10 -0)
integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java 2(+2 -0)
integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java 71(+71 -0)
pom.xml 6(+6 -0)
testsuite/performance-web/pom.xml 5(+5 -0)
Details
diff --git a/docbook/reference/en/en-US/modules/adapter-config.xml b/docbook/reference/en/en-US/modules/adapter-config.xml
index 979a9d5..448f6ca 100755
--- a/docbook/reference/en/en-US/modules/adapter-config.xml
+++ b/docbook/reference/en/en-US/modules/adapter-config.xml
@@ -113,6 +113,15 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>public-client</term>
+ <listitem>
+ <para>
+ If set to true, the adapter will not send credentials for the client to Keycloak.
+ The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>enable-cors</term>
<listitem>
<para>
@@ -140,7 +149,19 @@
<para>
If CORS is enabled, this sets the value of the
<literal>Access-Control-Allow-Methods</literal>
- header. This should be a JSON list of strings.
+ header. This should be a comma-separated string.
+ This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
+ responses.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>cors-allowed-headers</term>
+ <listitem>
+ <para>
+ If CORS is enabled, this sets the value of the
+ <literal>Access-Control-Allow-Headers</literal>
+ header. This should be a comma-separated string.
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
responses.
</para>
integration/adapter-core/pom.xml 10(+10 -0)
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index 4fddde8..0190268 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -15,6 +15,11 @@
<dependencies>
<dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk16</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>${jboss.logging.version}</version>
@@ -52,6 +57,11 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${keycloak.apache.httpcomponents.version}</version>
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
index 1f00b91..9c2129c 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
@@ -59,6 +59,8 @@ public class KeycloakDeploymentBuilder {
deployment.setPublicClient(adapterConfig.isPublicClient());
deployment.setUseResourceRoleMappings(adapterConfig.isUseResourceRoleMappings());
+ deployment.setExposeToken(adapterConfig.isExposeToken());
+
if (adapterConfig.isCors()) {
deployment.setCors(true);
deployment.setCorsMaxAge(adapterConfig.getCorsMaxAge());
diff --git a/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java b/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
new file mode 100644
index 0000000..71c03bd
--- /dev/null
+++ b/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
@@ -0,0 +1,71 @@
+package org.keycloak.adapters;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
+import org.bouncycastle.util.encoders.Base64;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.keycloak.enums.SslRequired;
+import org.keycloak.enums.TokenStore;
+import org.keycloak.util.PemUtils;
+
+import javax.net.ssl.SSLSocketFactory;
+import java.io.File;
+import java.io.IOException;
+import java.security.PublicKey;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class KeycloakDeploymentBuilderTest {
+
+ @Rule
+ public TemporaryFolder folder = new TemporaryFolder();
+
+ @Before
+ public void before() throws IOException {
+ File dir = folder.newFolder();
+ FileUtils.copyInputStreamToFile(getClass().getResourceAsStream("/cacerts.jks"), new File(dir, "cacerts.jks"));
+ FileUtils.copyInputStreamToFile(getClass().getResourceAsStream("/keystore.jks"), new File(dir, "keystore.jks"));
+ System.setProperty("testResources", dir.getAbsolutePath());
+ }
+
+ @After
+ public void after() {
+ System.getProperties().remove("testResources");
+ }
+
+ @Test
+ public void load() throws Exception {
+ KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getClass().getResourceAsStream("/keycloak.json"));
+ assertEquals("demo", deployment.getRealm());
+ assertEquals("customer-portal", deployment.getResourceName());
+ assertEquals(PemUtils.decodePublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"), deployment.getRealmKey());
+ assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/login", deployment.getAuthUrl().build().toString());
+ assertEquals(SslRequired.EXTERNAL, deployment.getSslRequired());
+ assertTrue(deployment.isUseResourceRoleMappings());
+ assertTrue(deployment.isCors());
+ assertEquals(1000, deployment.getCorsMaxAge());
+ assertEquals("POST, PUT, DELETE, GET", deployment.getCorsAllowedMethods());
+ assertEquals("X-Custom, X-Custom2", deployment.getCorsAllowedHeaders());
+ assertTrue(deployment.isBearerOnly());
+ assertTrue(deployment.isPublicClient());
+ assertTrue(deployment.isEnableBasicAuth());
+ assertTrue(deployment.isExposeToken());
+ assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret"));
+ assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal());
+ assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/refresh", deployment.getRefreshUrl());
+ assertTrue(deployment.isAlwaysRefreshToken());
+ assertTrue(deployment.isRegisterNodeAtStartup());
+ assertEquals(1000, deployment.getRegisterNodePeriod());
+ assertEquals(TokenStore.COOKIE, deployment.getTokenStore());
+ assertEquals("email", deployment.getPrincipalAttribute());
+ }
+
+}
diff --git a/integration/adapter-core/src/test/resources/cacerts.jks b/integration/adapter-core/src/test/resources/cacerts.jks
new file mode 100644
index 0000000..f8ae5a3
Binary files /dev/null and b/integration/adapter-core/src/test/resources/cacerts.jks differ
diff --git a/integration/adapter-core/src/test/resources/keycloak.json b/integration/adapter-core/src/test/resources/keycloak.json
new file mode 100644
index 0000000..2eb6e1f
--- /dev/null
+++ b/integration/adapter-core/src/test/resources/keycloak.json
@@ -0,0 +1,33 @@
+{
+ "realm": "demo",
+ "resource": "customer-portal",
+ "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url": "https://localhost:8443/auth",
+ "ssl-required": "external",
+ "use-resource-role-mappings": true,
+ "enable-cors": true,
+ "cors-max-age": 1000,
+ "cors-allowed-methods": "POST, PUT, DELETE, GET",
+ "cors-allowed-headers": "X-Custom, X-Custom2",
+ "bearer-only": true,
+ "public-client": true,
+ "enable-basic-auth": true,
+ "expose-token": true,
+ "credentials": {
+ "secret": "234234-234234-234234"
+ },
+ "connection-pool-size": 20,
+ "disable-trust-manager": true,
+ "allow-any-hostname": true,
+ "truststore": "${testResources}/cacerts.jks",
+ "truststore-password": "changeit",
+ "client-keystore": "${testResources}/keystore.jks",
+ "client-keystore-password": "changeit",
+ "client-key-password": "password",
+ "auth-server-url-for-backend-requests": "https://backend:8443/auth",
+ "always-refresh-token": true,
+ "register-node-at-startup": true,
+ "register-node-period": 1000,
+ "token-store": "cookie",
+ "principal-attribute": "email"
+}
\ No newline at end of file
diff --git a/integration/adapter-core/src/test/resources/keystore.jks b/integration/adapter-core/src/test/resources/keystore.jks
new file mode 100644
index 0000000..0c4e3a1
Binary files /dev/null and b/integration/adapter-core/src/test/resources/keystore.jks differ
pom.xml 6(+6 -0)
diff --git a/pom.xml b/pom.xml
index 97b5f6d..c99e0b2 100755
--- a/pom.xml
+++ b/pom.xml
@@ -304,6 +304,12 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <scope>test</scope>
+ <version>2.4</version>
+ </dependency>
+ <dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
<version>1.3</version>
testsuite/performance-web/pom.xml 5(+5 -0)
diff --git a/testsuite/performance-web/pom.xml b/testsuite/performance-web/pom.xml
index 63d0d9b..c5f0b37 100755
--- a/testsuite/performance-web/pom.xml
+++ b/testsuite/performance-web/pom.xml
@@ -89,6 +89,11 @@
<artifactId>resteasy-undertow</artifactId>
<version>${resteasy.version.latest}</version>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>org.apache.jmeter</groupId>