keycloak-uncached
Changes
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java 6(+1 -5)
adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java 2(+1 -1)
adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java 2(+1 -1)
examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java 16(+5 -11)
examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java 4(+2 -2)
examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java 4(+2 -2)
examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java 4(+2 -2)
Details
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java
index e4f4a63..7ff049a 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java
@@ -169,11 +169,7 @@ public class AdapterDeploymentContext {
public void setAuthServerBaseUrl(String authServerBaseUrl) {
this.authServerBaseUrl = authServerBaseUrl;
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
- resolveBrowserUrls(serverBuilder);
-
- if (delegate.getRelativeUrls() == RelativeUrlsUsed.ALL_REQUESTS) {
- resolveNonBrowserUrls(serverBuilder);
- }
+ resolveUrls(serverBuilder);
}
@Override
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java
index aa3b5b4..ca35970 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterUtils.java
@@ -39,34 +39,14 @@ public class AdapterUtils {
}
/**
- * Best effort to find origin for REST request calls from web UI application to REST application. In case of relative or absolute
- * "auth-server-url" is returned the URL from request. In case of "auth-server-url-for-backend-request" used in configuration, it returns
- * the origin of auth server.
- *
- * This may be the optimization in cluster, so if you have keycloak and applications on same host, the REST request doesn't need to
- * go through loadbalancer, but can be sent directly to same host.
+ * Find origin for REST request calls from web UI application to REST application (assuming the REST application
+ * is deployed on same host like current UI application)
*
* @param browserRequestURL
- * @param session
* @return
*/
- public static String getOriginForRestCalls(String browserRequestURL, KeycloakSecurityContext session) {
- if (session instanceof RefreshableKeycloakSecurityContext) {
- KeycloakDeployment deployment = ((RefreshableKeycloakSecurityContext)session).getDeployment();
- switch (deployment.getRelativeUrls()) {
- case ALL_REQUESTS:
- case NEVER:
- // Resolve baseURI from the request
- return UriUtils.getOrigin(browserRequestURL);
- case BROWSER_ONLY:
- // Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
- return UriUtils.getOrigin(deployment.getTokenUrl());
- default:
- return "";
- }
- } else {
- return UriUtils.getOrigin(browserRequestURL);
- }
+ public static String getOriginForRestCalls(String browserRequestURL) {
+ return UriUtils.getOrigin(browserRequestURL);
}
public static Set<String> getRolesFromSecurityContext(RefreshableKeycloakSecurityContext session) {
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
index ef3c5c6..cca0adf 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@@ -111,39 +111,17 @@ public class KeycloakDeployment {
public void setAuthServerBaseUrl(AdapterConfig config) {
this.authServerBaseUrl = config.getAuthServerUrl();
- String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
- if (authServerBaseUrl == null && authServerURLForBackendReqs == null) return;
+ if (authServerBaseUrl == null) return;
- URI authServerUri = null;
- if (authServerBaseUrl != null) {
- authServerUri = URI.create(authServerBaseUrl);
- }
+ URI authServerUri = URI.create(authServerBaseUrl);
- if (authServerUri == null || authServerUri.getHost() == null) {
- if (authServerURLForBackendReqs != null) {
- relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;
-
- KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
- if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) {
- throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: "
- + authServerURLForBackendReqs + ", Client: " + config.getResource());
- }
- resolveNonBrowserUrls(serverBuilder);
- } else {
- relativeUrls = RelativeUrlsUsed.ALL_REQUESTS;
- }
+ if (authServerUri.getHost() == null) {
+ relativeUrls = RelativeUrlsUsed.ALWAYS;
} else {
// We have absolute URI in config
relativeUrls = RelativeUrlsUsed.NEVER;
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
- resolveBrowserUrls(serverBuilder);
-
- if (authServerURLForBackendReqs == null) {
- resolveNonBrowserUrls(serverBuilder);
- } else {
- serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
- resolveNonBrowserUrls(serverBuilder);
- }
+ resolveUrls(serverBuilder);
}
}
@@ -152,23 +130,14 @@ public class KeycloakDeployment {
/**
* @param authUrlBuilder absolute URI
*/
- protected void resolveBrowserUrls(KeycloakUriBuilder authUrlBuilder) {
+ protected void resolveUrls(KeycloakUriBuilder authUrlBuilder) {
if (log.isDebugEnabled()) {
- log.debug("resolveBrowserUrls");
+ log.debug("resolveUrls");
}
String login = authUrlBuilder.clone().path(ServiceUrlConstants.AUTH_PATH).build(getRealm()).toString();
authUrl = KeycloakUriBuilder.fromUri(login);
realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString();
- }
-
- /**
- * @param authUrlBuilder absolute URI
- */
- protected void resolveNonBrowserUrls(KeycloakUriBuilder authUrlBuilder) {
- if (log.isDebugEnabled()) {
- log.debug("resolveNonBrowserUrls");
- }
tokenUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_PATH).build(getRealm()).toString();
logoutUrl = KeycloakUriBuilder.fromUri(authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(getRealm()).toString());
diff --git a/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java b/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
index 342f925..93d1ea7 100644
--- a/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
+++ b/adapters/oidc/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
@@ -54,7 +54,7 @@ public class KeycloakDeploymentBuilderTest {
assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret"));
assertEquals(ClientIdAndSecretCredentialsProvider.PROVIDER_ID, deployment.getClientAuthenticator().getId());
assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal());
- assertEquals("https://backend:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl());
+ assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl());
assertEquals(RelativeUrlsUsed.NEVER, deployment.getRelativeUrls());
assertTrue(deployment.isAlwaysRefreshToken());
assertTrue(deployment.isRegisterNodeAtStartup());
diff --git a/adapters/oidc/adapter-core/src/test/resources/keycloak.json b/adapters/oidc/adapter-core/src/test/resources/keycloak.json
index afa00f5..5a41841 100644
--- a/adapters/oidc/adapter-core/src/test/resources/keycloak.json
+++ b/adapters/oidc/adapter-core/src/test/resources/keycloak.json
@@ -24,7 +24,6 @@
"client-keystore": "classpath:/keystore.jks",
"client-keystore-password": "storepass",
"client-key-password": "keypass",
- "auth-server-url-for-backend-requests": "https://backend:8443/auth",
"always-refresh-token": true,
"register-node-at-startup": true,
"register-node-period": 1000,
diff --git a/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java b/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java
index ee106fa..50f1421 100644
--- a/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java
+++ b/adapters/oidc/servlet-oauth-client/src/test/java/org/keycloak/servlet/ServletOAuthClientBuilderTest.java
@@ -33,7 +33,7 @@ public class ServletOAuthClientBuilderTest {
public void testBuilder() {
ServletOAuthClient oauthClient = ServletOAuthClientBuilder.build(getClass().getResourceAsStream("/keycloak.json"));
Assert.assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/auth", oauthClient.getDeployment().getAuthUrl().clone().build().toString());
- Assert.assertEquals("https://backend:8443/auth/realms/demo/protocol/openid-connect/token", oauthClient.getDeployment().getTokenUrl());
+ Assert.assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/token", oauthClient.getDeployment().getTokenUrl());
assertEquals(RelativeUrlsUsed.NEVER, oauthClient.getRelativeUrlsUsed());
Assert.assertEquals("customer-portal", oauthClient.getClientId());
Assert.assertEquals("234234-234234-234234", oauthClient.getCredentials().get(CredentialRepresentation.SECRET));
diff --git a/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json b/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json
index d952196..090b369 100644
--- a/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json
+++ b/adapters/oidc/servlet-oauth-client/src/test/resources/keycloak.json
@@ -19,7 +19,6 @@
"connection-pool-size": 20,
"disable-trust-manager": true,
"allow-any-hostname": true,
- "auth-server-url-for-backend-requests": "https://backend:8443/auth",
"always-refresh-token": true,
"register-node-at-startup": true,
"register-node-period": 1000,
diff --git a/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java b/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java
index b07babe..61f1a0f 100644
--- a/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java
+++ b/common/src/main/java/org/keycloak/common/enums/RelativeUrlsUsed.java
@@ -25,29 +25,10 @@ public enum RelativeUrlsUsed {
/**
* Always use relative URI and resolve them later based on browser HTTP request
*/
- ALL_REQUESTS,
-
- /**
- * Use relative Uris just for browser requests and resolve those based on browser HTTP requests.
- * Backend request (like refresh token request, codeToToken request etc) will use the URI based on current hostname
- */
- BROWSER_ONLY,
+ ALWAYS,
/**
* Relative Uri not used. Configuration contains absolute URI
*/
NEVER;
-
- public boolean useRelative(boolean isBrowserReq) {
- switch (this) {
- case ALL_REQUESTS:
- return true;
- case NEVER:
- return false;
- case BROWSER_ONLY:
- return isBrowserReq;
- default:
- return true;
- }
- }
}
diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
index daf19ff..fc36078 100755
--- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
@@ -34,7 +34,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder;
"connection-pool-size",
"allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
"client-keystore", "client-keystore-password", "client-key-password",
- "auth-server-url-for-backend-requests", "always-refresh-token",
+ "always-refresh-token",
"register-node-at-startup", "register-node-period", "token-store", "principal-attribute"
})
public class AdapterConfig extends BaseAdapterConfig {
@@ -55,8 +55,6 @@ public class AdapterConfig extends BaseAdapterConfig {
protected String clientKeyPassword;
@JsonProperty("connection-pool-size")
protected int connectionPoolSize = 20;
- @JsonProperty("auth-server-url-for-backend-requests")
- protected String authServerUrlForBackendRequests;
@JsonProperty("always-refresh-token")
protected boolean alwaysRefreshToken = false;
@JsonProperty("register-node-at-startup")
@@ -134,14 +132,6 @@ public class AdapterConfig extends BaseAdapterConfig {
this.connectionPoolSize = connectionPoolSize;
}
- public String getAuthServerUrlForBackendRequests() {
- return authServerUrlForBackendRequests;
- }
-
- public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) {
- this.authServerUrlForBackendRequests = authServerUrlForBackendRequests;
- }
-
public boolean isAlwaysRefreshToken() {
return alwaysRefreshToken;
}
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml b/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml
index 8e2d662..d38fdf5 100644
--- a/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/application-clustering.xml
@@ -102,39 +102,6 @@
</para>
</section>
- <section id="relative-uri-optimization">
- <title>Relative URI optimization</title>
- <para>
- In many deployment scenarios will be Keycloak and secured applications deployed on same cluster hosts. For this case Keycloak
- already provides option to use relative URI as value of option <emphasis>auth-server-url</emphasis> in <literal>WEB-INF/keycloak.json</literal> .
- In this case, the URI of Keycloak server is resolved from the URI of current request.
- </para>
- <para>
- For example if your loadbalancer is on <emphasis>https://loadbalancer.com/myapp</emphasis> and auth-server-url is <emphasis>/auth</emphasis>,
- then relative URI of Keycloak is resolved to be <emphasis>https://loadbalancer.com/auth</emphasis> .
- </para>
- <para>
- For cluster setup, it may be even better to use option <emphasis>auth-server-url-for-backend-request</emphasis> . This allows to configure
- that backend requests between Keycloak and your application will be sent directly to same cluster host without additional
- round-trip through loadbalancer. So for this, it's good to configure values in <literal>WEB-INF/keycloak.json</literal> like this:
-<programlisting>
-<![CDATA[
-"auth-server-url": "/auth",
-"auth-server-url-for-backend-requests": "http://${jboss.host.name}:8080/auth"
-]]>
-</programlisting>
- </para>
- <para>
- This would mean that browser requests (like redirecting to Keycloak login screen) will be still resolved relatively
- to current request URI like <emphasis>https://loadbalancer.com/myapp</emphasis>, but backend (out-of-bound) requests between keycloak
- and your app are sent always to same cluster host with application .
- </para>
- <para>
- Note that additionally to network optimization,
- you may not need "https" in this case as application and keycloak are communicating directly within same cluster host.
- </para>
- </section>
-
<section id="admin-url-configuration">
<title>Admin URL configuration</title>
<para>
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml
index afce17a..69c8c8d 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@@ -96,6 +96,23 @@
<section>
<title>Version specific migration</title>
+
+ <section>
+ <title>Migrating to 1.9.2</title>
+ <simplesect>
+ <title>Adapter option auth-server-url-for-backend-requests removed</title>
+ <para>
+ We've removed the option <literal>auth-server-url-for-backend-requests</literal> as there were issues in some scenarios when it was used.
+ In more details, it was possible to access the Keycloak server from 2 different contexts (internal and external), which was
+ causing issues in token validations etc.
+ </para>
+ <para>
+ If you still want to use the optimization of network, which this option provided (avoid the application to send backchannel requests
+ through loadbalancer but send them to local Keycloak server directly) you may need to handle it at hosts configuration (DNS) level.
+ </para>
+ </simplesect>
+ </section>
+
<section>
<title>Migrating to 1.9.0</title>
<simplesect>
diff --git a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
index 022781a..11c9b04 100755
--- a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
+++ b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
@@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.constants.ServiceUrlConstants;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.common.util.HostUtils;
import org.keycloak.util.JsonSerialization;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.UriUtils;
@@ -91,7 +90,7 @@ public class AdminClient {
try {
- HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
+ HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getRequestOrigin(request) + "/auth")
.path(ServiceUrlConstants.TOKEN_PATH).build("demo"));
List <NameValuePair> formparams = new ArrayList <NameValuePair>();
formparams.add(new BasicNameValuePair("username", "admin"));
@@ -124,7 +123,7 @@ public class AdminClient {
try {
- HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
+ HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(UriUtils.getOrigin(request.getRequestURL().toString()) + "/auth")
.path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.build("demo"));
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
@@ -152,7 +151,7 @@ public class AdminClient {
HttpClient client = new DefaultHttpClient();
try {
- HttpGet get = new HttpGet(getBaseUrl(request) + "/auth/admin/realms/demo/roles");
+ HttpGet get = new HttpGet(UriUtils.getOrigin(request.getRequestURL().toString()) + "/auth/admin/realms/demo/roles");
get.addHeader("Authorization", "Bearer " + res.getToken());
try {
HttpResponse response = client.execute(get);
@@ -174,13 +173,8 @@ public class AdminClient {
}
}
- public static String getBaseUrl(HttpServletRequest request) {
- String useHostname = request.getServletContext().getInitParameter("useHostname");
- if (useHostname != null && "true".equalsIgnoreCase(useHostname)) {
- return "http://" + HostUtils.getHostName() + ":8080";
- } else {
- return UriUtils.getOrigin(request.getRequestURL().toString());
- }
+ public static String getRequestOrigin(HttpServletRequest request) {
+ return UriUtils.getOrigin(request.getRequestURL().toString());
}
}
diff --git a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml
index b494dba..fafc162 100755
--- a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml
+++ b/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml
@@ -23,9 +23,4 @@
<module-name>admin-access</module-name>
- <context-param>
- <param-name>useHostname</param-name>
- <param-value>false</param-value>
- </context-param>
-
</web-app>
diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java
index 77193e9..6816751 100755
--- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java
+++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/AdminClient.java
@@ -24,6 +24,7 @@ import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterUtils;
+import org.keycloak.common.util.UriUtils;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.util.JsonSerialization;
@@ -59,7 +60,7 @@ public class AdminClient {
HttpClient client = new DefaultHttpClient();
try {
- HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/auth/admin/realms/demo/roles");
+ HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/auth/admin/realms/demo/roles");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
index cbc46c1..e19b24d 100755
--- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
+++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
@@ -23,7 +23,7 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.adapters.AdapterUtils;
+import org.keycloak.common.util.UriUtils;
import org.keycloak.representations.IDToken;
import org.keycloak.util.JsonSerialization;
@@ -66,7 +66,7 @@ public class CustomerDatabaseClient {
HttpClient client = new DefaultHttpClient();
try {
- HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/customers");
+ HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/database/customers");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
diff --git a/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
index cbc46c1..e19b24d 100755
--- a/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
+++ b/examples/demo-template/customer-app-filter/src/main/java/org/keycloak/example/CustomerDatabaseClient.java
@@ -23,7 +23,7 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.adapters.AdapterUtils;
+import org.keycloak.common.util.UriUtils;
import org.keycloak.representations.IDToken;
import org.keycloak.util.JsonSerialization;
@@ -66,7 +66,7 @@ public class CustomerDatabaseClient {
HttpClient client = new DefaultHttpClient();
try {
- HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/customers");
+ HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/database/customers");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
diff --git a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
index c28e92e..825e568 100755
--- a/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
+++ b/examples/demo-template/product-app/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -23,7 +23,7 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.adapters.AdapterUtils;
+import org.keycloak.common.util.UriUtils;
import org.keycloak.util.JsonSerialization;
import javax.servlet.http.HttpServletRequest;
@@ -57,7 +57,7 @@ public class ProductDatabaseClient
HttpClient client = new DefaultHttpClient();
try {
- HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session) + "/database/products");
+ HttpGet get = new HttpGet(UriUtils.getOrigin(req.getRequestURL().toString()) + "/database/products");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
diff --git a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
index c380ce5..11f9559 100755
--- a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
+++ b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java
@@ -23,7 +23,6 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.servlet.ServletOAuthClient;
@@ -100,7 +99,7 @@ public class ProductDatabaseClient {
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
HttpClient client = new DefaultHttpClient();
- HttpGet get = new HttpGet(AdapterUtils.getOriginForRestCalls(request.getRequestURL().toString(), session) + "/database/products");
+ HttpGet get = new HttpGet(UriUtils.getOrigin(request.getRequestURL().toString()) + "/database/products");
get.addHeader("Authorization", "Bearer " + accessToken);
try {
HttpResponse response = client.execute(get);
@@ -119,19 +118,4 @@ public class ProductDatabaseClient {
}
}
- public static String getBaseUrl(ServletOAuthClient oAuthClient, HttpServletRequest request) {
- switch (oAuthClient.getRelativeUrlsUsed()) {
- case ALL_REQUESTS:
- // Resolve baseURI from the request
- return UriUtils.getOrigin(request.getRequestURL().toString());
- case BROWSER_ONLY:
- // Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
- return UriUtils.getOrigin(oAuthClient.getTokenUrl());
- case NEVER:
- return "";
- default:
- return "";
- }
- }
-
}
diff --git a/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java b/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java
index e37becf..d4cb130 100755
--- a/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java
+++ b/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/DatabaseClient.java
@@ -24,7 +24,7 @@ import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.adapters.AdapterUtils;
+import org.keycloak.common.util.UriUtils;
import org.keycloak.servlet.ServletOAuthClient;
import org.keycloak.util.JsonSerialization;
@@ -123,7 +123,7 @@ public class DatabaseClient {
public String getBaseUrl() {
KeycloakSecurityContext session = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
- return AdapterUtils.getOriginForRestCalls(request.getRequestURL().toString(), session);
+ return UriUtils.getOrigin(request.getRequestURL().toString());
}
}