keycloak-uncached
Changes
examples/as7-eap-demo/customer-app/pom.xml 79(+79 -0)
examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java 36(+36 -0)
examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml 11(+11 -0)
examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java 26(+26 -0)
examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java 13(+13 -0)
examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java 26(+26 -0)
examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml 9(+9 -0)
examples/as7-eap-demo/product-app/pom.xml 79(+79 -0)
examples/pom.xml 22(+22 -0)
integration/as7-eap6/adapter/pom.xml 6(+4 -2)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java 2(+1 -1)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java 10(+10 -0)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java 2(+1 -1)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java 1(+1 -0)
Details
examples/as7-eap-demo/customer-app/pom.xml 79(+79 -0)
diff --git a/examples/as7-eap-demo/customer-app/pom.xml b/examples/as7-eap-demo/customer-app/pom.xml
new file mode 100755
index 0000000..acd75e4
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/pom.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-alpha-1</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.keycloak.example.as7.demo</groupId>
+ <artifactId>customer-portal-example</artifactId>
+ <packaging>war</packaging>
+ <name>Customer Portal - Secured via Valve</name>
+ <description/>
+
+ <repositories>
+ <repository>
+ <id>jboss</id>
+ <name>jboss repo</name>
+ <url>http://repository.jboss.org/nexus/content/groups/public/</url>
+ </repository>
+ </repositories>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-adapter</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <finalName>customer-portal</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
+ <version>7.4.Final</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java b/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java
new file mode 100755
index 0000000..a50ccac
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java
@@ -0,0 +1,36 @@
+package org.jboss.resteasy.example.oauth;
+
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
+import org.keycloak.SkeletonKeySession;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.GenericType;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class CustomerDatabaseClient
+{
+ public static List<String> getCustomers(HttpServletRequest request)
+ {
+ SkeletonKeySession session = (SkeletonKeySession)request.getAttribute(SkeletonKeySession.class.getName());
+ ResteasyClient client = new ResteasyClientBuilder()
+ .trustStore(session.getMetadata().getTruststore())
+ .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build();
+ try
+ {
+ Response response = client.target("http://localhost:8080/database/customers").request()
+ .header(HttpHeaders.AUTHORIZATION, "Bearer " + session.getToken()).get();
+ return response.readEntity(new GenericType<List<String>>(){});
+ }
+ finally
+ {
+ client.close();
+ }
+ }
+}
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp
new file mode 100644
index 0000000..e132e37
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp
@@ -0,0 +1,11 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<html>
+<head>
+ <title>Customer Admin Iterface</title>
+</head>
+<body bgcolor="#E3F6CE">
+<h1>Customer Admin Interface</h1>
+User <b><%=request.getUserPrincipal().getName()%></b> made this request.
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
new file mode 100644
index 0000000..f6bd0c5
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
@@ -0,0 +1,23 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<html>
+<head>
+ <title>Customer View Page</title>
+</head>
+<body bgcolor="#E3F6CE">
+<p>Goto: <a href="https://localhost:8443/product-portal">products</a> | <a href="https://localhost:8443/auth-server/j_oauth_logout">logout</a></p>
+User <b><%=request.getUserPrincipal().getName()%></b> made this request.
+<h2>Customer Listing</h2>
+<%
+java.util.List<String> list = org.jboss.resteasy.example.oauth.CustomerDatabaseClient.getCustomers(request);
+for (String cust : list)
+{
+ out.print("<p>");
+ out.print(cust);
+ out.println("</p>");
+
+}
+%>
+<br><br>
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/index.html b/examples/as7-eap-demo/customer-app/src/main/webapp/index.html
new file mode 100644
index 0000000..7b164df
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title></title>
+</head>
+<body bgcolor="#E3F6CE">
+<h1>Customer Portal</h1>
+
+<p><a href="customers/view.jsp">Customer Listing</a></p>
+<p><a href="admin/admin.html">Customer Admin Interface</a></p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100755
index 0000000..1469973
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,11 @@
+<jboss-deployment-structure>
+ <deployment>
+ <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
+ <dependencies>
+ <module name="org.bouncycastle"/>
+ <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
+ <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
+ <module name="org.jboss.resteasy.jose-jwt" />
+ </dependencies>
+ </deployment>
+</jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
new file mode 100755
index 0000000..3cec19c
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
@@ -0,0 +1,5 @@
+<jboss-web>
+ <valve>
+ <class-name>org.keycloak.adapters.as7.OAuthManagedResourceValve</class-name>
+ </valve>
+</jboss-web>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json
new file mode 100755
index 0000000..3e228f1
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json
@@ -0,0 +1,8 @@
+{
+ "realm-url" : "http://localhost:8080/auth-server/rest/realms/demo",
+ "ssl-not-required" : true,
+ "client-id" : "customer-portal",
+ "client-credentials" : {
+ "password" : "password"
+ }
+}
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000..b25af94
--- /dev/null
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admins</web-resource-name>
+ <url-pattern>/admin/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Customers</web-resource-name>
+ <url-pattern>/customers/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!--
+ <security-constraint>
+ <web-resource-collection>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint> -->
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>commerce</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/examples/as7-eap-demo/database-service/pom.xml b/examples/as7-eap-demo/database-service/pom.xml
new file mode 100755
index 0000000..c202657
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/pom.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-alpha-1</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.keycloak.example.as7.demo</groupId>
+ <artifactId>database-service</artifactId>
+ <packaging>war</packaging>
+ <name>JAX-RS Database Service Using OAuth Bearer Tokens</name>
+ <description/>
+ <url>http://maven.apache.org</url>
+
+ <repositories>
+ <repository>
+ <id>jboss</id>
+ <name>jboss repo</name>
+ <url>http://repository.jboss.org/nexus/content/groups/public/</url>
+ </repository>
+ </repositories>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-adapter</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <finalName>database</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
+ <version>7.4.Final</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java
new file mode 100644
index 0000000..c6a0efc
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java
@@ -0,0 +1,26 @@
+package org.jboss.resteasy.example.oauth;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+@Path("customers")
+public class CustomerService
+{
+ @GET
+ @Produces("application/json")
+ public List<String> getCustomers()
+ {
+ ArrayList<String> rtn = new ArrayList<String>();
+ rtn.add("Bill Burke");
+ rtn.add("Ron Sigal");
+ rtn.add("Weinan Li");
+ return rtn;
+ }
+}
diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java
new file mode 100644
index 0000000..673ad16
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java
@@ -0,0 +1,13 @@
+package org.jboss.resteasy.example.oauth;
+
+import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.core.Application;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+@ApplicationPath("/")
+public class DataApplication extends Application
+{
+}
diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java
new file mode 100644
index 0000000..8515dfe
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java
@@ -0,0 +1,26 @@
+package org.jboss.resteasy.example.oauth;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+@Path("products")
+public class ProductService
+{
+ @GET
+ @Produces("application/json")
+ public List<String> getProducts()
+ {
+ ArrayList<String> rtn = new ArrayList<String>();
+ rtn.add("iphone");
+ rtn.add("ipad");
+ rtn.add("ipod");
+ return rtn;
+ }
+}
diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100755
index 0000000..f1f1ffa
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,9 @@
+<jboss-deployment-structure>
+ <deployment>
+ <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
+ <dependencies>
+ <module name="org.bouncycastle"/>
+ <module name="org.jboss.resteasy.jose-jwt" />
+ </dependencies>
+ </deployment>
+</jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml
new file mode 100755
index 0000000..d1ca393
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml
@@ -0,0 +1,5 @@
+<jboss-web>
+ <valve>
+ <class-name>org.keycloak.adapters.as7.BearerTokenAuthenticatorValve</class-name>
+ </valve>
+</jboss-web>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json
new file mode 100755
index 0000000..df69f01
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json
@@ -0,0 +1,3 @@
+{
+ "realm-url" : "http://localhost:8080/auth-server/rest/realms/demo"
+}
diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000..c19ce80
--- /dev/null
+++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+ <security-constraint>
+ <web-resource-collection>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+<!-- <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint> -->
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>commerce</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
examples/as7-eap-demo/product-app/pom.xml 79(+79 -0)
diff --git a/examples/as7-eap-demo/product-app/pom.xml b/examples/as7-eap-demo/product-app/pom.xml
new file mode 100755
index 0000000..07ea37a
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/pom.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-alpha-1</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.keycloak.example.as7.demo</groupId>
+ <artifactId>product-portal-example</artifactId>
+ <packaging>war</packaging>
+ <name>Product Portal - Secured via Valve</name>
+ <description/>
+
+ <repositories>
+ <repository>
+ <id>jboss</id>
+ <name>jboss repo</name>
+ <url>http://repository.jboss.org/nexus/content/groups/public/</url>
+ </repository>
+ </repositories>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-adapter</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <finalName>product-portal</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
+ <version>7.4.Final</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp
new file mode 100644
index 0000000..b6448d7
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp
@@ -0,0 +1,11 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<html>
+<head>
+ <title>Product Admin Interface</title>
+</head>
+<body bgcolor="#F5F6CE">
+<h1>Product Admin Interface</h1>
+User <b><%=request.getUserPrincipal().getName()%></b> made this request.
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/index.html b/examples/as7-eap-demo/product-app/src/main/webapp/index.html
new file mode 100644
index 0000000..e30ebc5
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title></title>
+</head>
+<body bgcolor="#F5F6CE">
+<h1>Product Portal</h1>
+
+<p><a href="products/view.jsp">Product Listing</a></p>
+<p><a href="admin/admin.html">Admin Interface</a></p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
new file mode 100644
index 0000000..5a9a641
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
@@ -0,0 +1,23 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+ pageEncoding="ISO-8859-1"%>
+<html>
+<head>
+ <title>Product View Page</title>
+</head>
+<body bgcolor="#F5F6CE">
+<p>Goto: <a href="https://localhost:8443/customer-portal">customers</a> | <a href="https://localhost:8443/auth-server/j_oauth_logout">logout</a></p>
+User <b><%=request.getUserPrincipal().getName()%></b> made this request.
+<h2>Product Listing</h2>
+<%
+java.util.List<String> list = org.jboss.resteasy.example.oauth.ProductDatabaseClient.getProducts(request);
+for (String cust : list)
+{
+ out.print("<p>");
+ out.print(cust);
+ out.println("</p>");
+
+}
+%>
+<br><br>
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100755
index 0000000..1469973
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,11 @@
+<jboss-deployment-structure>
+ <deployment>
+ <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
+ <dependencies>
+ <module name="org.bouncycastle"/>
+ <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
+ <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
+ <module name="org.jboss.resteasy.jose-jwt" />
+ </dependencies>
+ </deployment>
+</jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml
new file mode 100755
index 0000000..3cec19c
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml
@@ -0,0 +1,5 @@
+<jboss-web>
+ <valve>
+ <class-name>org.keycloak.adapters.as7.OAuthManagedResourceValve</class-name>
+ </valve>
+</jboss-web>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json
new file mode 100755
index 0000000..8e53810
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json
@@ -0,0 +1,8 @@
+{
+ "realm-url" : "http://localhost:8080/auth-server/rest/realms/demo",
+ "ssl-not-required" : true,
+ "client-id" : "product-portal",
+ "client-credentials" : {
+ "password" : "password"
+ }
+}
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000..c9bc655
--- /dev/null
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admins</web-resource-name>
+ <url-pattern>/admin/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Products</web-resource-name>
+ <url-pattern>/products/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+<!--
+ <security-constraint>
+ <web-resource-collection>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ -->
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>commerce</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json
index 40e0fd3..5b913e8 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json
@@ -12,90 +12,47 @@
],
"users" : [
{
- "username" : "wburke",
+ "username" : "bburke@redhat.com",
"enabled" : true,
"attributes" : {
"email" : "bburke@redhat.com"
},
"credentials" : [
{ "type" : "Password",
- "value" : "userpassword" }
+ "value" : "password" }
]
},
{
- "username" : "loginclient",
+ "username" : "customer-portal",
"enabled" : true,
"credentials" : [
{ "type" : "Password",
- "value" : "clientpassword" }
+ "value" : "password" }
]
},
{
- "username" : "admin",
+ "username" : "product-portal",
"enabled" : true,
"credentials" : [
{ "type" : "Password",
- "value" : "adminpassword" }
- ]
- },
- {
- "username" : "oauthclient",
- "enabled" : true,
- "credentials" : [
- { "type" : "Password",
- "value" : "clientpassword" }
+ "value" : "password" }
]
}
],
"roleMappings" : [
{
- "username" : "admin",
- "roles" : ["admin"]
+ "username" : "bburke@redhat.com",
+ "roles" : ["user"]
}
],
"scopeMappings" : [
{
- "username" : "loginclient",
+ "username" : "customer-portal",
"roles" : ["*"]
- }
- ],
- "resources" : [
- {
- "name" : "Application",
- "roles" : ["admin", "user"],
- "roleMappings" : [
- {
- "username" : "wburke",
- "roles" : ["user"]
- },
- {
- "username" : "admin",
- "roles" : ["admin"]
- }
- ],
- "scopeMappings" : [
- {
- "username" : "oauthclient",
- "roles" : ["user"]
- }
- ]
},
- {
- "name" : "OtherApp",
- "roles" : ["admin", "user"],
- "roleMappings" : [
- {
- "username" : "wburke",
- "roles" : ["user"]
- },
- {
- "username" : "admin",
- "roles" : ["admin"]
- }
- ]
- }
-
+ {
+ "username" : "product-portal",
+ "roles" : ["*"]
+ }
]
-
-
}
\ No newline at end of file
examples/pom.xml 22(+22 -0)
diff --git a/examples/pom.xml b/examples/pom.xml
index 5e5a46f..1fb476f 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -14,7 +14,29 @@
<artifactId>examples-pom</artifactId>
<packaging>pom</packaging>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
+ <version>7.1.1.Final</version>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
<modules>
<module>as7-eap-demo/server</module>
+ <module>as7-eap-demo/customer-app</module>
+ <module>as7-eap-demo/product-app</module>
+ <module>as7-eap-demo/database-service</module>
</modules>
</project>
integration/as7-eap6/adapter/pom.xml 6(+4 -2)
diff --git a/integration/as7-eap6/adapter/pom.xml b/integration/as7-eap6/adapter/pom.xml
index b4ad78f..69c4ff1 100755
--- a/integration/as7-eap6/adapter/pom.xml
+++ b/integration/as7-eap6/adapter/pom.xml
@@ -28,12 +28,13 @@
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jose-jwt</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
- <scope>provided</scope>
<version>1.0.0.Final</version>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
@@ -56,12 +57,13 @@
<groupId>org.jboss.as</groupId>
<artifactId>jboss-as-web</artifactId>
<version>7.1.2.Final</version>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.picketbox</groupId>
<artifactId>picketbox</artifactId>
- <scope>provided</scope>
<version>4.0.7.Final</version>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
index 2fc961d..b87ed0b 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
@@ -46,9 +46,9 @@ public class BearerTokenAuthenticatorValve extends AuthenticatorBase implements
protected void init() {
ManagedResourceConfigLoader managedResourceConfigLoader = new ManagedResourceConfigLoader(context);
- resourceMetadata = managedResourceConfigLoader.getResourceMetadata();
remoteSkeletonKeyConfig = managedResourceConfigLoader.getRemoteSkeletonKeyConfig();
managedResourceConfigLoader.init(false);
+ resourceMetadata = managedResourceConfigLoader.getResourceMetadata();
}
@Override
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java
index 140a692..756950c 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java
@@ -27,6 +27,8 @@ public class ManagedResourceConfig {
@JsonProperty("code-url")
protected String codeUrl;
+ @JsonProperty("ssl-not-required")
+ protected boolean sslNotRequired;
@JsonProperty("allow-any-hostname")
protected boolean allowAnyHostname;
@JsonProperty("disable-trust-manager")
@@ -50,6 +52,14 @@ public class ManagedResourceConfig {
@JsonProperty("cancel-propagation")
protected boolean cancelPropagation;
+ public boolean isSslNotRequired() {
+ return sslNotRequired;
+ }
+
+ public void setSslNotRequired(boolean sslNotRequired) {
+ this.sslNotRequired = sslNotRequired;
+ }
+
public String getRealmUrl() {
return realmUrl;
}
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java
index d40dd88..1856cf6 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java
@@ -82,7 +82,6 @@ public class ManagedResourceConfigLoader {
initClient();
- String realm = remoteSkeletonKeyConfig.getRealm();
if (remoteSkeletonKeyConfig.getRealmUrl() != null) {
PublishedRealmRepresentation rep = null;
@@ -100,6 +99,7 @@ public class ManagedResourceConfigLoader {
remoteSkeletonKeyConfig.setAdminRole(rep.getAdminRole());
}
+ String realm = remoteSkeletonKeyConfig.getRealm();
String resource = remoteSkeletonKeyConfig.getResource();
if (realm == null) throw new RuntimeException("Must set 'realm' in config");
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java
index 77922a2..6c1385c 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java
@@ -82,6 +82,7 @@ public class OAuthManagedResourceValve extends FormAuthenticator implements Life
}
realmConfiguration.setMetadata(resourceMetadata);
realmConfiguration.setClientId(client_id);
+ realmConfiguration.setSslRequired(!remoteSkeletonKeyConfig.isSslNotRequired());
for (Map.Entry<String, String> entry : managedResourceConfigLoader.getRemoteSkeletonKeyConfig().getClientCredentials().entrySet()) {
realmConfiguration.getCredentials().param(entry.getKey(), entry.getValue());
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
index e3db0e3..8e177a8 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
@@ -7,6 +7,7 @@ import org.keycloak.RealmConfiguration;
import org.keycloak.VerificationException;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.SkeletonKeyToken;
+import org.keycloak.representations.idm.RequiredCredentialRepresentation;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@@ -77,6 +78,7 @@ public class ServletOAuthLogin {
protected void sendRedirect(String url) {
try {
+ log.info("Sending redirect to: " + url);
response.sendRedirect(url);
} catch (IOException e) {
throw new RuntimeException(e);
@@ -223,18 +225,26 @@ public class ServletOAuthLogin {
String client_id = realmInfo.getClientId();
String password = realmInfo.getCredentials().asMap().getFirst("password");
- String authHeader = BasicAuthHelper.createHeader(client_id, password);
+ //String authHeader = BasicAuthHelper.createHeader(client_id, password);
String redirectUri = stripOauthParametersFromRedirect();
Form form = new Form();
form.param("grant_type", "authorization_code")
.param("code", code)
+ .param("client_id", client_id)
+ .param(RequiredCredentialRepresentation.PASSWORD, password)
.param("redirect_uri", redirectUri);
- Response res = realmInfo.getCodeUrl().request().header(HttpHeaders.AUTHORIZATION, authHeader).post(Entity.form(form));
+ Response res = realmInfo.getCodeUrl().request()
+ //.header(HttpHeaders.AUTHORIZATION, authHeader)
+ .post(Entity.form(form));
AccessTokenResponse tokenResponse;
try {
if (res.getStatus() != 200) {
log.error("failed to turn code into token");
+ log.error("status from server: " + res.getStatus());
+ if (res.getStatus() == 400 && res.getMediaType() != null) {
+ log.error(" " + res.readEntity(String.class));
+ }
sendError(Response.Status.FORBIDDEN.getStatusCode());
return false;
}
@@ -248,7 +258,7 @@ public class ServletOAuthLogin {
tokenString = tokenResponse.getToken();
try {
token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata());
- log.debug("Verification succeeded!");
+ log.info("Token Verification succeeded!");
} catch (VerificationException e) {
log.error("failed verification of token");
sendError(Response.Status.FORBIDDEN.getStatusCode());
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index ca9eb6a..c5cf400 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -55,7 +55,6 @@ public class RealmsResource {
@Path("{realm}/tokens")
public TokenService getTokenService(@PathParam("realm") String id) {
- logger.info("**** HERE token service****");
RealmManager realmManager = new RealmManager(identitySession);
RealmModel realm = realmManager.getRealm(id);
if (realm == null) {
@@ -71,7 +70,6 @@ public class RealmsResource {
@Path("{realm}")
public RealmSubResource getRealmResource(@PathParam("realm") String id) {
- logger.info("**** HERE @Path {realm} ****");
RealmManager realmManager = new RealmManager(identitySession);
RealmModel realm = realmManager.getRealm(id);
if (realm == null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index c03a01a..ca761ef 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -201,6 +201,7 @@ public class TokenService {
@POST
@Produces("application/json")
public Response accessRequest(MultivaluedMap<String, String> formData) {
+ logger.info("accessRequest <---");
if (!realm.isEnabled()) {
throw new NotAuthorizedException("Realm not enabled");
}
@@ -286,6 +287,7 @@ public class TokenService {
res.put("error_description", "Auth error");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
}
+ logger.info("accessRequest SUCCESS");
AccessTokenResponse res = accessTokenResponse(realm.getPrivateKey(), accessCode.getToken());
return Response.ok(res).build();