keycloak-uncached
Changes
adapters/oidc/osgi-adapter/pom.xml 2(+1 -1)
adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebIntegrationService.java 107(+101 -6)
adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebSecurityConstraintMapping.java 73(+73 -0)
adapters/oidc/pom.xml 1(+1 -0)
examples/fuse/pom.xml 2(+1 -1)
pom.xml 9(+7 -2)
Details
adapters/oidc/osgi-adapter/pom.xml 2(+1 -1)
diff --git a/adapters/oidc/osgi-adapter/pom.xml b/adapters/oidc/osgi-adapter/pom.xml
index a737214..135eacd 100755
--- a/adapters/oidc/osgi-adapter/pom.xml
+++ b/adapters/oidc/osgi-adapter/pom.xml
@@ -36,7 +36,7 @@
org.keycloak.adapters.osgi.*
</keycloak.osgi.export>
<keycloak.osgi.import>
- org.ops4j.pax.web.*;version="[3.0,5)",
+ org.ops4j.pax.web.*;version="[3.0,8)",
javax.servlet.*;version="[2.5,4)";resolution:=optional,
org.eclipse.jetty.*;version="[8.1,10)";resolution:=optional,
org.keycloak.*;version="${project.version}",
diff --git a/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebIntegrationService.java b/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebIntegrationService.java
index f295b30..76cd62f 100644
--- a/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebIntegrationService.java
+++ b/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebIntegrationService.java
@@ -29,6 +29,7 @@ import org.osgi.util.tracker.ServiceTrackerCustomizer;
import java.net.URL;
import java.security.SecureRandom;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -47,7 +48,7 @@ public class PaxWebIntegrationService {
private BundleContext bundleContext;
private String jettyWebXmlLocation;
- private List<ConstraintMapping> constraintMappings; // Using jetty constraint mapping just because of compatibility with other fuse services
+ private List<Object> constraintMappings;
private ServiceTracker webContainerTracker;
private HttpContext httpContext;
@@ -68,11 +69,11 @@ public class PaxWebIntegrationService {
this.jettyWebXmlLocation = jettyWebXmlLocation;
}
- public List<ConstraintMapping> getConstraintMappings() {
+ public List<Object> getConstraintMappings() {
return constraintMappings;
}
- public void setConstraintMappings(List<ConstraintMapping> constraintMappings) {
+ public void setConstraintMappings(List<Object> constraintMappings) {
this.constraintMappings = constraintMappings;
}
@@ -120,8 +121,25 @@ public class PaxWebIntegrationService {
if (constraintMappings == null) {
throw new IllegalStateException("constraintMappings was null!");
}
- for (ConstraintMapping constraintMapping : constraintMappings) {
- addConstraintMapping(service, constraintMapping);
+ List<ConstraintHandler> handlers = new ArrayList<>();
+ try {
+ handlers.add(new JettyConstraintHandler());
+ } catch (Throwable t) {
+ // Ignore
+ }
+ try {
+ handlers.add(new PaxWebConstraintHandler());
+ } catch (Throwable t) {
+ // Ignore
+ }
+ for (Object constraintMapping : constraintMappings) {
+ boolean handled = false;
+ for (ConstraintHandler handler : handlers) {
+ handled |= handler.addConstraintMapping(httpContext, service, constraintMapping);
+ }
+ if (!handled) {
+ log.warnv("Unable to add constraint mapping for constraint of type " + constraintMapping.getClass().toString());
+ }
}
service.registerLoginConfig("BASIC", "does-not-matter", null, null, httpContext);
@@ -146,6 +164,16 @@ public class PaxWebIntegrationService {
}
}
+ protected void addConstraintMapping(WebContainer service, PaxWebSecurityConstraintMapping constraintMapping) {
+ String name = constraintMapping.getConstraintName();
+ if (name == null) {
+ name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
+ }
+ log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getUrl() + ", dataConstraint=" + constraintMapping.getDataConstraint() + ", canAuthenticate="
+ + constraintMapping.isAuthentication() + ", roles=" + constraintMapping.getRoles());
+ service.registerConstraintMapping(name, constraintMapping.getUrl(), constraintMapping.getMapping(), constraintMapping.getDataConstraint(), constraintMapping.isAuthentication(), constraintMapping.getRoles(), httpContext);
+ }
+
protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) {
Constraint constraint = constraintMapping.getConstraint();
String[] roles = constraint.getRoles();
@@ -178,4 +206,71 @@ public class PaxWebIntegrationService {
service.unregisterConstraintMapping(httpContext);
}
}
-}
+
+ private interface ConstraintHandler {
+ boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm);
+ }
+
+ private static class PaxWebConstraintHandler implements ConstraintHandler {
+
+ @Override
+ public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
+ if (cm instanceof PaxWebSecurityConstraintMapping) {
+ PaxWebSecurityConstraintMapping constraintMapping = (PaxWebSecurityConstraintMapping) cm;
+ String name = constraintMapping.getConstraintName();
+ if (name == null) {
+ name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
+ }
+ log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getUrl() + ", dataConstraint=" + constraintMapping.getDataConstraint() + ", canAuthenticate="
+ + constraintMapping.isAuthentication() + ", roles=" + constraintMapping.getRoles());
+ service.registerConstraintMapping(name, constraintMapping.getUrl(), constraintMapping.getMapping(), constraintMapping.getDataConstraint(), constraintMapping.isAuthentication(), constraintMapping.getRoles(), httpContext);
+ return true;
+ }
+ return false;
+ }
+
+ }
+
+ private static class JettyConstraintHandler implements ConstraintHandler {
+
+ @Override
+ public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
+ if (cm instanceof ConstraintMapping) {
+ ConstraintMapping constraintMapping = (ConstraintMapping) cm;
+ Constraint constraint = constraintMapping.getConstraint();
+ String[] roles = constraint.getRoles();
+ // name property is unavailable on constraint object :/
+
+ String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
+
+ int dataConstraint = constraint.getDataConstraint();
+ String dataConstraintStr;
+ switch (dataConstraint) {
+ case Constraint.DC_UNSET:
+ dataConstraintStr = null;
+ break;
+ case Constraint.DC_NONE:
+ dataConstraintStr = "NONE";
+ break;
+ case Constraint.DC_CONFIDENTIAL:
+ dataConstraintStr = "CONFIDENTIAL";
+ break;
+ case Constraint.DC_INTEGRAL:
+ dataConstraintStr = "INTEGRAL";
+ break;
+ default:
+ log.warnv("Unknown data constraint: " + dataConstraint);
+ dataConstraintStr = "CONFIDENTIAL";
+ }
+ List<String> rolesList = Arrays.asList(roles);
+
+ log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
+ + constraint.getAuthenticate() + ", roles=" + rolesList);
+ service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
+ return true;
+ }
+ return false;
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebSecurityConstraintMapping.java b/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebSecurityConstraintMapping.java
new file mode 100644
index 0000000..d73baf2
--- /dev/null
+++ b/adapters/oidc/osgi-adapter/src/main/java/org/keycloak/adapters/osgi/PaxWebSecurityConstraintMapping.java
@@ -0,0 +1,73 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.keycloak.adapters.osgi;
+
+import java.security.SecureRandom;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author hmlnarik
+ */
+public class PaxWebSecurityConstraintMapping {
+
+ private String constraintName = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);
+ private String mapping;
+ private String url;
+ private String dataConstraint = "NONE";
+ private boolean authentication = true;
+ private List<String> roles = new LinkedList<>();
+
+ public String getConstraintName() {
+ return constraintName;
+ }
+
+ public void setConstraintName(String constraintName) {
+ this.constraintName = constraintName;
+ }
+
+ public String getMapping() {
+ return mapping;
+ }
+
+ public void setMapping(String mapping) {
+ this.mapping = mapping;
+ }
+
+ public String getUrl() {
+ return url;
+ }
+
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ public String getDataConstraint() {
+ return dataConstraint;
+ }
+
+ public void setDataConstraint(String dataConstraint) {
+ this.dataConstraint = dataConstraint;
+ }
+
+ public boolean isAuthentication() {
+ return authentication;
+ }
+
+ public void setAuthentication(boolean authentication) {
+ this.authentication = authentication;
+ }
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(List<String> roles) {
+ this.roles = roles;
+ }
+
+}
adapters/oidc/pom.xml 1(+1 -0)
diff --git a/adapters/oidc/pom.xml b/adapters/oidc/pom.xml
index 43c1b09..d63c8b7 100755
--- a/adapters/oidc/pom.xml
+++ b/adapters/oidc/pom.xml
@@ -34,6 +34,7 @@
<module>adapter-core</module>
<module>as7-eap6</module>
<module>installed</module>
+ <module>fuse7</module>
<module>kcinit</module>
<module>jaxrs-oauth-client</module>
<module>jetty</module>
examples/fuse/pom.xml 2(+1 -1)
diff --git a/examples/fuse/pom.xml b/examples/fuse/pom.xml
index 0233ced..3c2f9fb 100755
--- a/examples/fuse/pom.xml
+++ b/examples/fuse/pom.xml
@@ -30,7 +30,7 @@
<artifactId>keycloak-examples-fuse-parent</artifactId>
<packaging>pom</packaging>
<properties>
- <camel.version>2.17.0</camel.version>
+ <camel.version>2.21.0</camel.version>
</properties>
<modules>
<module>customer-app-fuse</module>
pom.xml 9(+7 -2)
diff --git a/pom.xml b/pom.xml
index a87ff5f..59c3023 100755
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
<apache.mime4j.version>0.6</apache.mime4j.version>
<jboss.dmr.version>1.4.1.Final</jboss.dmr.version>
<bouncycastle.version>1.56</bouncycastle.version>
- <cxf.version>3.1.13</cxf.version>
+ <cxf.version>3.2.0</cxf.version>
<dom4j.version>1.6.1</dom4j.version>
<github.relaxng.version>2011.1</github.relaxng.version>
<h2.version>1.4.193</h2.version>
@@ -105,7 +105,7 @@
<liquibase.version>3.4.1</liquibase.version>
<mysql.version>5.1.29</mysql.version>
<osgi.version>4.2.0</osgi.version>
- <pax.web.version>4.2.4</pax.web.version>
+ <pax.web.version>7.1.0</pax.web.version>
<postgresql.version>9.3-1100-jdbc41</postgresql.version>
<mariadb.version>1.3.7</mariadb.version>
<servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
@@ -698,6 +698,11 @@
<version>${pax.web.version}</version>
</dependency>
<dependency>
+ <groupId>org.ops4j.pax.web</groupId>
+ <artifactId>pax-web-spi</artifactId>
+ <version>${pax.web.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.jboss.aesh</groupId>
<artifactId>aesh</artifactId>
<version>${aesh.version}</version>