keycloak-uncached
Changes
integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java 3(+2 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java 14(+12 -2)
integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyAuthenticationMechanism.java 3(+2 -1)
model/invalidation-cache/model-adapters/pom.xml 120(+120 -0)
model/invalidation-cache/pom.xml 30(+30 -0)
model/pom.xml 1(+1 -0)
pom.xml 4(+2 -2)
Details
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
index c7ec9fc..b13b3cb 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
@@ -242,7 +242,8 @@ public abstract class OAuthRequestAuthenticator {
protected AuthChallenge resolveCode(String code) {
// abort if not HTTPS
if (deployment.isSslRequired() && !isRequestSecure()) {
- log.error("SSL is required");
+
+ log.error("Adapter requires SSL. Request: " + facade.getRequest().getURI());
return challenge(403);
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
index 72a0493..349ba11 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
@@ -32,10 +32,6 @@ public abstract class RequestAuthenticator {
public AuthOutcome authenticate() {
log.info("--> authenticate()");
- if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
- log.warn("SSL is required to authenticate");
- return AuthOutcome.FAILED;
- }
BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
log.info("try bearer");
AuthOutcome outcome = bearer.authenticate(facade);
@@ -44,6 +40,7 @@ public abstract class RequestAuthenticator {
log.info("Bearer FAILED");
return AuthOutcome.FAILED;
} else if (outcome == AuthOutcome.AUTHENTICATED) {
+ if (verifySSL()) return AuthOutcome.FAILED;
completeAuthentication(bearer);
log.info("Bearer AUTHENTICATED");
return AuthOutcome.AUTHENTICATED;
@@ -55,6 +52,7 @@ public abstract class RequestAuthenticator {
log.info("try oauth");
if (isCached()) {
+ if (verifySSL()) return AuthOutcome.FAILED;
log.info("AUTHENTICATED: was cached");
return AuthOutcome.AUTHENTICATED;
}
@@ -70,6 +68,8 @@ public abstract class RequestAuthenticator {
}
+ if (verifySSL()) return AuthOutcome.FAILED;
+
completeAuthentication(oauth);
// redirect to strip out access code and state query parameters
@@ -81,6 +81,14 @@ public abstract class RequestAuthenticator {
return AuthOutcome.AUTHENTICATED;
}
+ protected boolean verifySSL() {
+ if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
+ log.warn("SSL is required to authenticate");
+ return true;
+ }
+ return false;
+ }
+
protected abstract OAuthRequestAuthenticator createOAuthAuthenticator();
protected BearerTokenRequestAuthenticator createBearerTokenAuthenticator() {
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
index d35b752..26a735f 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
@@ -51,12 +51,22 @@ public class ServletKeycloakAuthMech implements AuthenticationMechanism {
}
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
- int confidentialPort = 8443;
- if (portManager != null) confidentialPort = portManager.getConfidentialPort(exchange);
+
+ int confidentialPort = getConfidentilPort(exchange);
return new ServletRequestAuthenticator(facade, deployment,
confidentialPort, securityContext, exchange, userSessionManagement);
}
+ protected int getConfidentilPort(HttpServerExchange exchange) {
+ int confidentialPort = 8443;
+ if (exchange.getRequestScheme().equalsIgnoreCase("HTTPS")) {
+ confidentialPort = exchange.getHostPort();
+ } else if (portManager != null) {
+ confidentialPort = portManager.getConfidentialPort(exchange);
+ }
+ return confidentialPort;
+ }
+
@Override
public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
index f610443..9426128 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
@@ -6,6 +6,7 @@ import io.undertow.server.handlers.CookieImpl;
import io.undertow.util.AttachmentKey;
import io.undertow.util.Headers;
import io.undertow.util.HttpString;
+import org.jboss.logging.Logger;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AuthChallenge;
import org.keycloak.adapters.HttpFacade;
@@ -24,6 +25,7 @@ import java.util.Map;
* @version $Revision: 1 $
*/
public class UndertowHttpFacade implements HttpFacade {
+ private static final Logger log = Logger.getLogger(UndertowHttpFacade.class);
public static final AttachmentKey<KeycloakSecurityContext> KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class);
protected HttpServerExchange exchange;
@@ -41,7 +43,8 @@ public class UndertowHttpFacade implements HttpFacade {
@Override
public boolean isSecure() {
- return exchange.getProtocol().toString().equalsIgnoreCase("https");
+ String protocol = exchange.getRequestScheme();
+ return protocol.equalsIgnoreCase("https");
}
@Override
diff --git a/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyAuthenticationMechanism.java b/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyAuthenticationMechanism.java
index 58639df..4963c0a 100755
--- a/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyAuthenticationMechanism.java
+++ b/integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyAuthenticationMechanism.java
@@ -24,7 +24,8 @@ public class WildflyAuthenticationMechanism extends ServletKeycloakAuthMech {
@Override
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
+ int confidentialPort = getConfidentilPort(exchange);
return new WildflyRequestAuthenticator(facade, deployment,
- portManager.getConfidentialPort(exchange), securityContext, exchange, userSessionManagement);
+ confidentialPort, securityContext, exchange, userSessionManagement);
}
}
model/invalidation-cache/model-adapters/pom.xml 120(+120 -0)
diff --git a/model/invalidation-cache/model-adapters/pom.xml b/model/invalidation-cache/model-adapters/pom.xml
new file mode 100755
index 0000000..c6b12f5
--- /dev/null
+++ b/model/invalidation-cache/model-adapters/pom.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-beta-2-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-invalidation-cache-model</artifactId>
+ <name>Keycloak Model JPA</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk16</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.iharder</groupId>
+ <artifactId>base64</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate.javax.persistence</groupId>
+ <artifactId>hibernate-jpa-2.0-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>${hibernate.entitymanager.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>com.h2database</groupId>
+ <artifactId>h2</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>${maven.compiler.source}</source>
+ <target>${maven.compiler.target}</target>
+ </configuration>
+ </plugin>
+
+ <!-- Test jar used in export-import -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>package-tests-jar</id>
+ <phase>package</phase>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>default-test</id>
+ <configuration>
+ <dependenciesToScan>
+ <dependency>org.keycloak:keycloak-model-tests</dependency>
+ </dependenciesToScan>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
+
+</project>
model/invalidation-cache/pom.xml 30(+30 -0)
diff --git a/model/invalidation-cache/pom.xml b/model/invalidation-cache/pom.xml
new file mode 100755
index 0000000..685e9ce
--- /dev/null
+++ b/model/invalidation-cache/pom.xml
@@ -0,0 +1,30 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-beta-2-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <name>Model Parent</name>
+ <description/>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-invalidation-cache-model-pom</artifactId>
+ <packaging>pom</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <modules>
+ <module>model-adapters</module>
+ </modules>
+</project>
model/pom.xml 1(+1 -0)
diff --git a/model/pom.xml b/model/pom.xml
index d521219..d60c992 100755
--- a/model/pom.xml
+++ b/model/pom.xml
@@ -29,6 +29,7 @@
<!-- <module>picketlink</module> -->
<module>jpa</module>
<module>mongo</module>
+ <module>invalidation-cache</module>
<module>tests</module>
</modules>
</project>
pom.xml 4(+2 -2)
diff --git a/pom.xml b/pom.xml
index 44916d4..0eb88f0 100755
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
<resteasy.version>2.3.7.Final</resteasy.version>
<resteasy.version.eap.6.3>2.3.7.Final</resteasy.version.eap.6.3>
<resteasy.version.latest>3.0.8.Final</resteasy.version.latest>
- <undertow.version>1.0.0.Final</undertow.version>
+ <undertow.version>1.0.15.Final</undertow.version>
<picketlink.version>2.6.0.CR2</picketlink.version>
<picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>
<mongo.driver.version>2.11.3</mongo.driver.version>
@@ -34,7 +34,7 @@
<mysql.version>5.1.25</mysql.version>
<slf4j.version>1.5.10</slf4j.version>
<jboss.version>7.1.1.Final</jboss.version>
- <wildfly.version>8.0.0.Final</wildfly.version>
+ <wildfly.version>8.1.0.Final</wildfly.version>
<servlet.api.30.version>1.0.1.Final</servlet.api.30.version>
<google.zxing.version>2.2</google.zxing.version>
<google.client.version>1.14.1-beta</google.client.version>