keycloak-aplcache
Changes
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java 14(+9 -5)
testsuite/docker-cluster/fig.yml 2(+1 -1)
Details
diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
index 587d30a..fd54ce2 100755
--- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
@@ -17,7 +17,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
"connection-pool-size",
"allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
"client-keystore", "client-keystore-password", "client-key-password",
- "use-hostname-for-local-requests", "local-requests-scheme", "local-requests-port"
+ "auth-server-url-for-backend-requests"
})
public class AdapterConfig extends BaseAdapterConfig {
@@ -37,12 +37,8 @@ public class AdapterConfig extends BaseAdapterConfig {
protected String clientKeyPassword;
@JsonProperty("connection-pool-size")
protected int connectionPoolSize = 20;
- @JsonProperty("use-hostname-for-local-requests")
- protected boolean useHostnameForLocalRequests;
- @JsonProperty("local-requests-scheme")
- protected String localRequestsScheme = "http";
- @JsonProperty("local-requests-port")
- protected int localRequestsPort = 8080;
+ @JsonProperty("auth-server-url-for-backend-requests")
+ protected String authServerUrlForBackendRequests;
public boolean isAllowAnyHostname() {
return allowAnyHostname;
@@ -108,27 +104,11 @@ public class AdapterConfig extends BaseAdapterConfig {
this.connectionPoolSize = connectionPoolSize;
}
- public boolean isUseHostnameForLocalRequests() {
- return useHostnameForLocalRequests;
+ public String getAuthServerUrlForBackendRequests() {
+ return authServerUrlForBackendRequests;
}
- public void setUseHostnameForLocalRequests(boolean useHostnameForLocalRequests) {
- this.useHostnameForLocalRequests = useHostnameForLocalRequests;
- }
-
- public String getLocalRequestsScheme() {
- return localRequestsScheme;
- }
-
- public void setLocalRequestsScheme(String localRequestsScheme) {
- this.localRequestsScheme = localRequestsScheme;
- }
-
- public int getLocalRequestsPort() {
- return localRequestsPort;
- }
-
- public void setLocalRequestsPort(int localRequestsPort) {
- this.localRequestsPort = localRequestsPort;
+ public void setAuthServerUrlForBackendRequests(String authServerUrlForBackendRequests) {
+ this.authServerUrlForBackendRequests = authServerUrlForBackendRequests;
}
}
diff --git a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
index ca0707e..c2241b3 100755
--- a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/keycloak.json
@@ -7,6 +7,5 @@
"expose-token": true,
"credentials": {
"secret": "password"
- },
- "use-hostname-for-local-requests": false
+ }
}
diff --git a/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
index c1ae517..0a86c04 100755
--- a/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/product-app/src/main/webapp/WEB-INF/keycloak.json
@@ -6,6 +6,5 @@
"ssl-required" : "external",
"credentials" : {
"secret": "password"
- },
- "use-hostname-for-local-requests": false
+ }
}
diff --git a/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
index 14bbd79..559df05 100755
--- a/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/third-party/src/main/webapp/WEB-INF/keycloak.json
@@ -5,6 +5,5 @@
"ssl-required" : "external",
"credentials" : {
"secret": "password"
- },
- "use-hostname-for-local-requests": false
+ }
}
\ No newline at end of file
diff --git a/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json b/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
index 14bbd79..559df05 100755
--- a/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/demo-template/third-party-cdi/src/main/webapp/WEB-INF/keycloak.json
@@ -5,6 +5,5 @@
"ssl-required" : "external",
"credentials" : {
"secret": "password"
- },
- "use-hostname-for-local-requests": false
+ }
}
\ No newline at end of file
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
index 9709294..db284b1 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@@ -7,7 +7,6 @@ import org.keycloak.enums.RelativeUrlsUsed;
import org.keycloak.enums.SslRequired;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.KeycloakUriBuilder;
-import org.keycloak.util.UriUtils;
import java.net.URI;
import java.security.PublicKey;
@@ -87,15 +86,18 @@ public class KeycloakDeployment {
URI uri = URI.create(authServerBaseUrl);
if (uri.getHost() == null) {
- if (config.isUseHostnameForLocalRequests()) {
+ String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
+ if (authServerURLForBackendReqs != null) {
relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;
- KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
- serverBuilder.host(UriUtils.getHostName()).port(config.getLocalRequestsPort()).scheme(config.getLocalRequestsScheme());
+ KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
+ if (serverBuilder.getHost() == null || serverBuilder.getScheme() == null) {
+ throw new IllegalStateException("Relative URL not supported for auth-server-url-for-backend-requests option. URL used: "
+ + authServerURLForBackendReqs + ", Client: " + config.getResource());
+ }
resolveNonBrowserUrls(serverBuilder);
} else {
relativeUrls = RelativeUrlsUsed.ALL_REQUESTS;
- return;
}
} else {
// We have absolute URI in config
diff --git a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
index ffc50eb..ba41356 100755
--- a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
+++ b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClientBuilder.java
@@ -57,13 +57,17 @@ public class ServletOAuthClientBuilder {
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
- KeycloakUriBuilder tokenUrlBuilder = serverBuilder.clone();
- KeycloakUriBuilder refreshUrlBuilder = serverBuilder.clone();
+ KeycloakUriBuilder tokenUrlBuilder;
+ KeycloakUriBuilder refreshUrlBuilder;
if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
// Use absolute URI for refreshToken and codeToToken requests
- tokenUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
- refreshUrlBuilder.scheme(adapterConfig.getLocalRequestsScheme()).host(UriUtils.getHostName()).port(adapterConfig.getLocalRequestsPort());
+ KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
+ tokenUrlBuilder = nonBrowsersServerBuilder.clone();
+ refreshUrlBuilder = nonBrowsersServerBuilder.clone();
+ } else {
+ tokenUrlBuilder = serverBuilder.clone();
+ refreshUrlBuilder = serverBuilder.clone();
}
String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
@@ -74,7 +78,7 @@ public class ServletOAuthClientBuilder {
private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
if (serverBuilder.clone().getHost() == null) {
- return (adapterConfig.isUseHostnameForLocalRequests()) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
+ return (adapterConfig.getAuthServerUrlForBackendRequests() != null) ? RelativeUrlsUsed.BROWSER_ONLY : RelativeUrlsUsed.ALL_REQUESTS;
} else {
return RelativeUrlsUsed.NEVER;
}
testsuite/docker-cluster/fig.yml 2(+1 -1)
diff --git a/testsuite/docker-cluster/fig.yml b/testsuite/docker-cluster/fig.yml
index a1c4c6d..046d73b 100644
--- a/testsuite/docker-cluster/fig.yml
+++ b/testsuite/docker-cluster/fig.yml
@@ -1,7 +1,7 @@
httpd:
build: httpd
ports:
- - "8000:8000"
+ - "8000:80"
- "10001:10001"
volumes_from:
- mysql
diff --git a/testsuite/docker-cluster/httpd/httpd.conf b/testsuite/docker-cluster/httpd/httpd.conf
index 7d2d355..8d3758e 100644
--- a/testsuite/docker-cluster/httpd/httpd.conf
+++ b/testsuite/docker-cluster/httpd/httpd.conf
@@ -49,7 +49,7 @@ ServerRoot "/opt/jboss/httpd/httpd"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
-Listen 8000
+Listen 80
#
# Dynamic Shared Object (DSO) Support
diff --git a/testsuite/docker-cluster/wildfly/deploy-examples.sh b/testsuite/docker-cluster/wildfly/deploy-examples.sh
index 7da2946..4cafe69 100644
--- a/testsuite/docker-cluster/wildfly/deploy-examples.sh
+++ b/testsuite/docker-cluster/wildfly/deploy-examples.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Deploy and configure all examples
+## Deploy and configure all examples
# Deploy examples
cd /keycloak-docker-cluster/examples
@@ -25,10 +25,13 @@ sed -i -e 's/false/true/' admin-access.war/WEB-INF/web.xml
# Configure other examples
for I in *.war/WEB-INF/keycloak.json; do
- sed -i -e 's/\"use-hostname-for-local-requests\": false/\"use-hostname-for-local-requests\": true/' $I;
+ sed -i -e 's/\"\/auth\",/&\n \"auth-server-url-for-backend-requests\": \"http:\/\/\$\{jboss.host.name\}:8080\/auth\",/' $I;
done;
# Enable distributable for customer-portal
sed -i -e 's/<\/module-name>/&\n <distributable \/>/' customer-portal.war/WEB-INF/web.xml
+# Configure testrealm.json - Enable adminUrl to access adapters on local machine
+sed -i -e 's/\"adminUrl\": \"/&http:\/\/\$\{jboss.host.name\}:8080/' /keycloak-docker-cluster/examples/testrealm.json
+