diff --git a/examples/as7-eap-demo/customer-app/pom.xml b/examples/as7-eap-demo/customer-app/pom.xml new file mode 100755 index 00000000000..acd75e4bd14 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/pom.xml @@ -0,0 +1,79 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + customer-portal-example + war + Customer Portal - Secured via Valve + + + + + jboss + jboss repo + http://repository.jboss.org/nexus/content/groups/public/ + + + + + + junit + junit + 4.1 + test + + + javax.servlet + servlet-api + provided + + + org.jboss.resteasy + resteasy-client + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-as7-adapter + ${project.version} + + + + + customer-portal + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java b/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java new file mode 100755 index 00000000000..a50ccacab8e --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/java/org/jboss/resteasy/example/oauth/CustomerDatabaseClient.java @@ -0,0 +1,36 @@ +package org.jboss.resteasy.example.oauth; + +import org.jboss.resteasy.client.jaxrs.ResteasyClient; +import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; +import org.keycloak.SkeletonKeySession; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.GenericType; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; +import java.util.List; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class CustomerDatabaseClient +{ + public static List getCustomers(HttpServletRequest request) + { + SkeletonKeySession session = (SkeletonKeySession)request.getAttribute(SkeletonKeySession.class.getName()); + ResteasyClient client = new ResteasyClientBuilder() + .trustStore(session.getMetadata().getTruststore()) + .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build(); + try + { + Response response = client.target("http://localhost:8080/database/customers").request() + .header(HttpHeaders.AUTHORIZATION, "Bearer " + session.getToken()).get(); + return response.readEntity(new GenericType>(){}); + } + finally + { + client.close(); + } + } +} diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 00000000000..1469973bc4a --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100755 index 00000000000..3cec19cc474 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + org.keycloak.adapters.as7.OAuthManagedResourceValve + + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json new file mode 100755 index 00000000000..3e228f1cbd3 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/resteasy-oauth.json @@ -0,0 +1,8 @@ +{ + "realm-url" : "http://localhost:8080/auth-server/rest/realms/demo", + "ssl-not-required" : true, + "client-id" : "customer-portal", + "client-credentials" : { + "password" : "password" + } +} diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 00000000000..b25af94e1b6 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,46 @@ + + + + + Admins + /admin/* + + + admin + + + + + Customers + /customers/* + + + user + + + + + + + BASIC + commerce + + + + admin + + + user + + diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp new file mode 100644 index 00000000000..e132e3701f8 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/admin/admin.jsp @@ -0,0 +1,11 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Customer Admin Iterface + + +

Customer Admin Interface

+User <%=request.getUserPrincipal().getName()%> made this request. + + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp new file mode 100644 index 00000000000..f6bd0c52775 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp @@ -0,0 +1,23 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Customer View Page + + +

Goto: products | logout

+User <%=request.getUserPrincipal().getName()%> made this request. +

Customer Listing

+<% +java.util.List list = org.jboss.resteasy.example.oauth.CustomerDatabaseClient.getCustomers(request); +for (String cust : list) +{ + out.print("

"); + out.print(cust); + out.println("

"); + +} +%> +

+ + \ No newline at end of file diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/index.html b/examples/as7-eap-demo/customer-app/src/main/webapp/index.html new file mode 100644 index 00000000000..7b164dfeaf5 --- /dev/null +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/index.html @@ -0,0 +1,14 @@ + + + + + + +

Customer Portal

+ +

Customer Listing

+

Customer Admin Interface

+ + + \ No newline at end of file diff --git a/examples/as7-eap-demo/database-service/pom.xml b/examples/as7-eap-demo/database-service/pom.xml new file mode 100755 index 00000000000..c202657b836 --- /dev/null +++ b/examples/as7-eap-demo/database-service/pom.xml @@ -0,0 +1,73 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + database-service + war + JAX-RS Database Service Using OAuth Bearer Tokens + + http://maven.apache.org + + + + jboss + jboss repo + http://repository.jboss.org/nexus/content/groups/public/ + + + + + + junit + junit + 4.1 + test + + + org.jboss.resteasy + resteasy-client + provided + + + org.jboss.resteasy + resteasy-client + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-as7-adapter + ${project.version} + + + + + database + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java new file mode 100644 index 00000000000..c6a0efc9db8 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/CustomerService.java @@ -0,0 +1,26 @@ +package org.jboss.resteasy.example.oauth; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@Path("customers") +public class CustomerService +{ + @GET + @Produces("application/json") + public List getCustomers() + { + ArrayList rtn = new ArrayList(); + rtn.add("Bill Burke"); + rtn.add("Ron Sigal"); + rtn.add("Weinan Li"); + return rtn; + } +} diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java new file mode 100644 index 00000000000..673ad167e6c --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/DataApplication.java @@ -0,0 +1,13 @@ +package org.jboss.resteasy.example.oauth; + +import javax.ws.rs.ApplicationPath; +import javax.ws.rs.core.Application; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@ApplicationPath("/") +public class DataApplication extends Application +{ +} diff --git a/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java new file mode 100644 index 00000000000..8515dfe9348 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/java/org/jboss/resteasy/example/oauth/ProductService.java @@ -0,0 +1,26 @@ +package org.jboss.resteasy.example.oauth; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@Path("products") +public class ProductService +{ + @GET + @Produces("application/json") + public List getProducts() + { + ArrayList rtn = new ArrayList(); + rtn.add("iphone"); + rtn.add("ipad"); + rtn.add("ipod"); + return rtn; + } +} diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 00000000000..f1f1ffa354a --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100755 index 00000000000..d1ca3931f97 --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + org.keycloak.adapters.as7.BearerTokenAuthenticatorValve + + \ No newline at end of file diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json new file mode 100755 index 00000000000..df69f017d1a --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/resteasy-oauth.json @@ -0,0 +1,3 @@ +{ + "realm-url" : "http://localhost:8080/auth-server/rest/realms/demo" +} diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 00000000000..c19ce80907c --- /dev/null +++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,26 @@ + + + + + /* + + + + user + + + + + BASIC + commerce + + + + user + + diff --git a/examples/as7-eap-demo/product-app/pom.xml b/examples/as7-eap-demo/product-app/pom.xml new file mode 100755 index 00000000000..07ea37a0b40 --- /dev/null +++ b/examples/as7-eap-demo/product-app/pom.xml @@ -0,0 +1,79 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + product-portal-example + war + Product Portal - Secured via Valve + + + + + jboss + jboss repo + http://repository.jboss.org/nexus/content/groups/public/ + + + + + + junit + junit + 4.1 + test + + + javax.servlet + servlet-api + provided + + + org.jboss.resteasy + resteasy-client + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-as7-adapter + ${project.version} + + + + + product-portal + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 00000000000..1469973bc4a --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100755 index 00000000000..3cec19cc474 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + org.keycloak.adapters.as7.OAuthManagedResourceValve + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json new file mode 100755 index 00000000000..8e538101a2e --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/resteasy-oauth.json @@ -0,0 +1,8 @@ +{ + "realm-url" : "http://localhost:8080/auth-server/rest/realms/demo", + "ssl-not-required" : true, + "client-id" : "product-portal", + "client-credentials" : { + "password" : "password" + } +} diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 00000000000..c9bc6550004 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,46 @@ + + + + + Admins + /admin/* + + + admin + + + + + Products + /products/* + + + user + + + + + + BASIC + commerce + + + + admin + + + user + + diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp new file mode 100644 index 00000000000..b6448d77380 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/admin/admin.jsp @@ -0,0 +1,11 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Product Admin Interface + + +

Product Admin Interface

+User <%=request.getUserPrincipal().getName()%> made this request. + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/index.html b/examples/as7-eap-demo/product-app/src/main/webapp/index.html new file mode 100644 index 00000000000..e30ebc5c1c3 --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/index.html @@ -0,0 +1,14 @@ + + + + + + +

Product Portal

+ +

Product Listing

+

Admin Interface

+ + + \ No newline at end of file diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp new file mode 100644 index 00000000000..5a9a6410e6d --- /dev/null +++ b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp @@ -0,0 +1,23 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> + + + Product View Page + + +

Goto: customers | logout

+User <%=request.getUserPrincipal().getName()%> made this request. +

Product Listing

+<% +java.util.List list = org.jboss.resteasy.example.oauth.ProductDatabaseClient.getProducts(request); +for (String cust : list) +{ + out.print("

"); + out.print(cust); + out.println("

"); + +} +%> +

+ + \ No newline at end of file diff --git a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json index 40e0fd35b14..5b913e8ed24 100755 --- a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json +++ b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json @@ -12,90 +12,47 @@ ], "users" : [ { - "username" : "wburke", + "username" : "bburke@redhat.com", "enabled" : true, "attributes" : { "email" : "bburke@redhat.com" }, "credentials" : [ { "type" : "Password", - "value" : "userpassword" } + "value" : "password" } ] }, { - "username" : "loginclient", + "username" : "customer-portal", "enabled" : true, "credentials" : [ { "type" : "Password", - "value" : "clientpassword" } + "value" : "password" } ] }, { - "username" : "admin", + "username" : "product-portal", "enabled" : true, "credentials" : [ { "type" : "Password", - "value" : "adminpassword" } - ] - }, - { - "username" : "oauthclient", - "enabled" : true, - "credentials" : [ - { "type" : "Password", - "value" : "clientpassword" } + "value" : "password" } ] } ], "roleMappings" : [ { - "username" : "admin", - "roles" : ["admin"] + "username" : "bburke@redhat.com", + "roles" : ["user"] } ], "scopeMappings" : [ { - "username" : "loginclient", + "username" : "customer-portal", + "roles" : ["*"] + }, + { + "username" : "product-portal", "roles" : ["*"] } - ], - "resources" : [ - { - "name" : "Application", - "roles" : ["admin", "user"], - "roleMappings" : [ - { - "username" : "wburke", - "roles" : ["user"] - }, - { - "username" : "admin", - "roles" : ["admin"] - } - ], - "scopeMappings" : [ - { - "username" : "oauthclient", - "roles" : ["user"] - } - ] - }, - { - "name" : "OtherApp", - "roles" : ["admin", "user"], - "roleMappings" : [ - { - "username" : "wburke", - "roles" : ["user"] - }, - { - "username" : "admin", - "roles" : ["admin"] - } - ] - } - ] - - } \ No newline at end of file diff --git a/examples/pom.xml b/examples/pom.xml index 5e5a46fbd3e..1fb476f5b69 100755 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -14,7 +14,29 @@ examples-pom pom + + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.1.1.Final + + true + + + + as7-eap-demo/server + as7-eap-demo/customer-app + as7-eap-demo/product-app + as7-eap-demo/database-service diff --git a/integration/as7-eap6/adapter/pom.xml b/integration/as7-eap6/adapter/pom.xml index b4ad78f4471..69c4ff1188f 100755 --- a/integration/as7-eap6/adapter/pom.xml +++ b/integration/as7-eap6/adapter/pom.xml @@ -28,12 +28,13 @@ org.jboss.resteasy jose-jwt + provided org.jboss.spec.javax.servlet jboss-servlet-api_3.0_spec - provided 1.0.0.Final + provided org.jboss.resteasy @@ -56,12 +57,13 @@ org.jboss.as jboss-as-web 7.1.2.Final + provided org.picketbox picketbox - provided 4.0.7.Final + provided junit diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java index 2fc961d18ba..b87ed0bc852 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java @@ -46,9 +46,9 @@ public class BearerTokenAuthenticatorValve extends AuthenticatorBase implements protected void init() { ManagedResourceConfigLoader managedResourceConfigLoader = new ManagedResourceConfigLoader(context); - resourceMetadata = managedResourceConfigLoader.getResourceMetadata(); remoteSkeletonKeyConfig = managedResourceConfigLoader.getRemoteSkeletonKeyConfig(); managedResourceConfigLoader.init(false); + resourceMetadata = managedResourceConfigLoader.getResourceMetadata(); } @Override diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java index 77922a28efb..6c1385cd2aa 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java @@ -82,6 +82,7 @@ public class OAuthManagedResourceValve extends FormAuthenticator implements Life } realmConfiguration.setMetadata(resourceMetadata); realmConfiguration.setClientId(client_id); + realmConfiguration.setSslRequired(!remoteSkeletonKeyConfig.isSslNotRequired()); for (Map.Entry entry : managedResourceConfigLoader.getRemoteSkeletonKeyConfig().getClientCredentials().entrySet()) { realmConfiguration.getCredentials().param(entry.getKey(), entry.getValue()); diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java index e3db0e34c7c..8e177a8c224 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java @@ -7,6 +7,7 @@ import org.keycloak.RealmConfiguration; import org.keycloak.VerificationException; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.SkeletonKeyToken; +import org.keycloak.representations.idm.RequiredCredentialRepresentation; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; @@ -77,6 +78,7 @@ public class ServletOAuthLogin { protected void sendRedirect(String url) { try { + log.info("Sending redirect to: " + url); response.sendRedirect(url); } catch (IOException e) { throw new RuntimeException(e); @@ -223,18 +225,26 @@ public class ServletOAuthLogin { String client_id = realmInfo.getClientId(); String password = realmInfo.getCredentials().asMap().getFirst("password"); - String authHeader = BasicAuthHelper.createHeader(client_id, password); + //String authHeader = BasicAuthHelper.createHeader(client_id, password); String redirectUri = stripOauthParametersFromRedirect(); Form form = new Form(); form.param("grant_type", "authorization_code") .param("code", code) + .param("client_id", client_id) + .param(RequiredCredentialRepresentation.PASSWORD, password) .param("redirect_uri", redirectUri); - Response res = realmInfo.getCodeUrl().request().header(HttpHeaders.AUTHORIZATION, authHeader).post(Entity.form(form)); + Response res = realmInfo.getCodeUrl().request() + //.header(HttpHeaders.AUTHORIZATION, authHeader) + .post(Entity.form(form)); AccessTokenResponse tokenResponse; try { if (res.getStatus() != 200) { log.error("failed to turn code into token"); + log.error("status from server: " + res.getStatus()); + if (res.getStatus() == 400 && res.getMediaType() != null) { + log.error(" " + res.readEntity(String.class)); + } sendError(Response.Status.FORBIDDEN.getStatusCode()); return false; } @@ -248,7 +258,7 @@ public class ServletOAuthLogin { tokenString = tokenResponse.getToken(); try { token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata()); - log.debug("Verification succeeded!"); + log.info("Token Verification succeeded!"); } catch (VerificationException e) { log.error("failed verification of token"); sendError(Response.Status.FORBIDDEN.getStatusCode()); diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java index 140a69252c8..756950c2107 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfig.java @@ -27,6 +27,8 @@ public class ManagedResourceConfig { @JsonProperty("code-url") protected String codeUrl; + @JsonProperty("ssl-not-required") + protected boolean sslNotRequired; @JsonProperty("allow-any-hostname") protected boolean allowAnyHostname; @JsonProperty("disable-trust-manager") @@ -50,6 +52,14 @@ public class ManagedResourceConfig { @JsonProperty("cancel-propagation") protected boolean cancelPropagation; + public boolean isSslNotRequired() { + return sslNotRequired; + } + + public void setSslNotRequired(boolean sslNotRequired) { + this.sslNotRequired = sslNotRequired; + } + public String getRealmUrl() { return realmUrl; } diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java index d40dd887819..1856cf684b2 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/ManagedResourceConfigLoader.java @@ -82,7 +82,6 @@ public class ManagedResourceConfigLoader { initClient(); - String realm = remoteSkeletonKeyConfig.getRealm(); if (remoteSkeletonKeyConfig.getRealmUrl() != null) { PublishedRealmRepresentation rep = null; @@ -100,6 +99,7 @@ public class ManagedResourceConfigLoader { remoteSkeletonKeyConfig.setAdminRole(rep.getAdminRole()); } + String realm = remoteSkeletonKeyConfig.getRealm(); String resource = remoteSkeletonKeyConfig.getResource(); if (realm == null) throw new RuntimeException("Must set 'realm' in config"); diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index ca9eb6adef0..c5cf4008e92 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -55,7 +55,6 @@ public class RealmsResource { @Path("{realm}/tokens") public TokenService getTokenService(@PathParam("realm") String id) { - logger.info("**** HERE token service****"); RealmManager realmManager = new RealmManager(identitySession); RealmModel realm = realmManager.getRealm(id); if (realm == null) { @@ -71,7 +70,6 @@ public class RealmsResource { @Path("{realm}") public RealmSubResource getRealmResource(@PathParam("realm") String id) { - logger.info("**** HERE @Path {realm} ****"); RealmManager realmManager = new RealmManager(identitySession); RealmModel realm = realmManager.getRealm(id); if (realm == null) { diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index c03a01a91fe..ca761ef4627 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -201,6 +201,7 @@ public class TokenService { @POST @Produces("application/json") public Response accessRequest(MultivaluedMap formData) { + logger.info("accessRequest <---"); if (!realm.isEnabled()) { throw new NotAuthorizedException("Realm not enabled"); } @@ -286,6 +287,7 @@ public class TokenService { res.put("error_description", "Auth error"); return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build(); } + logger.info("accessRequest SUCCESS"); AccessTokenResponse res = accessTokenResponse(realm.getPrivateKey(), accessCode.getToken()); return Response.ok(res).build();