@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return;
}
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
return;
}
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
if (loginConfig == null) return;
if (loginConfig.getAuthMethod() == null) return;
if (!loginConfig.getAuthMethod().equals("KEYCLOAK")) return;
}
final ModuleSpecification moduleSpecification =
deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
final ModuleLoader moduleLoader = Module.getBootModuleLoader();
addCommonModules(moduleSpecification, moduleLoader);
addPlatformSpecificModules(moduleSpecification, moduleLoader);
}
private void addCredential(
PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
PathAddress credAddr =
PathAddress.pathAddress(parent, PathElement.pathElement("credential", key));
ModelNode credOp = new ModelNode();
credOp.get(ModelDescriptionConstants.OP_ADDR).set(credAddr.toModelNode());
ModelNode credential = new ModelNode();
credential.get("value").set(value);
service.addCredential(credOp, credential);
}
@Test
public void testJsonFromSignedJWTCredentials() {
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
PathAddress addr =
PathAddress.pathAddress(
PathElement.pathElement("subsystem", "keycloak"),
PathElement.pathElement("secure-deployment", "foo"));
ModelNode deploymentOp = new ModelNode();
deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
ModelNode deployment = new ModelNode();
deployment.get("realm").set("demo");
deployment.get("resource").set("customer-portal");
service.addSecureDeployment(deploymentOp, deployment);
addCredential(addr, service, "secret", "secret1");
addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
addCredential(addr, service, "jwt.token-timeout", "10");
System.out.println("Deployment: " + service.getJSON("foo"));
}
private void addKeycloakAuthData(
DeploymentPhaseContext phaseContext,
String deploymentName,
KeycloakAdapterConfigService service) {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
addJSONData(service.getJSON(deploymentName), warMetaData);
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
webMetaData = new JBossWebMetaData();
warMetaData.setMergedJBossWebMetaData(webMetaData);
}
addValve(webMetaData);
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
if (loginConfig == null) {
loginConfig = new LoginConfigMetaData();
webMetaData.setLoginConfig(loginConfig);
}
loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName));
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
}
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
String deploymentName = deploymentUnit.getName();
KeycloakAdapterConfigService service =
KeycloakAdapterConfigService.find(phaseContext.getServiceRegistry());
// log.info("********* CHECK KEYCLOAK DEPLOYMENT: " + deploymentName);
if (service.isSecureDeployment(deploymentName)) {
addKeycloakAuthData(phaseContext, deploymentName, service);
return;
}
// else check to see if KEYCLOAK is specified as login config
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) return;
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) return;
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
if (loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod())) {
addValve(webMetaData);
}
}
@Override
protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model)
throws OperationFailedException {
KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.getInstance();
ckService.removeRealm(operation);
}
