@Override public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return; } JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { return; } LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig == null) return; if (loginConfig.getAuthMethod() == null) return; if (!loginConfig.getAuthMethod().equals("KEYCLOAK")) return; } final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION); final ModuleLoader moduleLoader = Module.getBootModuleLoader(); addCommonModules(moduleSpecification, moduleLoader); addPlatformSpecificModules(moduleSpecification, moduleLoader); }
private void addCredential( PathAddress parent, KeycloakAdapterConfigService service, String key, String value) { PathAddress credAddr = PathAddress.pathAddress(parent, PathElement.pathElement("credential", key)); ModelNode credOp = new ModelNode(); credOp.get(ModelDescriptionConstants.OP_ADDR).set(credAddr.toModelNode()); ModelNode credential = new ModelNode(); credential.get("value").set(value); service.addCredential(credOp, credential); }
@Test public void testJsonFromSignedJWTCredentials() { KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance(); PathAddress addr = PathAddress.pathAddress( PathElement.pathElement("subsystem", "keycloak"), PathElement.pathElement("secure-deployment", "foo")); ModelNode deploymentOp = new ModelNode(); deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode()); ModelNode deployment = new ModelNode(); deployment.get("realm").set("demo"); deployment.get("resource").set("customer-portal"); service.addSecureDeployment(deploymentOp, deployment); addCredential(addr, service, "secret", "secret1"); addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks"); addCredential(addr, service, "jwt.token-timeout", "10"); System.out.println("Deployment: " + service.getJSON("foo")); }
private void addKeycloakAuthData( DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); addJSONData(service.getJSON(deploymentName), warMetaData); JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { webMetaData = new JBossWebMetaData(); warMetaData.setMergedJBossWebMetaData(webMetaData); } addValve(webMetaData); LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig == null) { loginConfig = new LoginConfigMetaData(); webMetaData.setLoginConfig(loginConfig); } loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentName)); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); }
@Override public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); String deploymentName = deploymentUnit.getName(); KeycloakAdapterConfigService service = KeycloakAdapterConfigService.find(phaseContext.getServiceRegistry()); // log.info("********* CHECK KEYCLOAK DEPLOYMENT: " + deploymentName); if (service.isSecureDeployment(deploymentName)) { addKeycloakAuthData(phaseContext, deploymentName, service); return; } // else check to see if KEYCLOAK is specified as login config WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) return; JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) return; LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod())) { addValve(webMetaData); } }
@Override protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.getInstance(); ckService.removeRealm(operation); }