@Override public void setClientCredentials( KeycloakDeployment deployment, Map<String, String> requestHeaders, Map<String, String> formParams) { String signedToken = createSignedRequestToken(deployment.getResourceName(), deployment.getRealmInfoUrl()); formParams.put( OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT); formParams.put(OAuth2Constants.CLIENT_ASSERTION, signedToken); }
@Override public void init(KeycloakDeployment deployment, Object config) { if (config == null || !(config instanceof Map)) { throw new RuntimeException( "Configuration of jwt credentials is missing or incorrect for client '" + deployment.getResourceName() + "'. Check your adapter configuration"); } Map<String, Object> cfg = (Map<String, Object>) config; String clientKeystoreFile = (String) cfg.get("client-keystore-file"); if (clientKeystoreFile == null) { throw new RuntimeException( "Missing parameter client-keystore-file in configuration of jwt for client " + deployment.getResourceName()); } String clientKeystoreType = (String) cfg.get("client-keystore-type"); KeystoreUtil.KeystoreFormat clientKeystoreFormat = clientKeystoreType == null ? KeystoreUtil.KeystoreFormat.JKS : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType.toUpperCase()); String clientKeystorePassword = (String) cfg.get("client-keystore-password"); if (clientKeystorePassword == null) { throw new RuntimeException( "Missing parameter client-keystore-password in configuration of jwt for client " + deployment.getResourceName()); } String clientKeyPassword = (String) cfg.get("client-key-password"); if (clientKeyPassword == null) { clientKeyPassword = clientKeystorePassword; } String clientKeyAlias = (String) cfg.get("client-key-alias"); if (clientKeyAlias == null) { clientKeyAlias = deployment.getResourceName(); } this.privateKey = KeystoreUtil.loadPrivateKeyFromKeystore( clientKeystoreFile, clientKeystorePassword, clientKeyPassword, clientKeyAlias, clientKeystoreFormat); this.tokenTimeout = asInt(cfg, "token-timeout", 10); }
@Override public void setClientCredentials( KeycloakDeployment deployment, Map<String, String> requestHeaders, Map<String, String> formParams) { String clientId = deployment.getResourceName(); if (!deployment.isPublicClient()) { if (clientSecret != null) { String authorization = BasicAuthHelper.createHeader(clientId, clientSecret); requestHeaders.put("Authorization", authorization); } else { logger.warnf("Client '%s' doesn't have secret available", clientId); } } else { formParams.put(OAuth2Constants.CLIENT_ID, clientId); } }
/** * This function has been copied (and modified) from the Keycloak AdapterDeploymentContext class. * It should be kept up-to-date with future versions of Keycloak. */ private KeycloakUriBuilder getBaseBuilder( KeycloakDeployment deployment, HttpFacade.Request facadeRequest) { String base = deployment.getAuthServerBaseUrl(); KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(base); URI request = URI.create(facadeRequest.getURI()); String scheme = request.getScheme(); if (deployment.getSslRequired().isRequired(facadeRequest.getRemoteAddr())) { scheme = "https"; if (!request.getScheme().equals(scheme) && request.getPort() != -1) { throw new RuntimeException("Can't resolve relative url from adapter config."); } } builder.scheme(scheme); builder.host(request.getHost()); if (request.getPort() != -1) { builder.port(request.getPort()); } return builder; }
/** * This function has been copied (and modified) from the Keycloak AdapterDeploymentContext class. * It should be kept up-to-date with future versions of Keycloak. */ public KeycloakDeployment resolveUrls( KeycloakDeployment deployment, HttpFacade.Request facadeRequest) { if (deployment.getRelativeUrls() == RelativeUrlsUsed.NEVER) { // Absolute URI are already set to everything return deployment; } else { DeploymentDelegate delegate = new DeploymentDelegate(deployment); delegate.setAuthServerBaseUrl(getBaseBuilder(deployment, facadeRequest).build().toString()); return delegate; } }
public boolean checkCorsPreflight(Request request, Response response) { log.finer("checkCorsPreflight " + request.getRequestURI()); if (!request.getMethod().equalsIgnoreCase("OPTIONS")) { log.finer("checkCorsPreflight: not options "); return false; } if (request.getHeader("Origin") == null) { log.finer("checkCorsPreflight: no origin header"); return false; } log.finer("Preflight request returning"); response.setStatus(HttpServletResponse.SC_OK); String origin = request.getHeader("Origin"); response.setHeader("Access-Control-Allow-Origin", origin); response.setHeader("Access-Control-Allow-Credentials", "true"); String requestMethods = request.getHeader("Access-Control-Request-Method"); if (requestMethods != null) { if (deployment.getCorsAllowedMethods() != null) { requestMethods = deployment.getCorsAllowedMethods(); } response.setHeader("Access-Control-Allow-Methods", requestMethods); } String allowHeaders = request.getHeader("Access-Control-Request-Headers"); if (allowHeaders != null) { if (deployment.getCorsAllowedHeaders() != null) { allowHeaders = deployment.getCorsAllowedHeaders(); } response.setHeader("Access-Control-Allow-Headers", allowHeaders); } if (deployment.getCorsMaxAge() > -1) { response.setHeader("Access-Control-Max-Age", Integer.toString(deployment.getCorsMaxAge())); } return true; }
@Override public void setRegisterNodePeriod(int registerNodePeriod) { delegate.setRegisterNodePeriod(registerNodePeriod); }
@Override public void setAlwaysRefreshToken(boolean alwaysRefreshToken) { delegate.setAlwaysRefreshToken(alwaysRefreshToken); }
@Override public int getRegisterNodePeriod() { return delegate.getRegisterNodePeriod(); }
@Override public boolean isUseResourceRoleMappings() { return delegate.isUseResourceRoleMappings(); }
@Override public void setCors(boolean cors) { delegate.setCors(cors); }
@Override public String getPrincipalAttribute() { return delegate.getPrincipalAttribute(); }
@Override public boolean isTurnOffChangeSessionIdOnLogin() { return delegate.isTurnOffChangeSessionIdOnLogin(); }
@Override public void setExposeToken(boolean exposeToken) { delegate.setExposeToken(exposeToken); }
@Override public boolean isExposeToken() { return delegate.isExposeToken(); }
@Override public void setNotBefore(int notBefore) { delegate.setNotBefore(notBefore); }
@Override public int getNotBefore() { return delegate.getNotBefore(); }
@Override public String getCorsAllowedHeaders() { return delegate.getCorsAllowedHeaders(); }
@Override public void setCorsMaxAge(int corsMaxAge) { delegate.setCorsMaxAge(corsMaxAge); }
@Override public int getCorsMaxAge() { return delegate.getCorsMaxAge(); }
@Override public void setRegisterNodeAtStartup(boolean registerNodeAtStartup) { delegate.setRegisterNodeAtStartup(registerNodeAtStartup); }
@Override public void setUseResourceRoleMappings(boolean useResourceRoleMappings) { delegate.setUseResourceRoleMappings(useResourceRoleMappings); }
@Override public boolean isRegisterNodeAtStartup() { return delegate.isRegisterNodeAtStartup(); }
@Override public String getCorsAllowedMethods() { return delegate.getCorsAllowedMethods(); }
@Override public void setPrincipalAttribute(String principalAttribute) { delegate.setPrincipalAttribute(principalAttribute); }
@Override public void setCorsAllowedHeaders(String corsAllowedHeaders) { delegate.setCorsAllowedHeaders(corsAllowedHeaders); }
@Override public void setTurnOffChangeSessionIdOnLogin(boolean turnOffChangeSessionIdOnLogin) { delegate.setTurnOffChangeSessionIdOnLogin(turnOffChangeSessionIdOnLogin); }
@Override public boolean isAlwaysRefreshToken() { return delegate.isAlwaysRefreshToken(); }
@Override public void setCorsAllowedMethods(String corsAllowedMethods) { delegate.setCorsAllowedMethods(corsAllowedMethods); }
@Override public boolean isCors() { return delegate.isCors(); }