@Override
  public void setClientCredentials(
      KeycloakDeployment deployment,
      Map<String, String> requestHeaders,
      Map<String, String> formParams) {
    String signedToken =
        createSignedRequestToken(deployment.getResourceName(), deployment.getRealmInfoUrl());

    formParams.put(
        OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT);
    formParams.put(OAuth2Constants.CLIENT_ASSERTION, signedToken);
  }
  @Override
  public void init(KeycloakDeployment deployment, Object config) {
    if (config == null || !(config instanceof Map)) {
      throw new RuntimeException(
          "Configuration of jwt credentials is missing or incorrect for client '"
              + deployment.getResourceName()
              + "'. Check your adapter configuration");
    }

    Map<String, Object> cfg = (Map<String, Object>) config;

    String clientKeystoreFile = (String) cfg.get("client-keystore-file");
    if (clientKeystoreFile == null) {
      throw new RuntimeException(
          "Missing parameter client-keystore-file in configuration of jwt for client "
              + deployment.getResourceName());
    }

    String clientKeystoreType = (String) cfg.get("client-keystore-type");
    KeystoreUtil.KeystoreFormat clientKeystoreFormat =
        clientKeystoreType == null
            ? KeystoreUtil.KeystoreFormat.JKS
            : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType.toUpperCase());

    String clientKeystorePassword = (String) cfg.get("client-keystore-password");
    if (clientKeystorePassword == null) {
      throw new RuntimeException(
          "Missing parameter client-keystore-password in configuration of jwt for client "
              + deployment.getResourceName());
    }

    String clientKeyPassword = (String) cfg.get("client-key-password");
    if (clientKeyPassword == null) {
      clientKeyPassword = clientKeystorePassword;
    }

    String clientKeyAlias = (String) cfg.get("client-key-alias");
    if (clientKeyAlias == null) {
      clientKeyAlias = deployment.getResourceName();
    }
    this.privateKey =
        KeystoreUtil.loadPrivateKeyFromKeystore(
            clientKeystoreFile,
            clientKeystorePassword,
            clientKeyPassword,
            clientKeyAlias,
            clientKeystoreFormat);

    this.tokenTimeout = asInt(cfg, "token-timeout", 10);
  }
  @Override
  public void setClientCredentials(
      KeycloakDeployment deployment,
      Map<String, String> requestHeaders,
      Map<String, String> formParams) {
    String clientId = deployment.getResourceName();

    if (!deployment.isPublicClient()) {
      if (clientSecret != null) {
        String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
        requestHeaders.put("Authorization", authorization);
      } else {
        logger.warnf("Client '%s' doesn't have secret available", clientId);
      }
    } else {
      formParams.put(OAuth2Constants.CLIENT_ID, clientId);
    }
  }
예제 #4
0
 /**
  * This function has been copied (and modified) from the Keycloak AdapterDeploymentContext class.
  * It should be kept up-to-date with future versions of Keycloak.
  */
 private KeycloakUriBuilder getBaseBuilder(
     KeycloakDeployment deployment, HttpFacade.Request facadeRequest) {
   String base = deployment.getAuthServerBaseUrl();
   KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(base);
   URI request = URI.create(facadeRequest.getURI());
   String scheme = request.getScheme();
   if (deployment.getSslRequired().isRequired(facadeRequest.getRemoteAddr())) {
     scheme = "https";
     if (!request.getScheme().equals(scheme) && request.getPort() != -1) {
       throw new RuntimeException("Can't resolve relative url from adapter config.");
     }
   }
   builder.scheme(scheme);
   builder.host(request.getHost());
   if (request.getPort() != -1) {
     builder.port(request.getPort());
   }
   return builder;
 }
예제 #5
0
 /**
  * This function has been copied (and modified) from the Keycloak AdapterDeploymentContext class.
  * It should be kept up-to-date with future versions of Keycloak.
  */
 public KeycloakDeployment resolveUrls(
     KeycloakDeployment deployment, HttpFacade.Request facadeRequest) {
   if (deployment.getRelativeUrls() == RelativeUrlsUsed.NEVER) {
     // Absolute URI are already set to everything
     return deployment;
   } else {
     DeploymentDelegate delegate = new DeploymentDelegate(deployment);
     delegate.setAuthServerBaseUrl(getBaseBuilder(deployment, facadeRequest).build().toString());
     return delegate;
   }
 }
예제 #6
0
 public boolean checkCorsPreflight(Request request, Response response) {
   log.finer("checkCorsPreflight " + request.getRequestURI());
   if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
     log.finer("checkCorsPreflight: not options ");
     return false;
   }
   if (request.getHeader("Origin") == null) {
     log.finer("checkCorsPreflight: no origin header");
     return false;
   }
   log.finer("Preflight request returning");
   response.setStatus(HttpServletResponse.SC_OK);
   String origin = request.getHeader("Origin");
   response.setHeader("Access-Control-Allow-Origin", origin);
   response.setHeader("Access-Control-Allow-Credentials", "true");
   String requestMethods = request.getHeader("Access-Control-Request-Method");
   if (requestMethods != null) {
     if (deployment.getCorsAllowedMethods() != null) {
       requestMethods = deployment.getCorsAllowedMethods();
     }
     response.setHeader("Access-Control-Allow-Methods", requestMethods);
   }
   String allowHeaders = request.getHeader("Access-Control-Request-Headers");
   if (allowHeaders != null) {
     if (deployment.getCorsAllowedHeaders() != null) {
       allowHeaders = deployment.getCorsAllowedHeaders();
     }
     response.setHeader("Access-Control-Allow-Headers", allowHeaders);
   }
   if (deployment.getCorsMaxAge() > -1) {
     response.setHeader("Access-Control-Max-Age", Integer.toString(deployment.getCorsMaxAge()));
   }
   return true;
 }
예제 #7
0
 @Override
 public void setRegisterNodePeriod(int registerNodePeriod) {
   delegate.setRegisterNodePeriod(registerNodePeriod);
 }
예제 #8
0
 @Override
 public void setAlwaysRefreshToken(boolean alwaysRefreshToken) {
   delegate.setAlwaysRefreshToken(alwaysRefreshToken);
 }
예제 #9
0
 @Override
 public int getRegisterNodePeriod() {
   return delegate.getRegisterNodePeriod();
 }
예제 #10
0
 @Override
 public boolean isUseResourceRoleMappings() {
   return delegate.isUseResourceRoleMappings();
 }
예제 #11
0
 @Override
 public void setCors(boolean cors) {
   delegate.setCors(cors);
 }
예제 #12
0
 @Override
 public String getPrincipalAttribute() {
   return delegate.getPrincipalAttribute();
 }
예제 #13
0
 @Override
 public boolean isTurnOffChangeSessionIdOnLogin() {
   return delegate.isTurnOffChangeSessionIdOnLogin();
 }
예제 #14
0
 @Override
 public void setExposeToken(boolean exposeToken) {
   delegate.setExposeToken(exposeToken);
 }
예제 #15
0
 @Override
 public boolean isExposeToken() {
   return delegate.isExposeToken();
 }
예제 #16
0
 @Override
 public void setNotBefore(int notBefore) {
   delegate.setNotBefore(notBefore);
 }
예제 #17
0
 @Override
 public int getNotBefore() {
   return delegate.getNotBefore();
 }
예제 #18
0
 @Override
 public String getCorsAllowedHeaders() {
   return delegate.getCorsAllowedHeaders();
 }
예제 #19
0
 @Override
 public void setCorsMaxAge(int corsMaxAge) {
   delegate.setCorsMaxAge(corsMaxAge);
 }
예제 #20
0
 @Override
 public int getCorsMaxAge() {
   return delegate.getCorsMaxAge();
 }
예제 #21
0
 @Override
 public void setRegisterNodeAtStartup(boolean registerNodeAtStartup) {
   delegate.setRegisterNodeAtStartup(registerNodeAtStartup);
 }
예제 #22
0
 @Override
 public void setUseResourceRoleMappings(boolean useResourceRoleMappings) {
   delegate.setUseResourceRoleMappings(useResourceRoleMappings);
 }
예제 #23
0
 @Override
 public boolean isRegisterNodeAtStartup() {
   return delegate.isRegisterNodeAtStartup();
 }
예제 #24
0
 @Override
 public String getCorsAllowedMethods() {
   return delegate.getCorsAllowedMethods();
 }
예제 #25
0
 @Override
 public void setPrincipalAttribute(String principalAttribute) {
   delegate.setPrincipalAttribute(principalAttribute);
 }
예제 #26
0
 @Override
 public void setCorsAllowedHeaders(String corsAllowedHeaders) {
   delegate.setCorsAllowedHeaders(corsAllowedHeaders);
 }
예제 #27
0
 @Override
 public void setTurnOffChangeSessionIdOnLogin(boolean turnOffChangeSessionIdOnLogin) {
   delegate.setTurnOffChangeSessionIdOnLogin(turnOffChangeSessionIdOnLogin);
 }
예제 #28
0
 @Override
 public boolean isAlwaysRefreshToken() {
   return delegate.isAlwaysRefreshToken();
 }
예제 #29
0
 @Override
 public void setCorsAllowedMethods(String corsAllowedMethods) {
   delegate.setCorsAllowedMethods(corsAllowedMethods);
 }
예제 #30
0
 @Override
 public boolean isCors() {
   return delegate.isCors();
 }