/** * Creates login-config part of web.xml descriptor. * * <pre> * <login-config> * <auth-method>EjbDeploymentAuthMethod</auth-method> * <realm-name>EJBWebServiceEndpointServlet Realm</realm-name> * </login-config> * </pre> * * @param dep webservice deployment * @param jbossWebMD jboss web meta data */ private void createLoginConfig(final Deployment dep, final JBossWebMetaData jbossWebMD) { final String authMethod = this.getAuthMethod(dep); final boolean hasAuthMethod = authMethod != null; if (hasAuthMethod) { this.log.debug("Creating new login config: " + WebMetaDataCreator.EJB_WEBSERVICE_REALM + ", auth method: " + authMethod); final LoginConfigMetaData loginConfig = WebMetaDataHelper.getLoginConfig(jbossWebMD); loginConfig.setRealmName(WebMetaDataCreator.EJB_WEBSERVICE_REALM); loginConfig.setAuthMethod(authMethod); } }
public static void augment(LoginConfigMetaData dest, LoginConfigMetaData webFragmentMetaData, LoginConfigMetaData webMetaData, boolean resolveConflicts) { if (dest.getAuthMethod() == null) { dest.setAuthMethod(webFragmentMetaData.getAuthMethod()); } else if (webFragmentMetaData.getAuthMethod() != null) { if (!resolveConflicts && !dest.getAuthMethod().equals(webFragmentMetaData.getAuthMethod()) && (webMetaData == null || webMetaData.getAuthMethod() == null)) { throw new IllegalStateException("Unresolved conflict on auth method: " + dest.getAuthMethod()); } } if (dest.getRealmName() == null) { dest.setRealmName(webFragmentMetaData.getRealmName()); } else if (webFragmentMetaData.getRealmName() != null) { if (!resolveConflicts && !dest.getRealmName().equals(webFragmentMetaData.getRealmName()) && (webMetaData == null || webMetaData.getRealmName() == null)) { throw new IllegalStateException("Unresolved conflict on realm name: " + dest.getRealmName()); } } if (dest.getFormLoginConfig() == null) { dest.setFormLoginConfig(webFragmentMetaData.getFormLoginConfig()); } else if (webFragmentMetaData.getFormLoginConfig() != null) { FormLoginConfigMetaDataMerger.augment(dest.getFormLoginConfig(), webFragmentMetaData.getFormLoginConfig(), (webMetaData != null) ? webMetaData.getFormLoginConfig() : null, resolveConflicts); } } }
List<AuthMethodConfig> authMethod = authMethod(loginConfig.getAuthMethod()); if (loginConfig.getFormLoginConfig() != null) { d.setLoginConfig(new LoginConfig(loginConfig.getRealmName(), loginConfig.getFormLoginConfig().getLoginPage(), loginConfig.getFormLoginConfig().getErrorPage())); } else { d.setLoginConfig(new LoginConfig(loginConfig.getRealmName()));
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); } addJSONData(service.getJSON(deploymentName), warMetaData); JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { webMetaData = new JBossWebMetaData(); warMetaData.setMergedJBossWebMetaData(webMetaData); } LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig == null) { loginConfig = new LoginConfigMetaData(); webMetaData.setLoginConfig(loginConfig); } loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentName)); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); }
public static LoginConfigMetaData parse(XMLStreamReader reader, PropertyReplacer propertyReplacer) throws XMLStreamException { LoginConfigMetaData loginConfig = new LoginConfigMetaData(); switch (attribute) { case ID: { loginConfig.setId(value); break; switch (element) { case AUTH_METHOD: loginConfig.setAuthMethod(getElementText(reader, propertyReplacer)); break; case REALM_NAME: loginConfig.setRealmName(getElementText(reader, propertyReplacer)); break; case FORM_LOGIN_CONFIG: loginConfig.setFormLoginConfig(FormLoginConfigMetaDataParser.parse(reader, propertyReplacer)); break; default:
boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod()); boolean isConfigured = service.isDeploymentConfigured(deploymentUnit); addJSONData(service.getJSON(deploymentUnit), warMetaData); if (loginConfig != null) { loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentUnit)); } else { log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)");
private void addKeycloakSamlAuthData(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); } try { addXMLData(getXML(deploymentUnit), warMetaData); } catch (Exception e) { throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e); } JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { webMetaData = new JBossWebMetaData(); warMetaData.setMergedJBossWebMetaData(webMetaData); } LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig == null) { loginConfig = new LoginConfigMetaData(); webMetaData.setLoginConfig(loginConfig); } loginConfig.setAuthMethod("KEYCLOAK-SAML"); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); }
/** * Gets login config meta data from jboss web meta data. If not found it creates new login config meta data and associates * them with jboss web meta data. * * @param jbossWebMD jboss web meta data * @return login config meta data */ public static LoginConfigMetaData getLoginConfig(final JBossWebMetaData jbossWebMD) { LoginConfigMetaData loginConfigMD = jbossWebMD.getLoginConfig(); if (loginConfigMD == null) { loginConfigMD = new LoginConfigMetaData(); jbossWebMD.setLoginConfig(loginConfigMD); } return loginConfigMD; }
boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod()); boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentUnit); if (hasSubsystemConfig || webRequiresKC) { addXMLData(getXML(deploymentUnit), warMetaData); if (loginConfig != null) { loginConfig.setAuthMethod("KEYCLOAK-SAML");
public static boolean isKeycloakSamlAuthMethod(final DeploymentUnit deploymentUnit) { if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) != null) { return true; } WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return false; } JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { return false; } LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); return loginConfig != null && Objects.equals(loginConfig.getAuthMethod(), "KEYCLOAK-SAML"); }
private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); } addJSONData(service.getJSON(deploymentUnit), warMetaData); JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { webMetaData = new JBossWebMetaData(); warMetaData.setMergedJBossWebMetaData(webMetaData); } LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig == null) { loginConfig = new LoginConfigMetaData(); webMetaData.setLoginConfig(loginConfig); } loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setRealmName(service.getRealmName(deploymentUnit)); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName()); }
List<AuthMethodConfig> authMethod = authMethod(loginConfig.getAuthMethod()); if (loginConfig.getFormLoginConfig() != null) { d.setLoginConfig(new LoginConfig(loginConfig.getRealmName(), loginConfig.getFormLoginConfig().getLoginPage(), loginConfig.getFormLoginConfig().getErrorPage())); } else { d.setLoginConfig(new LoginConfig(loginConfig.getRealmName()));
/** * Gets login config meta data from jboss web meta data. If not found it creates new login config meta data and associates * them with jboss web meta data. * * @param jbossWebMD jboss web meta data * @return login config meta data */ public static LoginConfigMetaData getLoginConfig(final JBossWebMetaData jbossWebMD) { LoginConfigMetaData loginConfigMD = jbossWebMD.getLoginConfig(); if (loginConfigMD == null) { loginConfigMD = new LoginConfigMetaData(); jbossWebMD.setLoginConfig(loginConfigMD); } return loginConfigMD; }
public static boolean isKeycloakSamlAuthMethod(final DeploymentUnit deploymentUnit) { WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) { return false; } JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) { return false; } if (Configuration.INSTANCE.isSecureDeployment(deploymentUnit)) { return true; } LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); return loginConfig != null && Objects.equals(loginConfig.getAuthMethod(), "KEYCLOAK-SAML"); }
if (loginConfig == null) loginConfig = new LoginConfigMetaData(); jbwmd.setLoginConfig(loginConfig); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName("EJBServiceEndpointServlet Realm");
/** * Creates login-config part of web.xml descriptor. * * <pre> * <login-config> * <auth-method>EjbDeploymentAuthMethod</auth-method> * <realm-name>EJBWebServiceEndpointServlet Realm</realm-name> * </login-config> * </pre> * * @param dep webservice deployment * @param jbossWebMD jboss web meta data */ private void createLoginConfig(final Deployment dep, final JBossWebMetaData jbossWebMD) { final String authMethod = this.getAuthMethod(dep); final boolean hasAuthMethod = authMethod != null; if (hasAuthMethod) { this.log.debug("Creating new login config: " + WebMetaDataCreator.EJB_WEBSERVICE_REALM + ", auth method: " + authMethod); final LoginConfigMetaData loginConfig = WebMetaDataHelper.getLoginConfig(jbossWebMD); loginConfig.setRealmName(WebMetaDataCreator.EJB_WEBSERVICE_REALM); loginConfig.setAuthMethod(authMethod); } }
if (getAuthMethod() == null) setAuthMethod(webFragmentMetaData.getAuthMethod()); else if (webFragmentMetaData.getAuthMethod() != null) if (!resolveConflicts && !getAuthMethod().equals(webFragmentMetaData.getAuthMethod()) && (webMetaData == null || webMetaData.getAuthMethod() == null)) throw new IllegalStateException("Unresolved conflict on auth method: " + getAuthMethod()); if (getRealmName() == null) setRealmName(webFragmentMetaData.getRealmName()); else if (webFragmentMetaData.getRealmName() != null) if (!resolveConflicts && !getRealmName().equals(webFragmentMetaData.getRealmName()) && (webMetaData == null || webMetaData.getRealmName() == null)) throw new IllegalStateException("Unresolved conflict on realm name: " + getRealmName()); if (getFormLoginConfig() == null) setFormLoginConfig(webFragmentMetaData.getFormLoginConfig()); else if (webFragmentMetaData.getFormLoginConfig() != null) getFormLoginConfig().augment(webFragmentMetaData.getFormLoginConfig(),
List<AuthMethodConfig> authMethod = authMethod(loginConfig.getAuthMethod()); if (loginConfig.getFormLoginConfig() != null) { d.setLoginConfig(new LoginConfig(loginConfig.getRealmName(), loginConfig.getFormLoginConfig().getLoginPage(), loginConfig.getFormLoginConfig().getErrorPage())); } else { d.setLoginConfig(new LoginConfig(loginConfig.getRealmName()));
/** * Gets login config meta data from jboss web meta data. If not found it creates new login config meta data and associates * them with jboss web meta data. * * @param jbossWebMD jboss web meta data * @return login config meta data */ public static LoginConfigMetaData getLoginConfig(final JBossWebMetaData jbossWebMD) { LoginConfigMetaData loginConfigMD = jbossWebMD.getLoginConfig(); if (loginConfigMD == null) { loginConfigMD = new LoginConfigMetaData(); jbossWebMD.setLoginConfig(loginConfigMD); } return loginConfigMD; }
protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) { if (!service.isSecureDeployment(deploymentUnit)) { return; } WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); if (warMetaData == null) return; JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); if (webMetaData == null) return; LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); if (loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK")) { return; } webMetaData.setSecurityDomain("keycloak"); }