New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.x OIDC #3240
Conversation
Sorry - my bad. I built/tested with JDK11 without Spring. |
Test resultsRun attempt: 1202
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic job!
A few minor comments but otherwise all great to me.
hawtio-system/src/main/java/io/hawt/web/auth/AuthConfigurationServlet.java
Outdated
Show resolved
Hide resolved
hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationConfiguration.java
Show resolved
Hide resolved
@grgrzybek Please resolve conflicts before merging. Also, do you already consider the remaining comment as resolved? We need to resolve all before merging a pull req as a repository rule. |
Here's a short description of the changes:
AuthConfigurationServlet
servlet (path/auth/config
) that returns OIDC configuration, so client side know whether (or not) to use OIDC. Similar role to Keycloak servletAuthenticationConfiguration
is prepared earlier - inHawtioContextListener
, because it's needed both inAuthConfigurationServlet
andContentSecurityPolicyFilter
AuthenticationConfiguration
contains additional fields read from properties file, related to OIDC configurationio.hawt.web.auth.oidc.OidcConfiguration
containing everything needed for OIDC configurationio.hawt.web.auth.oidc.OidcLoginModule
which is JAAS login modulejwks_uri
endpointContentSecurityPolicyFilter
configuration is a bit better (IMO) - instead of usingString.format()
, it constructs properContent-Security-Policy
using lists