Skip to content

Commit

Permalink
KEYCLOAK-3273: Prefer module name for secure-deployment name.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ssilvert
ssilvert committed Jul 12, 2016
1 parent 73cbf85 commit 1d4e761
Show file tree
Hide file tree
Showing 13 changed files with 139 additions and 54 deletions.
13 changes: 6 additions & 7 deletions ...em/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
View file
Expand Up @@ -49,7 +49,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
@Override @Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
String deploymentName = deploymentUnit.getName();


// if it's not a web-app there's nothing to secure // if it's not a web-app there's nothing to secure
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
Expand All @@ -67,24 +66,24 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro
// otherwise // otherwise
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();


boolean hasSubsystemConfig = service.isSecureDeployment(deploymentName); boolean hasSubsystemConfig = service.isSecureDeployment(deploymentUnit);
boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod()); boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod());


if (hasSubsystemConfig || webRequiresKC) { if (hasSubsystemConfig || webRequiresKC) {
log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName); log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentUnit.getName());


// if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
if (hasSubsystemConfig) { if (hasSubsystemConfig) {
addJSONData(service.getJSON(deploymentName), warMetaData); addJSONData(service.getJSON(deploymentUnit), warMetaData);
if (loginConfig != null) { if (loginConfig != null) {
loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName)); loginConfig.setRealmName(service.getRealmName(deploymentUnit));
} else { } else {
log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentName + " (loginConfig == null)"); log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)");
} }
} }
addValve(webMetaData); addValve(webMetaData);
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
} }
} }


Expand Down
31 changes: 28 additions & 3 deletions .../as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
View file
Expand Up @@ -25,6 +25,9 @@
import java.util.Map; import java.util.Map;


import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.web.deployment.WarMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;


/** /**
* This service keeps track of the entire Keycloak management model so as to provide * This service keeps track of the entire Keycloak management model so as to provide
Expand Down Expand Up @@ -154,13 +157,15 @@ private String getValueOfAddrElement(ModelNode address, String elementName) {
return null; return null;
} }


public String getRealmName(String deploymentName) { public String getRealmName(DeploymentUnit deploymentUnit) {
String deploymentName = preferredDeploymentName(deploymentUnit);
ModelNode deployment = this.secureDeployments.get(deploymentName); ModelNode deployment = this.secureDeployments.get(deploymentName);
return deployment.get(RealmDefinition.TAG_NAME).asString(); return deployment.get(RealmDefinition.TAG_NAME).asString();


} }


public String getJSON(String deploymentName) { public String getJSON(DeploymentUnit deploymentUnit) {
String deploymentName = preferredDeploymentName(deploymentUnit);
ModelNode deployment = this.secureDeployments.get(deploymentName); ModelNode deployment = this.secureDeployments.get(deploymentName);
String realmName = deployment.get(RealmDefinition.TAG_NAME).asString(); String realmName = deployment.get(RealmDefinition.TAG_NAME).asString();
ModelNode realm = this.realms.get(realmName); ModelNode realm = this.realms.get(realmName);
Expand All @@ -184,9 +189,29 @@ private void setJSONValues(ModelNode json, ModelNode values) {
} }
} }


public boolean isSecureDeployment(String deploymentName) { public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
//log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size()); //log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());


String deploymentName = preferredDeploymentName(deploymentUnit);
return this.secureDeployments.containsKey(deploymentName); return this.secureDeployments.containsKey(deploymentName);
} }

// KEYCLOAK-3273: prefer module name if available
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
String deploymentName = deploymentUnit.getName();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return deploymentName;
}

JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
return deploymentName;
}

String moduleName = webMetaData.getModuleName();
if (moduleName != null) return moduleName + ".war";

return deploymentName;
}
} }
3 changes: 1 addition & 2 deletions ...6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakDependencyProcessor.java
View file
Expand Up @@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();


String deploymentName = deploymentUnit.getName(); if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) {
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) { if (warMetaData == null) {
return; return;
Expand Down
18 changes: 8 additions & 10 deletions ...n/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigDeploymentProcessor.java
View file
Expand Up @@ -46,8 +46,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP


// not sure if we need this yet, keeping here just in case // not sure if we need this yet, keeping here just in case
protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) { protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) {
String deploymentName = deploymentUnit.getName(); if (!service.isSecureDeployment(deploymentUnit)) {
if (!service.isSecureDeployment(deploymentName)) {
return; return;
} }
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
Expand All @@ -67,10 +66,9 @@ protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterC
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();


String deploymentName = deploymentUnit.getName();
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance(); KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
if (service.isSecureDeployment(deploymentName)) { if (service.isSecureDeployment(deploymentUnit)) {
addKeycloakAuthData(phaseContext, deploymentName, service); addKeycloakAuthData(phaseContext, service);
} }


// FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
Expand All @@ -79,14 +77,14 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro
// addSecurityDomain(deploymentUnit, service); // addSecurityDomain(deploymentUnit, service);
} }


private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException { private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) { if (warMetaData == null) {
throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem."); throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentUnit.getName() + ". Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
} }


addJSONData(service.getJSON(deploymentName), warMetaData); addJSONData(service.getJSON(deploymentUnit), warMetaData);
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) { if (webMetaData == null) {
webMetaData = new JBossWebMetaData(); webMetaData = new JBossWebMetaData();
Expand All @@ -99,8 +97,8 @@ private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String dep
webMetaData.setLoginConfig(loginConfig); webMetaData.setLoginConfig(loginConfig);
} }
loginConfig.setAuthMethod("KEYCLOAK"); loginConfig.setAuthMethod("KEYCLOAK");
loginConfig.setRealmName(service.getRealmName(deploymentName)); loginConfig.setRealmName(service.getRealmName(deploymentUnit));
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
} }


private void addJSONData(String json, WarMetaData warMetaData) { private void addJSONData(String json, WarMetaData warMetaData) {
Expand Down
31 changes: 28 additions & 3 deletions ...stem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
View file
Expand Up @@ -24,6 +24,9 @@
import java.util.Map; import java.util.Map;


import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.web.common.WarMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;


/** /**
* This service keeps track of the entire Keycloak management model so as to provide * This service keeps track of the entire Keycloak management model so as to provide
Expand Down Expand Up @@ -153,13 +156,15 @@ private String getValueOfAddrElement(ModelNode address, String elementName) {
return null; return null;
} }


public String getRealmName(String deploymentName) { public String getRealmName(DeploymentUnit deploymentUnit) {
String deploymentName = preferredDeploymentName(deploymentUnit);
ModelNode deployment = this.secureDeployments.get(deploymentName); ModelNode deployment = this.secureDeployments.get(deploymentName);
return deployment.get(RealmDefinition.TAG_NAME).asString(); return deployment.get(RealmDefinition.TAG_NAME).asString();


} }


public String getJSON(String deploymentName) { public String getJSON(DeploymentUnit deploymentUnit) {
String deploymentName = preferredDeploymentName(deploymentUnit);
ModelNode deployment = this.secureDeployments.get(deploymentName); ModelNode deployment = this.secureDeployments.get(deploymentName);
String realmName = deployment.get(RealmDefinition.TAG_NAME).asString(); String realmName = deployment.get(RealmDefinition.TAG_NAME).asString();
ModelNode realm = this.realms.get(realmName); ModelNode realm = this.realms.get(realmName);
Expand All @@ -183,9 +188,29 @@ private void setJSONValues(ModelNode json, ModelNode values) {
} }
} }


public boolean isSecureDeployment(String deploymentName) { public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
//log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size()); //log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());


String deploymentName = preferredDeploymentName(deploymentUnit);
return this.secureDeployments.containsKey(deploymentName); return this.secureDeployments.containsKey(deploymentName);
} }

// KEYCLOAK-3273: prefer module name if available
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
String deploymentName = deploymentUnit.getName();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return deploymentName;
}

JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
return deploymentName;
}

String moduleName = webMetaData.getModuleName();
if (moduleName != null) return moduleName + ".war";

return deploymentName;
}
} }
3 changes: 1 addition & 2 deletions ...ystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakDependencyProcessor.java
View file
Expand Up @@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();


String deploymentName = deploymentUnit.getName(); if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentUnit)) {
if (!KeycloakAdapterConfigService.getInstance().isSecureDeployment(deploymentName)) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) { if (warMetaData == null) {
return; return;
Expand Down
2 changes: 0 additions & 2 deletions ...ubsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
View file
Expand Up @@ -78,8 +78,6 @@ public void testJsonFromSignedJWTCredentials() {
addCredential(addr, service, "secret", "secret1"); addCredential(addr, service, "secret", "secret1");
addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks"); addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
addCredential(addr, service, "jwt.token-timeout", "10"); addCredential(addr, service, "jwt.token-timeout", "10");

System.out.println("Deployment: " + service.getJSON("foo"));
} }


private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) { private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
Expand Down
29 changes: 26 additions & 3 deletions .../saml/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Configuration.java
View file
Expand Up @@ -16,8 +16,11 @@
*/ */
package org.keycloak.subsystem.saml.as7; package org.keycloak.subsystem.saml.as7;


import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.web.deployment.WarMetaData;
import org.jboss.dmr.ModelNode; import org.jboss.dmr.ModelNode;
import org.jboss.dmr.Property; import org.jboss.dmr.Property;
import org.jboss.metadata.web.jboss.JBossWebMetaData;


/** /**
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a> * @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
Expand Down Expand Up @@ -46,15 +49,35 @@ private ModelNode getNodeForAddressElement(ModelNode node, Property item) {
return keymodel.get(key); return keymodel.get(key);
} }


public ModelNode getSecureDeployment(String name) { public ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) {
String name = preferredDeploymentName(deploymentUnit);
ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT); ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT);
if (secureDeployment.hasDefined(name)) { if (secureDeployment.hasDefined(name)) {
return secureDeployment.get(name); return secureDeployment.get(name);
} }
return null; return null;
} }


public boolean isSecureDeployment(String name) { public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
return getSecureDeployment(name) != null; return getSecureDeployment(deploymentUnit) != null;
}

// KEYCLOAK-3273: prefer module name if available
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
String deploymentName = deploymentUnit.getName();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return deploymentName;
}

JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
return deploymentName;
}

String moduleName = webMetaData.getModuleName();
if (moduleName != null) return moduleName + ".war";

return deploymentName;
} }
} }
15 changes: 7 additions & 8 deletions ...c/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java
View file
Expand Up @@ -51,7 +51,6 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
@Override @Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
String deploymentName = deploymentUnit.getName();


WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) { if (warMetaData == null) {
Expand All @@ -69,30 +68,30 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro


try { try {
boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod()); boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod());
boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentName); boolean hasSubsystemConfig = Configuration.INSTANCE.isSecureDeployment(deploymentUnit);
if (hasSubsystemConfig || webRequiresKC) { if (hasSubsystemConfig || webRequiresKC) {
log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName); log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentUnit.getName());


// if secure-deployment configuration exists for web app, we force KEYCLOAK-SAML auth method on it // if secure-deployment configuration exists for web app, we force KEYCLOAK-SAML auth method on it
if (hasSubsystemConfig) { if (hasSubsystemConfig) {
addXMLData(getXML(deploymentName), warMetaData); addXMLData(getXML(deploymentUnit), warMetaData);
if (loginConfig != null) { if (loginConfig != null) {
loginConfig.setAuthMethod("KEYCLOAK-SAML"); loginConfig.setAuthMethod("KEYCLOAK-SAML");
//loginConfig.setRealmName(service.getRealmName(deploymentName)); //loginConfig.setRealmName(service.getRealmName(deploymentName));
} else { } else {
log.warn("Failed to set up KEYCLOAK-SAML auth method for WAR: " + deploymentName + " (loginConfig == null)"); log.warn("Failed to set up KEYCLOAK-SAML auth method for WAR: " + deploymentUnit.getName() + " (loginConfig == null)");
} }
} }
addValve(webMetaData); addValve(webMetaData);
KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName); KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentUnit.getName());
} }
} catch (Exception e) { } catch (Exception e) {
throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e); throw new DeploymentUnitProcessingException("Failed to configure KeycloakSamlExtension from subsystem model", e);
} }
} }


private String getXML(String deploymentName) throws XMLStreamException { private String getXML(DeploymentUnit deploymentUnit) throws XMLStreamException {
ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentName); ModelNode node = Configuration.INSTANCE.getSecureDeployment(deploymentUnit);
if (node != null) { if (node != null) {
KeycloakSubsystemParser writer = new KeycloakSubsystemParser(); KeycloakSubsystemParser writer = new KeycloakSubsystemParser();
ByteArrayOutputStream output = new ByteArrayOutputStream(); ByteArrayOutputStream output = new ByteArrayOutputStream();
Expand Down
3 changes: 1 addition & 2 deletions .../subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java
View file
Expand Up @@ -46,8 +46,7 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();


String deploymentName = deploymentUnit.getName(); if (Configuration.INSTANCE.getSecureDeployment(deploymentUnit) == null) {
if (Configuration.INSTANCE.getSecureDeployment(deploymentName) == null) {
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) { if (warMetaData == null) {
return; return;
Expand Down
25 changes: 24 additions & 1 deletion ...-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Configuration.java
View file
Expand Up @@ -16,8 +16,11 @@
*/ */
package org.keycloak.subsystem.adapter.saml.extension; package org.keycloak.subsystem.adapter.saml.extension;


import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.web.common.WarMetaData;
import org.jboss.dmr.ModelNode; import org.jboss.dmr.ModelNode;
import org.jboss.dmr.Property; import org.jboss.dmr.Property;
import org.jboss.metadata.web.jboss.JBossWebMetaData;


/** /**
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a> * @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
Expand Down Expand Up @@ -46,11 +49,31 @@ private ModelNode getNodeForAddressElement(ModelNode node, Property item) {
return keymodel.get(key); return keymodel.get(key);
} }


public ModelNode getSecureDeployment(String name) { public ModelNode getSecureDeployment(DeploymentUnit deploymentUnit) {
String name = preferredDeploymentName(deploymentUnit);
ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT); ModelNode secureDeployment = config.get("subsystem").get("keycloak-saml").get(Constants.Model.SECURE_DEPLOYMENT);
if (secureDeployment.hasDefined(name)) { if (secureDeployment.hasDefined(name)) {
return secureDeployment.get(name); return secureDeployment.get(name);
} }
return null; return null;
} }

// KEYCLOAK-3273: prefer module name if available
private String preferredDeploymentName(DeploymentUnit deploymentUnit) {
String deploymentName = deploymentUnit.getName();
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return deploymentName;
}

JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
if (webMetaData == null) {
return deploymentName;
}

String moduleName = webMetaData.getModuleName();
if (moduleName != null) return moduleName + ".war";

return deploymentName;
}
} }

0 comments on commit 1d4e761

Please sign in to comment.