KEYCLOAK-3196: Use WildFly management model for server configuration.

distribution/demo-dist/src/main/xslt/standalone.xsl

@@ -59,6 +59,65 @@
             <xsl:apply-templates select="node()|@*"/>
             <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
                 <web-context>auth</web-context>
+                <providers>
+                    <provider>classpath:${jboss.home.dir}/providers/*</provider>
+                </providers>
+                <master-realm-name>master</master-realm-name>
+                <scheduled-task-interval>900</scheduled-task-interval>
+                <theme>
+                    <staticMaxAge>2592000</staticMaxAge>
+                    <cacheThemes>true</cacheThemes>
+                    <cacheTemplates>true</cacheTemplates>
+                    <dir>${jboss.home.dir}/themes</dir>
+                </theme>
+                <spi name="eventsStore">
+                    <default-provider>jpa</default-provider>
+                    <provider name="jpa" enabled="true">
+                        <properties>
+                            <property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]"/>
+                        </properties>
+                    </provider>
+                </spi>
+                <spi name="realm">
+                    <default-provider>jpa</default-provider>
+                </spi>
+                <spi name="user">
+                    <default-provider>jpa</default-provider>
+                </spi>
+                <spi name="userCache">
+                    <provider name="default" enabled="true"/>
+                </spi>
+                <spi name="userSessionPersister">
+                    <default-provider>jpa</default-provider>
+                </spi>
+                <spi name="authorizationPersister">
+                    <default-provider>jpa</default-provider>
+                </spi>
+                <spi name="timer">
+                    <default-provider>basic</default-provider>
+                </spi>
+                <spi name="connectionsHttpClient">
+                    <provider name="default" enabled="true"/>
+                </spi>
+                <spi name="connectionsJpa">
+                    <provider name="default" enabled="true">
+                        <properties>
+                            <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
+                            <property name="databaseSchema" value="update"/>
+                        </properties>
+                    </provider>
+                </spi>
+                <spi name="realmCache">
+                    <provider name="default" enabled="true"/>
+                </spi>
+                <spi name="connectionsInfinispan">
+                    <default-provider>default</default-provider>
+                    <provider name="default" enabled="true">
+                        <properties>
+                            <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
+                        </properties>
+                    </provider>
+                </spi>
             </subsystem>
             <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
             <subsystem xmlns="urn:jboss:domain:keycloak-saml:1.1"/>

distribution/feature-packs/server-feature-pack/assembly.xml

@@ -59,15 +59,4 @@
             </includes>
         </fileSet>
     </fileSets>
-
-    <files>
-        <file>
-            <source>src/main/resources/content/standalone/configuration/keycloak-server.json</source>
-            <outputDirectory>content/domain/servers/server-one/configuration</outputDirectory>
-        </file>
-        <file>
-            <source>src/main/resources/content/standalone/configuration/keycloak-server.json</source>
-            <outputDirectory>content/domain/servers/server-two/configuration</outputDirectory>
-        </file>
-    </files>
 </assembly>

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml

@@ -55,6 +55,7 @@
         <module name="org.jboss.resteasy.resteasy-jaxrs"/>
         <module name="org.jboss.resteasy.resteasy-crypto"/>
         <module name="org.jboss.resteasy.resteasy-multipart-provider"/>
+        <module name="org.jboss.dmr"/>
         <module name="javax.servlet.api"/>
         <module name="com.fasterxml.jackson.core.jackson-core"/>
         <module name="com.fasterxml.jackson.core.jackson-annotations"/>

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-server-subsystem/main/module.xml

@@ -28,6 +28,8 @@
     </resources>
 
     <dependencies>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
         <module name="javax.api"/>
         <module name="org.jboss.staxmapper"/>
         <module name="org.jboss.as.controller"/>

distribution/server-overlay/assembly.xml

@@ -84,10 +84,6 @@
     </fileSets>
 
     <files>
-        <file>
-            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/keycloak-server.json</source>
-            <outputDirectory>standalone/configuration</outputDirectory>
-        </file>
         <file>
             <source>${project.build.directory}/unpacked/keycloak-${project.version}/bin/add-user-keycloak.sh</source>
             <outputDirectory>bin</outputDirectory>

distribution/server-overlay/cli/keycloak-install-ha.cli

@@ -11,4 +11,22 @@ embed-server --server-config=standalone-ha.xml
 /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization:add(mode="SYNC",owners="1")
 /subsystem=infinispan/cache-container=keycloak/replicated-cache=work:add(mode="SYNC")
 /extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
-/subsystem=keycloak-server:add(web-context=auth)
+/subsystem=keycloak-server:add(web-context=auth,master-realm-name=master,scheduled-task-interval=900,providers=[classpath:${jboss.home.dir}/providers/*])
+/subsystem=keycloak-server/theme=defaults/:add(dir=${jboss.home.dir}/themes,staticMaxAge=2592000,cacheTemplates=true,cacheThemes=true)
+/subsystem=keycloak-server/spi=eventsStore/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=eventsStore/provider=jpa/:add(properties={exclude-events => "[\"REFRESH_TOKEN\"]"},enabled=true)
+/subsystem=keycloak-server/spi=realm/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=user/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=userCache/:add
+/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+/subsystem=keycloak-server/spi=userSessionPersister/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=authorizationPersister/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=timer/:add(default-provider=basic)
+/subsystem=keycloak-server/spi=connectionsHttpClient/:add
+/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default/:add(enabled=true)
+/subsystem=keycloak-server/spi=connectionsJpa/:add
+/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:add(properties={dataSource => "java:jboss/datasources/KeycloakDS",databaseSchema => "update"},enabled=true)
+/subsystem=keycloak-server/spi=realmCache/:add
+/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+/subsystem=keycloak-server/spi=connectionsInfinispan/:add(default-provider=default)
+/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default/:add(properties={cacheContainer => "java:comp/env/infinispan/Keycloak"},enabled=true)

distribution/server-overlay/cli/keycloak-install.cli

@@ -11,4 +11,22 @@ embed-server --server-config=standalone.xml
 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization:add()
 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:add(max-entries=100,strategy=LRU)
 /extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
-/subsystem=keycloak-server:add(web-context=auth)
+/subsystem=keycloak-server:add(web-context=auth,master-realm-name=master,scheduled-task-interval=900,providers=[classpath:${jboss.home.dir}/providers/*])
+/subsystem=keycloak-server/theme=defaults/:add(dir=${jboss.home.dir}/themes,staticMaxAge=2592000,cacheTemplates=true,cacheThemes=true)
+/subsystem=keycloak-server/spi=eventsStore/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=eventsStore/provider=jpa/:add(properties={exclude-events => "[\"REFRESH_TOKEN\"]"},enabled=true)
+/subsystem=keycloak-server/spi=realm/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=user/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=userCache/:add
+/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+/subsystem=keycloak-server/spi=userSessionPersister/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=authorizationPersister/:add(default-provider=jpa)
+/subsystem=keycloak-server/spi=timer/:add(default-provider=basic)
+/subsystem=keycloak-server/spi=connectionsHttpClient/:add
+/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default/:add(enabled=true)
+/subsystem=keycloak-server/spi=connectionsJpa/:add
+/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:add(properties={dataSource => "java:jboss/datasources/KeycloakDS",databaseSchema => "update"},enabled=true)
+/subsystem=keycloak-server/spi=realmCache/:add
+/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+/subsystem=keycloak-server/spi=connectionsInfinispan/:add(default-provider=default)
+/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default/:add(properties={cacheContainer => "java:comp/env/infinispan/Keycloak"},enabled=true)

services/pom.xml

@@ -72,6 +72,11 @@
             <artifactId>twitter4j-core</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-controller</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.jboss.logging</groupId>
             <artifactId>jboss-logging</artifactId>

services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java

@@ -56,12 +56,17 @@
 import java.net.URI;
 import java.net.URL;
 import java.util.*;
+import org.jboss.dmr.ModelNode;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
 public class KeycloakApplication extends Application {
+    // This param name is defined again in Keycloak Server Subsystem class
+    // org.keycloak.subsystem.server.extension.KeycloakServerDeploymentProcessor.  We have this value in
+    // two places to avoid dependency between Keycloak Subsystem and Keycloak Services module.
+    public static final String KEYCLOAK_CONFIG_PARAM_NAME = "org.keycloak.server-subsystem.Config";
 
     private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
 
@@ -73,7 +78,7 @@ public class KeycloakApplication extends Application {
 
     public KeycloakApplication(@Context ServletContext context, @Context Dispatcher dispatcher) {
         try {
-            loadConfig();
+            loadConfig(context);
 
             this.contextPath = context.getContextPath();
             this.sessionFactory = createSessionFactory();
@@ -209,12 +214,18 @@ public URI getBaseUri(UriInfo uriInfo) {
         return uriInfo.getBaseUriBuilder().replacePath(getContextPath()).build();
     }
 
-    public static void loadConfig() {
+    public static void loadConfig(ServletContext context) {
         try {
             JsonNode node = null;
+
+            String dmrConfig = loadDmrConfig(context);
+            if (dmrConfig != null) {
+                node = new ObjectMapper().readTree(dmrConfig);
+                logger.loadingFrom("standalone.xml or domain.xml");
+            }
 
             String configDir = System.getProperty("jboss.server.config.dir");
-            if (configDir != null) {
+            if (node == null && configDir != null) {
                 File f = new File(configDir + File.separator + "keycloak-server.json");
                 if (f.isFile()) {
                     logger.loadingFrom(f.getAbsolutePath());
@@ -235,12 +246,23 @@ public static void loadConfig() {
                 Config.init(new JsonConfigProvider(node, properties));
                 return;
             } else {
-                throw new RuntimeException("Config 'keycloak-server.json' not found");
+                throw new RuntimeException("Keycloak config not found.");
             }
         } catch (IOException e) {
             throw new RuntimeException("Failed to load config", e);
         }
     }
+
+    private static String loadDmrConfig(ServletContext context) {
+        String dmrConfig = context.getInitParameter(KEYCLOAK_CONFIG_PARAM_NAME);
+        if (dmrConfig == null) return null;
+
+        ModelNode dmrConfigNode = ModelNode.fromString(dmrConfig);
+        if (dmrConfigNode.asPropertyList().isEmpty()) return null;
+
+        // note that we need to resolve expressions BEFORE we convert to JSON
+        return dmrConfigNode.resolve().toJSONString(true);
+    }
 
     public static KeycloakSessionFactory createSessionFactory() {
         DefaultKeycloakSessionFactory factory = new DefaultKeycloakSessionFactory();

services/src/main/java/org/keycloak/truststore/SSLSocketFactory.java

@@ -29,7 +29,7 @@
  * <p>
  * This SSLSocketFactory can only use truststore configured by TruststoreProvider after the ProviderFactory was
  * initialized using standard Spi load / init mechanism. That will only happen if "truststore" provider is configured
- * in keycloak-server.json.
+ * in standalone.xml or domain.xml.
  * <p>
  * If TruststoreProvider is not available this SSLSocketFactory will delegate all operations to javax.net.ssl.SSLSocketFactory.getDefault().
  *

themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties

@@ -684,7 +684,7 @@ ldap.custom-user-ldap-filter.tooltip=Additional LDAP Filter for filtering search
 search-scope=Search Scope
 ldap.search-scope.tooltip=For one level, we search for users just in DNs specified by User DNs. For subtree, we search in whole of their subtree. See LDAP documentation for more details
 use-truststore-spi=Use Truststore SPI
-ldap.use-truststore-spi.tooltip=Specifies whether LDAP connection will use the truststore SPI with the truststore configured in keycloak-server.json. 'Always' means that it will always use it. 'Never' means that it won't use it. 'Only for ldaps' means that it will use if your connection URL use ldaps. Note even if keycloak-server.json is not configured, the default Java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
+ldap.use-truststore-spi.tooltip=Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. 'Always' means that it will always use it. 'Never' means that it won't use it. 'Only for ldaps' means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
 connection-pooling=Connection Pooling
 ldap.connection-pooling.tooltip=Does Keycloak should use connection pooling for accessing LDAP server
 ldap.pagination.tooltip=Does the LDAP server support pagination.

wildfly/server-subsystem/pom.xml

@@ -52,6 +52,14 @@
     </build>
 
     <dependencies>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.wildfly.core</groupId>
             <artifactId>wildfly-controller</artifactId>