AS 7.1.1.Final / EAP 6.4 compatibility

distribution/adapters/as7-adapter-zip/assembly.xml

@@ -17,7 +17,6 @@
                 <include>org/keycloak/keycloak-core/**</include>
                 <include>org/keycloak/keycloak-adapter-core/**</include>
                 <include>org/keycloak/keycloak-jboss-adapter-core/**</include>
-                <include>org/keycloak/keycloak-undertow-adapter/**</include>
                 <include>org/keycloak/keycloak-as7-adapter/**</include>
                 <include>org/keycloak/keycloak-as7-subsystem/**</include>
             </includes>

distribution/adapters/eap6-adapter-zip/assembly.xml

@@ -11,15 +11,14 @@
         <fileSet>
             <directory>${project.build.directory}/unpacked</directory>
             <includes>
-                <include>net/iharder/base64/**</include>
                 <include>org/bouncycastle/**</include>
+                <include>net/iharder/base64/**</include>
                 <include>org/apache/httpcomponents/**</include>
                 <include>org/keycloak/keycloak-core/**</include>
                 <include>org/keycloak/keycloak-adapter-core/**</include>
                 <include>org/keycloak/keycloak-jboss-adapter-core/**</include>
-                <include>org/keycloak/keycloak-undertow-adapter/**</include>
                 <include>org/keycloak/keycloak-as7-adapter/**</include>
-                <include>org/keycloak/keycloak-subsystem/**</include>
+                <include>org/keycloak/keycloak-as7-subsystem/**</include>
             </includes>
             <excludes>
                 <exclude>**/*.war</exclude>

integration/keycloak-as7-subsystem/pom.xml → integration/as7-subsystem/pom.xml

@@ -31,14 +31,6 @@
 
     <build>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <source>${maven.compiler.source}</source>
-                    <target>${maven.compiler.target}</target>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>

integration/keycloak-as7-subsystem/src/main/java/org/keycloak/subsystem/extension/CredentialAddHandler.java → integration/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/CredentialAddHandler.java

@@ -15,31 +15,47 @@
  * the License.
  */
 
-package org.keycloak.subsystem.extension;
+package org.keycloak.subsystem.as7;
 
+import org.jboss.as.controller.AbstractAddStepHandler;
 import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.OperationContext;
 import org.jboss.as.controller.OperationFailedException;
 import org.jboss.as.controller.ServiceVerificationHandler;
 import org.jboss.dmr.ModelNode;
 import org.jboss.msc.service.ServiceController;
 
+import java.util.Collection;
+import java.util.LinkedList;
 import java.util.List;
 
 /**
  * Add a credential to a deployment.
  *
  * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
  */
-public class CredentialAddHandler extends AbstractAddStepHandlerWithAttributes {
+public class CredentialAddHandler extends AbstractAddStepHandler {
 
-    public CredentialAddHandler(AttributeDefinition... attributes) {
-        super(attributes);
+    protected Collection<AttributeDefinition> attributes = new LinkedList<>();
+
+    public CredentialAddHandler(AttributeDefinition... attrs) {
+        for (AttributeDefinition attr : attrs) {
+            attributes.add(attr);
+        }
+    }
+
+    @Override
+    protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+        if (attributes != null) {
+            for (AttributeDefinition attr : attributes) {
+                attr.validateAndSet(operation, model);
+            }
+        }
     }
 
     @Override
     protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
-        KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.find(context);
+        KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.getInstance();
         ckService.addCredential(operation, context.resolveExpressions(model));
     }
 

integration/keycloak-as7-subsystem/src/main/java/org/keycloak/subsystem/extension/CredentialDefinition.java → integration/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/CredentialDefinition.java

@@ -14,20 +14,19 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.keycloak.subsystem.extension;
+package org.keycloak.subsystem.as7;
 
 import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.PathElement;
 import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
 import org.jboss.as.controller.SimpleResourceDefinition;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
 import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
 import org.jboss.as.controller.operations.validation.StringLengthValidator;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
 import org.jboss.as.controller.registry.OperationEntry;
 import org.jboss.dmr.ModelType;
 
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DESCRIBE;
-
 /**
  * Defines attributes and operations for a credential.
  *
@@ -39,7 +38,6 @@ public class CredentialDefinition extends SimpleResourceDefinition {
 
     protected static final AttributeDefinition VALUE =
             new SimpleAttributeDefinitionBuilder("value", ModelType.STRING, false)
-            .setXmlName("value")
             .setAllowExpression(true)
             .setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, false, true))
             .build();
@@ -54,8 +52,7 @@ public CredentialDefinition() {
     @Override
     public void registerOperations(ManagementResourceRegistration resourceRegistration) {
         super.registerOperations(resourceRegistration);
-        resourceRegistration.registerOperationHandler(DESCRIBE, GenericSubsystemDescribeHandler.INSTANCE, GenericSubsystemDescribeHandler.INSTANCE, false, OperationEntry.EntryType.PRIVATE);
-        //resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
+        resourceRegistration.registerOperationHandler(ModelDescriptionConstants.DESCRIBE, GenericSubsystemDescribeHandler.INSTANCE, GenericSubsystemDescribeHandler.INSTANCE, false, OperationEntry.EntryType.PRIVATE);
     }
 
     @Override

integration/keycloak-as7-subsystem/src/main/java/org/keycloak/subsystem/extension/CredentialReadWriteAttributeHandler.java → integration/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/CredentialReadWriteAttributeHandler.java

@@ -15,7 +15,7 @@
  * the License.
  */
 
-package org.keycloak.subsystem.extension;
+package org.keycloak.subsystem.as7;
 
 import org.jboss.as.controller.AbstractWriteAttributeHandler;
 import org.jboss.as.controller.OperationContext;
@@ -33,7 +33,7 @@ public class CredentialReadWriteAttributeHandler extends AbstractWriteAttributeH
     protected boolean applyUpdateToRuntime(OperationContext context, ModelNode operation, String attributeName,
                                            ModelNode resolvedValue, ModelNode currentValue, AbstractWriteAttributeHandler.HandbackHolder<KeycloakAdapterConfigService> hh) throws OperationFailedException {
 
-        KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.find(context);
+        KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.getInstance();
         ckService.updateCredential(operation, attributeName, resolvedValue);
 
         hh.setHandback(ckService);

integration/keycloak-as7-subsystem/src/main/java/org/keycloak/subsystem/extension/CredentialRemoveHandler.java → integration/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/CredentialRemoveHandler.java

@@ -15,7 +15,7 @@
  * the License.
  */
 
-package org.keycloak.subsystem.extension;
+package org.keycloak.subsystem.as7;
 
 import org.jboss.as.controller.AbstractRemoveStepHandler;
 import org.jboss.as.controller.OperationContext;
@@ -35,7 +35,7 @@ private CredentialRemoveHandler() {}
 
     @Override
     protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
-        KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.find(context);
+        KeycloakAdapterConfigService ckService = KeycloakAdapterConfigService.getInstance();
         ckService.removeCredential(operation);
     }
 

integration/keycloak-as7-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigDeploymentProcessor.java → integration/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java

@@ -15,21 +15,20 @@
  * the License.
  */
 
-package org.keycloak.subsystem.extension;
+package org.keycloak.subsystem.as7;
 
 import org.jboss.as.server.deployment.DeploymentPhaseContext;
 import org.jboss.as.server.deployment.DeploymentUnit;
 import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
 import org.jboss.as.server.deployment.DeploymentUnitProcessor;
-import org.jboss.as.server.deployment.Phase;
 import org.jboss.as.web.deployment.WarMetaData;
 import org.jboss.logging.Logger;
 import org.jboss.metadata.javaee.spec.ParamValueMetaData;
 import org.jboss.metadata.web.jboss.JBossWebMetaData;
 import org.jboss.metadata.web.jboss.ValveMetaData;
 import org.jboss.metadata.web.spec.LoginConfigMetaData;
 import org.keycloak.adapters.jbossweb.KeycloakAuthenticatorValve;
-import org.keycloak.subsystem.logging.KeycloakLogger;
+import org.keycloak.subsystem.as7.logging.KeycloakLogger;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -47,45 +46,55 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
     // two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration.
     public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.json.adapterConfig";
 
-    public static final Phase PHASE = Phase.INSTALL;
-    // needs to run before INSTALL_WAR_DEPLOYMENT so that valves are added.
-    public static final int PRIORITY = Phase.INSTALL_WAR_DEPLOYMENT - 1;
-
-    @Override
-    public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
-        DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+    // not sure if we need this yet, keeping here just in case
+    protected void addSecurityDomain(DeploymentUnit deploymentUnit, KeycloakAdapterConfigService service) {
         String deploymentName = deploymentUnit.getName();
-
-        KeycloakAdapterConfigService service = KeycloakAdapterConfigService.find(phaseContext.getServiceRegistry());
-        //log.info("********* CHECK KEYCLOAK DEPLOYMENT: " + deploymentName);
-        if (service.isKeycloakDeployment(deploymentName)) {
-
-            addKeycloakAuthData(phaseContext, deploymentName, service);
+        if (!service.isSecureDeployment(deploymentName)) {
             return;
         }
-
-        // else check to see if KEYCLOAK is specified as login config
         WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
         if (warMetaData == null) return;
         JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
         if (webMetaData == null) return;
 
         LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
-        if (loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod())) {
-            addValve(webMetaData);
+        if (loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK")) {
+            return;
         }
+
+        webMetaData.setSecurityDomain("keycloak");
     }
 
-    private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) {
+    @Override
+    public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
+        DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+
+        String deploymentName = deploymentUnit.getName();
+        KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
+        if (service.isSecureDeployment(deploymentName)) {
+            addKeycloakAuthData(phaseContext, deploymentName, service);
+        }
+
+        // FYI, Undertow Extension will find deployments that have auth-method set to KEYCLOAK
+
+        // todo notsure if we need this
+        // addSecurityDomain(deploymentUnit, service);
+    }
+
+    private void addKeycloakAuthData(DeploymentPhaseContext phaseContext, String deploymentName, KeycloakAdapterConfigService service) throws DeploymentUnitProcessingException {
         DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
         WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
+        if (warMetaData == null) {
+            throw new DeploymentUnitProcessingException("WarMetaData not found for " + deploymentName + ".  Make sure you have specified a WAR as your secure-deployment in the Keycloak subsystem.");
+        }
 
         addJSONData(service.getJSON(deploymentName), warMetaData);
         JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
         if (webMetaData == null) {
             webMetaData = new JBossWebMetaData();
             warMetaData.setMergedJBossWebMetaData(webMetaData);
         }
+
         addValve(webMetaData);
 
         LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();