Keycloak bug fixes (Interactive Tenant CRUD not functioning although …

…test works)
openremote · Oct 8, 2019 · 14681c9 · 14681c9
1 parent 2a70e57
commit 14681c9
Show file tree

Hide file tree

Showing 24 changed files with 108 additions and 466 deletions.
diff --git a/container/src/main/java/org/openremote/container/security/AuthForm.java b/container/src/main/java/org/openremote/container/security/AuthForm.java
@@ -38,6 +38,26 @@ public class AuthForm {
     public AuthForm() {
     }
 
+    public AuthForm setClientId(String clientId) {
+        this.clientId = clientId;
+        return this;
+    }
+
+    public AuthForm setUsername(String username) {
+        this.username = username;
+        return this;
+    }
+
+    public AuthForm setPassword(String password) {
+        this.password = password;
+        return this;
+    }
+
+    public AuthForm setGrantType(String grantType) {
+        this.grantType = grantType;
+        return this;
+    }
+
     public AuthForm(String clientId, String username, String password) {
         this(clientId, username, password, "password");
     }

diff --git a/container/src/main/java/org/openremote/container/web/ProxyWebClientBuilder.java b/container/src/main/java/org/openremote/container/web/ProxyWebClientBuilder.java
@@ -24,6 +24,8 @@
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.protocol.HTTP;
 
+import javax.ws.rs.core.HttpHeaders;
+
 /**
  * This client will always set the configured Host header on all outgoing requests.
  * We use this to emulate a reverse proxy that "preserves" the Host header. Using a

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -38,7 +38,7 @@
 #
 # Your extension JAR files should be in the deployment/manager/extensions/ directory.
 #
-version: '2.2'
+version: '2.4'
 
 # If you enable volume mappings in services, you need this. Otherwise, remove the volumes
 volumes:
@@ -82,7 +82,8 @@ services:
       file: profile/deploy.yml
       service: manager
     depends_on:
-     - keycloak
+      keycloak:
+        condition: service_healthy
     volumes:
       - deployment-data:/deployment
 

diff --git a/keycloak/Dockerfile b/keycloak/Dockerfile
@@ -1,129 +1,19 @@
-FROM debian:stretch
+FROM jboss/keycloak:7.0.0
 MAINTAINER support@openremote.io
 
-# Install utilities
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        apt-transport-https \
-        gnupg2 \
-        software-properties-common \
-        procps \
-		ca-certificates \
-		curl \
-		wget \
-	&& rm -rf /var/lib/apt/lists/*
-
-# Default to UTF-8 file.encoding
-ENV LANG C.UTF-8
-
-# add a simple script that can auto-detect the appropriate JAVA_HOME value
-# based on whether the JDK or only the JRE is installed
-RUN { \
-		echo '#!/bin/sh'; \
-		echo 'set -e'; \
-		echo; \
-		echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
-	} > /usr/local/bin/docker-java-home \
-	&& chmod +x /usr/local/bin/docker-java-home
-
-# do some fancy footwork to create a JAVA_HOME that's cross-architecture-safe
-RUN ln -svT "/usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture)" /docker-java-home
-ENV JAVA_HOME /docker-java-home
-
-RUN set -ex; \
-	\
-# deal with slim variants not having man page directories (which causes "update-alternatives" to fail)
-	if [ ! -d /usr/share/man/man1 ]; then \
-		mkdir -p /usr/share/man/man1; \
-	fi; \
-	\
-	apt-get update; \
-	apt-get install -y \
-		openjdk-8-jdk \
-		ca-certificates-java\
-	; \
-	rm -rf /var/lib/apt/lists/*; \
-	\
-# verify that "docker-java-home" returns what we expect
-	[ "$(readlink -f "$JAVA_HOME")" = "$(docker-java-home)" ]; \
-	\
-# update-alternatives so that future installs of other OpenJDK versions don't change /usr/bin/java
-	update-alternatives --get-selections | awk -v home="$(readlink -f "$JAVA_HOME")" 'index($3, home) == 1 { $2 = "manual"; print | "update-alternatives --set-selections" }'; \
-# ... and verify that it actually worked for one of the alternatives we care about
-	update-alternatives --query java | grep -q 'Status: manual'
-
-# Run postinst because it might not happen on install
-RUN /var/lib/dpkg/info/ca-certificates-java.postinst configure
-
 # Add git commit label must be specified at build time using --build-arg GIT_COMMIT=dadadadadad
 ARG GIT_COMMIT=unknown
 LABEL git-commit=$GIT_COMMIT
 
-############ EDITS ABOVE THIS LINE SHOULD BE DONE IN ALL DOCKERFILES! ################
+USER root
-
-# Install dependencies for JBoss AS
-RUN apt-get update \
-      && apt-get install -y --no-install-recommends \
-            jq xmlstarlet libsaxon-java unzip bsdtar bzip2 xz-utils \
-      && rm -rf /var/lib/apt/lists/*
-
-# Create a user and group used to launch processes
-# The user ID 1000 is the default for the first "regular" user on Fedora/RHEL,
-# so there is a high chance that this ID will be equal to the current user
-# making it easier to use volumes (no permission issues)
-RUN groupadd -r jboss -g 1000 && useradd -u 1000 -r -g jboss -m -d /opt/jboss -s /sbin/nologin -c "JBoss user" jboss && \
-    chmod 755 /opt/jboss
-
-# Set the working directory to jboss' user home directory
-WORKDIR /opt/jboss
 ADD docker-entrypoint.sh /opt/jboss/
 RUN chmod +x /opt/jboss/docker-entrypoint.sh
-ENV JBOSS_HOME /opt/jboss/keycloak
-
-# Switch to jboss user
-USER jboss
-
-ENV KEYCLOAK_VERSION 6.0.1
-ENV POSTGRESQL_DRIVER_VERSION 42.2.6
-
-# Enables signals getting passed from startup script to JVM
-# ensuring clean shutdown when container is stopped.
-ENV LAUNCH_JBOSS_IN_BACKGROUND 1
-
-RUN curl -L https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz | \
-    tar zx && mv /opt/jboss/keycloak-$KEYCLOAK_VERSION $JBOSS_HOME
-
-ADD setLogLevel.xsl /opt/jboss/keycloak/
-RUN java -jar /usr/share/java/saxon.jar \
-    -o /opt/jboss/keycloak/standalone/configuration/standalone.xml \
-    /opt/jboss/keycloak/standalone/configuration/standalone.xml \
-    /opt/jboss/keycloak/setLogLevel.xsl
-
-ADD changeDatabase.xsl /opt/jboss/keycloak/
-RUN java -jar /usr/share/java/saxon.jar \
-    -o /opt/jboss/keycloak/standalone/configuration/standalone.xml \
-    /opt/jboss/keycloak/standalone/configuration/standalone.xml \
-    /opt/jboss/keycloak/changeDatabase.xsl && \
-    java -jar /usr/share/java/saxon.jar \
-    -o /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml \
-    /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml \
-    /opt/jboss/keycloak/changeDatabase.xsl && \
-    rm /opt/jboss/keycloak/changeDatabase.xsl
-RUN mkdir -p /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main && \
-    curl -o /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main/postgresql-jdbc.jar \
-    http://repo1.maven.org/maven2/org/postgresql/postgresql/${POSTGRESQL_DRIVER_VERSION}/postgresql-${POSTGRESQL_DRIVER_VERSION}.jar 2>/dev/null
-ADD module.xml /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main/
-
-ADD setProxyForwarding.xsl /opt/jboss/keycloak/
-RUN java -jar /usr/share/java/saxon.jar \
-    -o /opt/jboss/keycloak/standalone/configuration/standalone.xml \
-    /opt/jboss/keycloak/standalone/configuration/standalone.xml \
-    /opt/jboss/keycloak/setProxyForwarding.xsl
-
-RUN rm /opt/jboss/keycloak/*.xsl
 
 HEALTHCHECK --interval=3s --timeout=3s --start-period=2s --retries=30 CMD curl --fail --silent http://localhost:8080/auth || exit 1
 
+USER 1000
+
 EXPOSE 8080
 
 ENTRYPOINT ["/opt/jboss/docker-entrypoint.sh"]
-CMD ["-b", "0.0.0.0"]
+CMD ["-b", "0.0.0.0"]
diff --git a/keycloak/changeDatabase.xsl b/keycloak/changeDatabase.xsl
diff --git a/keycloak/dev.Dockerfile b/keycloak/dev.Dockerfile