Replicated Keycloak upgrade to version 11.0.2, adapted classes and co…

…nfigurations (for oauth-resource-server/authorization-server)
gessy · Oct 26, 2020 · aaf5aa2 · aaf5aa2
1 parent edd6c33
commit aaf5aa2
Show file tree

Hide file tree

Showing 4 changed files with 157 additions and 21 deletions.
diff --git a/oauth-resource-server/authorization-server/pom.xml b/oauth-resource-server/authorization-server/pom.xml
@@ -51,6 +51,16 @@
 			<artifactId>keycloak-dependencies-server-all</artifactId>
 			<version>${keycloak.version}</version>
 			<type>pom</type>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+            </exclusions>
 		</dependency>
 
 		<!-- config properties processor -->
@@ -118,8 +128,12 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>13</java.version>
 
-		<keycloak.version>10.0.1</keycloak.version>
-		<resteasy.version>3.11.2.Final</resteasy.version>
+        <keycloak.version>11.0.2</keycloak.version>
+
+        <!-- these should be updated together with Keycloak -->
+        <!-- check keycloak-dependencies-server-all effective pom -->
+        <infinispan.version>10.1.8.Final</infinispan.version>
+        <resteasy.version>3.12.1.Final</resteasy.version>
 	</properties>
 
 </project>
diff --git a/...orization-server/src/main/java/com/baeldung/authserver/config/EmbeddedKeycloakConfig.java b/...orization-server/src/main/java/com/baeldung/authserver/config/EmbeddedKeycloakConfig.java
@@ -10,7 +10,6 @@
 
 import org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher;
 import org.jboss.resteasy.plugins.server.servlet.ResteasyContextParameters;
-import org.keycloak.services.filters.KeycloakSessionServletFilter;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -37,11 +36,11 @@ ServletRegistrationBean<HttpServlet30Dispatcher> keycloakJaxRsApplication(Keyclo
     }
 
     @Bean
-    FilterRegistrationBean<KeycloakSessionServletFilter> keycloakSessionManagement(KeycloakServerProperties keycloakServerProperties) {
+    FilterRegistrationBean<EmbeddedKeycloakRequestFilter> keycloakSessionManagement(KeycloakServerProperties keycloakServerProperties) {
 
-        FilterRegistrationBean<KeycloakSessionServletFilter> filter = new FilterRegistrationBean<>();
+        FilterRegistrationBean<EmbeddedKeycloakRequestFilter> filter = new FilterRegistrationBean<>();
         filter.setName("Keycloak Session Management");
-        filter.setFilter(new KeycloakSessionServletFilter());
+        filter.setFilter(new EmbeddedKeycloakRequestFilter());
         filter.addUrlPatterns(keycloakServerProperties.getContextPath() + "/*");
 
         return filter;

diff --git a/...on-server/src/main/java/com/baeldung/authserver/config/EmbeddedKeycloakRequestFilter.java b/...on-server/src/main/java/com/baeldung/authserver/config/EmbeddedKeycloakRequestFilter.java
@@ -0,0 +1,58 @@
+package com.baeldung.authserver.config;
+
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.keycloak.common.ClientConnection;
+import org.keycloak.services.filters.AbstractRequestFilter;
+
+public class EmbeddedKeycloakRequestFilter extends AbstractRequestFilter implements Filter {
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws UnsupportedEncodingException {
+        servletRequest.setCharacterEncoding("UTF-8");
+        ClientConnection clientConnection = createConnection((HttpServletRequest) servletRequest);
+
+        filter(clientConnection, (session) -> {
+            try {
+                filterChain.doFilter(servletRequest, servletResponse);
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+        });
+    }
+
+    private ClientConnection createConnection(HttpServletRequest request) {
+        return new ClientConnection() {
+            @Override
+            public String getRemoteAddr() {
+                return request.getRemoteAddr();
+            }
+
+            @Override
+            public String getRemoteHost() {
+                return request.getRemoteHost();
+            }
+
+            @Override
+            public int getRemotePort() {
+                return request.getRemotePort();
+            }
+
+            @Override
+            public String getLocalAddr() {
+                return request.getLocalAddr();
+            }
+
+            @Override
+            public int getLocalPort() {
+                return request.getLocalPort();
+            }
+        };
+    }
+}
diff --git a/oauth-resource-server/authorization-server/src/main/resources/META-INF/keycloak-server.json b/oauth-resource-server/authorization-server/src/main/resources/META-INF/keycloak-server.json
@@ -1,10 +1,16 @@
 {
 	"hostname": {
-		"provider": "request",
+		"provider": "${keycloak.hostname.provider:default}",
 		"fixed": {
-			"hostname": "${keycloak.override.hostname:localhost}",
-			"httpPort": "${keycloak.override.httpPort:-1}",
-			"httpsPort": "${keycloak.override.httpsPort:-1}"
+			"hostname": "${keycloak.hostname.fixed.hostname:localhost}",
+			"httpPort": "${keycloak.hostname.fixed.httpPort:-1}",
+			"httpsPort": "${keycloak.hostname.fixed.httpsPort:-1}",
+			"alwaysHttps": "${keycloak.hostname.fixed.alwaysHttps:false}"
+		},
+		"default": {
+			"frontendUrl": "${keycloak.frontendUrl:}",
+			"adminUrl": "${keycloak.adminUrl:}",
+			"forceBackendUrlToFrontendUrl": "${keycloak.hostname.default.forceBackendUrlToFrontendUrl:false}"
 		}
 	},
 	"admin": {
@@ -13,15 +19,15 @@
 	"eventsStore": {
 		"provider": "${keycloak.eventsStore.provider:jpa}",
 		"jpa": {
-			"exclude-events": [
-				"REFRESH_TOKEN"
-			]
+			"max-detail-length": "${keycloak.eventsStore.maxDetailLength:1000}"
 		}
 	},
 	"eventsListener": {
 		"jboss-logging": {
 			"success-level": "debug",
 			"error-level": "warn"
+		},
+		"event-queue": {
 		}
 	},
 	"realm": {
@@ -30,6 +36,15 @@
 	"user": {
 		"provider": "${keycloak.user.provider:jpa}"
 	},
+	"client": {
+		"provider": "${keycloak.client.provider:jpa}"
+	},
+	"mapStorage": {
+		"provider": "${keycloak.mapStorage.provider:concurrenthashmap}",
+		"concurrenthashmap": {
+			"dir": "${project.build.directory:target}"
+		}
+	},
 	"userFederatedStorage": {
 		"provider": "${keycloak.userFederatedStorage.provider:jpa}"
 	},
@@ -40,10 +55,17 @@
 		"provider": "${keycloak.authorization.provider:jpa}"
 	},
 	"userCache": {
+		"provider": "${keycloak.user.cache.provider:default}",
 		"default": {
 			"enabled": true
+		},
+		"mem": {
+			"maxSize": 20000
 		}
 	},
+	"userSessions": {
+		"provider": "${keycloak.userSessions.provider:infinispan}"
+	},
 	"timer": {
 		"provider": "basic"
 	},
@@ -55,19 +77,26 @@
 			"dir": "${keycloak.theme.dir}"
 		}
 	},
+	"login": {
+		"provider": "freemarker"
+	},
+	"account": {
+		"provider": "freemarker"
+	},
+	"email": {
+		"provider": "freemarker"
+	},
 	"scheduled": {
 		"interval": 900
 	},
 	"connectionsHttpClient": {
 		"default": {
-
+			"max-connection-idle-time-millis": 1000
 		}
 	},
 	"connectionsJpa": {
-		"provider": "default",
 		"default": {
-			"dataSource": "spring/datasource",
-			"url": "${env.KEYCLOAK_DATABASE_URL:jdbc:h2:./target/keycloak}",
+			"url": "${keycloak.connectionsJpa.url:jdbc:h2:./target/keycloak}",
 			"driver": "${keycloak.connectionsJpa.driver:org.h2.Driver}",
 			"driverDialect": "${keycloak.connectionsJpa.driverDialect:}",
 			"user": "${keycloak.connectionsJpa.user:sa}",
@@ -80,22 +109,58 @@
 		}
 	},
 	"realmCache": {
+	    "provider": "${keycloak.realm.cache.provider:default}",
 		"default": {
 			"enabled": true
 		}
 	},
 	"connectionsInfinispan": {
 		"default": {
-			"embedded": "true"
+			"embedded": "${keycloak.connectionsInfinispan.embedded:true}"
 		}
-	},
-	"scripting": {
-
 	},
 	"jta-lookup": {
 		"provider": "${keycloak.jta.lookup.provider:jboss}",
 		"jboss": {
 			"enabled": true
 		}
+	},
+	"login-protocol": {
+		"saml": {
+			"knownProtocols": [
+				"http=${auth.server.http.port}",
+				"https=${auth.server.https.port}"
+			]
+		}
+	},
+	"x509cert-lookup": {
+		"provider": "${keycloak.x509cert.lookup.provider:default}",
+		"default": {
+			"enabled": true
+		},
+		"haproxy": {
+			"enabled": true,
+			"sslClientCert": "x-ssl-client-cert",
+			"sslCertChainPrefix": "x-ssl-client-cert-chain",
+			"certificateChainLength": 1
+		},
+		"apache": {
+			"enabled": true,
+			"sslClientCert": "x-ssl-client-cert",
+			"sslCertChainPrefix": "x-ssl-client-cert-chain",
+			"certificateChainLength": 1
+		},
+		"nginx": {
+			"enabled": true,
+			"sslClientCert": "x-ssl-client-cert",
+			"sslCertChainPrefix": "x-ssl-client-cert-chain",
+			"certificateChainLength": 1
+		}
+	},
+	"vault": {
+		"files-plaintext": {
+			"dir": "target/dependency/vault",
+			"enabled": "${keycloak.vault.files-plaintext.provider.enabled:false}"
+		}
 	}
 }