mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
ACS-4847 Remove Keycloak dependencies (#1848)
This commit is contained in:
Piotr Żurek
GitHub
18
.github/dependabot.yml
vendored
18
.github/dependabot.yml
vendored
@@ -53,24 +53,6 @@ updates:
|
||||
- dependency-name: org.freemarker:freemarker
|
||||
versions:
|
||||
- "> 2.3.20-alfresco-patched-20200421"
|
||||
- dependency-name: org.keycloak:keycloak-adapter-core
|
||||
versions:
|
||||
- "> 12.0.2"
|
||||
- dependency-name: org.keycloak:keycloak-adapter-spi
|
||||
versions:
|
||||
- "> 12.0.2"
|
||||
- dependency-name: org.keycloak:keycloak-authz-client
|
||||
versions:
|
||||
- "> 12.0.2"
|
||||
- dependency-name: org.keycloak:keycloak-common
|
||||
versions:
|
||||
- "> 12.0.2"
|
||||
- dependency-name: org.keycloak:keycloak-core
|
||||
versions:
|
||||
- "> 12.0.2"
|
||||
- dependency-name: org.keycloak:keycloak-servlet-adapter-spi
|
||||
versions:
|
||||
- "> 12.0.2"
|
||||
- dependency-name: org.eclipse.jetty:jetty-server
|
||||
versions:
|
||||
- 9.4.38.v20210224
|
||||
|
||||
1
pom.xml
1
pom.xml
@@ -83,7 +83,6 @@
|
||||
<dependency.truezip.version>7.7.10</dependency.truezip.version>
|
||||
<dependency.poi.version>5.2.2</dependency.poi.version>
|
||||
<dependency.poi-ooxml-lite.version>5.2.3</dependency.poi-ooxml-lite.version>
|
||||
<dependency.keycloak.version>18.0.0</dependency.keycloak.version>
|
||||
<dependency.jboss.logging.version>3.5.0.Final</dependency.jboss.logging.version>
|
||||
<dependency.camel.version>3.20.2</dependency.camel.version> <!-- when bumping this version, please keep track/sync with included netty.io dependencies -->
|
||||
<dependency.netty.version>4.1.87.Final</dependency.netty.version> <!-- must be in sync with camels transitive dependencies, e.g.: netty-common -->
|
||||
|
||||
@@ -565,69 +565,6 @@
|
||||
</exclusions>
|
||||
</dependency>
|
||||
|
||||
<!-- Keycloak dependencies -->
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-core</artifactId>
|
||||
<version>${dependency.keycloak.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-common</artifactId>
|
||||
<version>${dependency.keycloak.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-adapter-core</artifactId>
|
||||
<version>${dependency.keycloak.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-adapter-spi</artifactId>
|
||||
<version>${dependency.keycloak.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-servlet-adapter-spi</artifactId>
|
||||
<version>${dependency.keycloak.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- required by keycloak -->
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging</artifactId>
|
||||
<version>${dependency.jboss.logging.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Events dependencies -->
|
||||
<dependency>
|
||||
<groupId>org.alfresco</groupId>
|
||||
|
||||
@@ -25,14 +25,9 @@
|
||||
*/
|
||||
package org.alfresco.repo.security.authentication.identityservice;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.Properties;
|
||||
import java.util.TreeMap;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.keycloak.representations.adapters.config.AdapterConfig;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
@@ -41,18 +36,20 @@ import org.springframework.web.util.UriComponentsBuilder;
|
||||
*
|
||||
* @author Gavin Cornwell
|
||||
*/
|
||||
public class IdentityServiceConfig extends AdapterConfig implements InitializingBean
|
||||
public class IdentityServiceConfig implements InitializingBean
|
||||
{
|
||||
private static final Log LOGGER = LogFactory.getLog(IdentityServiceConfig.class);
|
||||
private static final String REALMS = "realms";
|
||||
private static final String SECRET = "secret";
|
||||
private static final String CREDENTIALS_SECRET = "identity-service.credentials.secret";
|
||||
private static final String CREDENTIALS_PROVIDER = "identity-service.credentials.provider";
|
||||
|
||||
private Properties globalProperties;
|
||||
|
||||
private int clientConnectionTimeout;
|
||||
private int clientSocketTimeout;
|
||||
// client id
|
||||
private String resource;
|
||||
private String clientSecret;
|
||||
private String authServerUrl;
|
||||
private String realm;
|
||||
|
||||
public void setGlobalProperties(Properties globalProperties)
|
||||
{
|
||||
@@ -98,48 +95,50 @@ public class IdentityServiceConfig extends AdapterConfig implements Initializing
|
||||
@Override
|
||||
public void afterPropertiesSet() throws Exception
|
||||
{
|
||||
// programmatically build the more complex objects i.e. credentials
|
||||
Map<String, Object> credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
|
||||
|
||||
String secret = this.globalProperties.getProperty(CREDENTIALS_SECRET);
|
||||
if (secret != null && !secret.isEmpty())
|
||||
{
|
||||
credentials.put(SECRET, secret);
|
||||
}
|
||||
|
||||
String provider = this.globalProperties.getProperty(CREDENTIALS_PROVIDER);
|
||||
if (provider != null && !provider.isEmpty())
|
||||
{
|
||||
credentials.put("provider", provider);
|
||||
}
|
||||
|
||||
// TODO: add support for redirect-rewrite-rules and policy-enforcer if and when we need to support it
|
||||
|
||||
if (!credentials.isEmpty())
|
||||
{
|
||||
this.setCredentials(credentials);
|
||||
|
||||
if (LOGGER.isDebugEnabled())
|
||||
{
|
||||
LOGGER.debug("Created credentials map from config: " + credentials);
|
||||
}
|
||||
}
|
||||
clientSecret = this.globalProperties.getProperty(CREDENTIALS_SECRET);
|
||||
}
|
||||
|
||||
String getIssuerUrl()
|
||||
public String getAuthServerUrl()
|
||||
{
|
||||
return UriComponentsBuilder.fromUriString(getAuthServerUrl())
|
||||
.pathSegment(REALMS, getRealm())
|
||||
.build()
|
||||
.toString();
|
||||
return authServerUrl;
|
||||
}
|
||||
|
||||
public void setAuthServerUrl(String authServerUrl)
|
||||
{
|
||||
this.authServerUrl = authServerUrl;
|
||||
}
|
||||
|
||||
public String getRealm()
|
||||
{
|
||||
return realm;
|
||||
}
|
||||
|
||||
public void setRealm(String realm)
|
||||
{
|
||||
this.realm = realm;
|
||||
}
|
||||
|
||||
public String getResource()
|
||||
{
|
||||
return resource;
|
||||
}
|
||||
|
||||
public void setResource(String resource)
|
||||
{
|
||||
this.resource = resource;
|
||||
}
|
||||
|
||||
public String getClientSecret()
|
||||
{
|
||||
return Optional.ofNullable(getCredentials())
|
||||
.map(c -> c.get(SECRET))
|
||||
.filter(String.class::isInstance)
|
||||
.map(String.class::cast)
|
||||
.orElse("");
|
||||
return Optional.ofNullable(clientSecret)
|
||||
.orElse("");
|
||||
}
|
||||
|
||||
public String getIssuerUrl()
|
||||
{
|
||||
return UriComponentsBuilder.fromUriString(getAuthServerUrl())
|
||||
.pathSegment(REALMS, getRealm())
|
||||
.build()
|
||||
.toString();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -82,7 +82,7 @@ public class IdentityServiceFacadeFactoryBean implements FactoryBean<IdentitySer
|
||||
public IdentityServiceFacade getObject() throws Exception
|
||||
{
|
||||
// The creation of the client can be disabled for testing or when the username/password authentication is not required,
|
||||
// for instance when Keycloak is configured for 'bearer only' authentication or Direct Access Grants are disabled.
|
||||
// for instance when Identity Service is configured for 'bearer only' authentication or Direct Access Grants are disabled.
|
||||
if (!enabled)
|
||||
{
|
||||
return null;
|
||||
|
||||
@@ -92,111 +92,12 @@
|
||||
<property name="realm">
|
||||
<value>${identity-service.realm}</value>
|
||||
</property>
|
||||
<property name="realmKey">
|
||||
<value>${identity-service.realm-public-key:#{null}}</value>
|
||||
</property>
|
||||
<property name="authServerUrl">
|
||||
<value>${identity-service.auth-server-url}</value>
|
||||
</property>
|
||||
<property name="sslRequired">
|
||||
<value>${identity-service.ssl-required:external}</value>
|
||||
</property>
|
||||
<property name="confidentialPort">
|
||||
<value>${identity-service.confidential-port:0}</value>
|
||||
</property>
|
||||
<property name="resource">
|
||||
<value>${identity-service.resource}</value>
|
||||
</property>
|
||||
<property name="useResourceRoleMappings">
|
||||
<value>${identity-service.use-resource-role-mappings:false}</value>
|
||||
</property>
|
||||
<property name="cors">
|
||||
<value>${identity-service.enable-cors:false}</value>
|
||||
</property>
|
||||
<property name="corsMaxAge">
|
||||
<value>${identity-service.cors-max-age:-1}</value>
|
||||
</property>
|
||||
<property name="corsAllowedHeaders">
|
||||
<value>${identity-service.cors-allowed-headers:#{null}}</value>
|
||||
</property>
|
||||
<property name="corsAllowedMethods">
|
||||
<value>${identity-service.cors-allowed-methods:#{null}}</value>
|
||||
</property>
|
||||
<property name="corsExposedHeaders">
|
||||
<value>${identity-service.cors-exposed-headers:#{null}}</value>
|
||||
</property>
|
||||
<property name="exposeToken">
|
||||
<value>${identity-service.expose-token:false}</value>
|
||||
</property>
|
||||
<property name="bearerOnly">
|
||||
<value>${identity-service.bearer-only:false}</value>
|
||||
</property>
|
||||
<property name="autodetectBearerOnly">
|
||||
<value>${identity-service.autodetect-bearer-only:false}</value>
|
||||
</property>
|
||||
<property name="enableBasicAuth">
|
||||
<value>${identity-service.enable-basic-auth:false}</value>
|
||||
</property>
|
||||
<property name="publicClient">
|
||||
<value>${identity-service.public-client:false}</value>
|
||||
</property>
|
||||
<property name="allowAnyHostname">
|
||||
<value>${identity-service.allow-any-hostname:false}</value>
|
||||
</property>
|
||||
<property name="disableTrustManager">
|
||||
<value>${identity-service.disable-trust-manager:false}</value>
|
||||
</property>
|
||||
<property name="truststore">
|
||||
<value>${identity-service.truststore:#{null}}</value>
|
||||
</property>
|
||||
<property name="truststorePassword">
|
||||
<value>${identity-service.truststore-password:#{null}}</value>
|
||||
</property>
|
||||
<property name="clientKeystore">
|
||||
<value>${identity-service.client-keystore:#{null}}</value>
|
||||
</property>
|
||||
<property name="clientKeystorePassword">
|
||||
<value>${identity-service.client-keystore-password:#{null}}</value>
|
||||
</property>
|
||||
<property name="clientKeyPassword">
|
||||
<value>${identity-service.client-key-password:#{null}}</value>
|
||||
</property>
|
||||
<property name="connectionPoolSize">
|
||||
<value>${identity-service.connection-pool-size:20}</value>
|
||||
</property>
|
||||
<property name="alwaysRefreshToken">
|
||||
<value>${identity-service.always-refresh-token:false}</value>
|
||||
</property>
|
||||
<property name="registerNodeAtStartup">
|
||||
<value>${identity-service.register-node-at-startup:false}</value>
|
||||
</property>
|
||||
<property name="registerNodePeriod">
|
||||
<value>${identity-service.register-node-period:-1}</value>
|
||||
</property>
|
||||
<property name="tokenStore">
|
||||
<value>${identity-service.token-store:#{null}}</value>
|
||||
</property>
|
||||
<property name="principalAttribute">
|
||||
<value>${identity-service.principal-attribute:#{null}}</value>
|
||||
</property>
|
||||
<property name="turnOffChangeSessionIdOnLogin">
|
||||
<value>${identity-service.turn-off-change-session-id-on-login:false}</value>
|
||||
</property>
|
||||
<property name="tokenMinimumTimeToLive">
|
||||
<value>${identity-service.token-minimum-time-to-live:0}</value>
|
||||
</property>
|
||||
<property name="minTimeBetweenJwksRequests">
|
||||
<value>${identity-service.min-time-between-jwks-requests:10}</value>
|
||||
</property>
|
||||
<property name="publicKeyCacheTtl">
|
||||
<value>${identity-service.public-key-cache-ttl:86400}</value>
|
||||
</property>
|
||||
<property name="pkce">
|
||||
<value>${identity-service.enable-pkce:false}</value>
|
||||
</property>
|
||||
<property name="ignoreOAuthQueryParameter">
|
||||
<value>${identity-service.ignore-oauth-query-parameter:false}</value>
|
||||
</property>
|
||||
<property name="clientConnectionTimeout">
|
||||
<value>${identity-service.client-connection-timeout:2000}</value>
|
||||
</property>
|
||||
|
||||
@@ -2,12 +2,11 @@ identity-service.authentication.enabled=true
|
||||
identity-service.authentication.validation.failure.silent=true
|
||||
identity-service.authentication.defaultAdministratorUserNames=admin
|
||||
identity-service.authentication.allowGuestLogin=true
|
||||
# The keycloak client required to perform username/password authentication will not be created if false
|
||||
# The Identity Service client required to perform username/password authentication will not be created if false
|
||||
identity-service.authentication.enable-username-password-authentication=true
|
||||
|
||||
# Identity Service configuration
|
||||
identity-service.auth-server-url=http://localhost:8180/auth
|
||||
identity-service.realm=alfresco
|
||||
identity-service.ssl-required=none
|
||||
identity-service.resource=alfresco
|
||||
identity-service.public-client=true
|
||||
|
||||
@@ -452,9 +452,6 @@ logger.alfresco-repo-usage-RepoUsageMonitor.level=info
|
||||
logger.alfresco-repo-security-authentication-identityservice.name=org.alfresco.repo.security.authentication.identityservice
|
||||
logger.alfresco-repo-security-authentication-identityservice.level=debug
|
||||
|
||||
logger.keycloak.name=org.keycloak
|
||||
logger.keycloak.level=debug
|
||||
|
||||
# Renditions and Transforms
|
||||
logger.alfresco-repo-content-transform-TransformerDebug.name=org.alfresco.repo.content.transform.TransformerDebug
|
||||
logger.alfresco-repo-content-transform-TransformerDebug.level=debug
|
||||
|
||||
Reference in New Issue
Block a user