inteligr8/alfresco-keycloak
1
0
Fork 0
mirror of https://github.com/bmlong137/alfresco-keycloak.git synced 2025-09-10 14:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Consolidate projects / shaded dependencies

Browse Source
This commit is contained in:
AFaust
2020-10-29 00:24:57 +01:00
parent 4ad55b7a77
commit 45721fcb53
43 changed files with 484 additions and 624 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
share/pom.xml
View File

@@ -65,12 +65,64 @@
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}.deps</artifactId>
<version>${project.version}</version>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
<exclusions>
<!-- don't include activation standalone JAR - rely on JDK inclusion since Java 6 -->
<exclusion>
<groupId>com.sun.activation</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-servlet-adapter-spi</artifactId>
<exclusions>
<!-- don't include activation standalone JAR - rely on JDK inclusion since Java 6 -->
<exclusion>
<groupId>com.sun.activation</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
<!-- use default from Alfresco Share -->
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcomponents-client</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-servlet-filter-adapter</artifactId>
<exclusions>
<!-- don't include activation standalone JAR - rely on JDK inclusion since Java 6 -->
<exclusion>
<groupId>com.sun.activation</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-client</artifactId>
<exclusions>
<exclusion>
<groupId>org.keycloak</groupId>
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
@@ -217,6 +269,96 @@
</configuration>
</plugin>
<plugin>
<artifactId>maven-shade-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<createSourcesJar>true</createSourcesJar>
<shadeSourcesContent>true</shadeSourcesContent>
<keepDependenciesWithProvidedScope>false</keepDependenciesWithProvidedScope>
<artifactSet>
<includes>
<include>org.keycloak:*</include>
<include>com.fasterxml.jackson.core:*</include>
<include>org.jboss.logging:*</include>
</includes>
</artifactSet>
<relocations>
<relocation>
<pattern>org.keycloak</pattern>
<shadedPattern>de.acosix.alfresco.keycloak.deps.keycloak</shadedPattern>
</relocation>
<relocation>
<pattern>com.fasterxml.jackson</pattern>
<shadedPattern>de.acosix.alfresco.keycloak.deps.jackson</shadedPattern>
</relocation>
<relocation>
<pattern>org.jboss.logging</pattern>
<shadedPattern>de.acosix.alfresco.keycloak.deps.jboss.logging</shadedPattern>
</relocation>
</relocations>
<transformers>
<transformer
implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
<transformer
implementation="org.apache.maven.plugins.shade.resource.ApacheLicenseResourceTransformer" />
<transformer
implementation="org.apache.maven.plugins.shade.resource.ApacheNoticeResourceTransformer">
<addHeader>false</addHeader>
</transformer>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>unpack-shaded-jar</id>
<phase>package</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}</artifactId>
<version>${project.version}</version>
</artifactItem>
</artifactItems>
<outputDirectory>${project.build.outputDirectory}</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<!-- need to exclude shaded class files from API validation -->
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<configuration>
<excludes>
<exclude>de/acosix/alfresco/keycloak/deps/**/*.class</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<configuration>
<onlyAnalyze>de.acosix.alfresco.keycloak.share.*</onlyAnalyze>
</configuration>
</plugin>
</plugins>
</pluginManagement>
@@ -232,6 +374,19 @@
<artifactId>docker-maven-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-shade-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-dependency-plugin</artifactId>
</plugin>
<!-- explicitly listed to be ordered after dependency + shade -->
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
</plugin>
</plugins>
</build>

1
share/src/main/assembly/amp.xml
View File

@@ -46,7 +46,6 @@
<outputDirectory>lib</outputDirectory>
<includes>
<include>org.bouncycastle:*</include>
<include>${project.groupId}:${project.artifactId}.deps:*</include>
</includes>
<scope>compile</scope>
</dependencySet>

5
share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigElement.java
View File

@@ -15,6 +15,8 @@
*/
package de.acosix.alfresco.keycloak.share.config;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
@@ -32,12 +34,11 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.extensions.config.ConfigElement;
import de.acosix.alfresco.keycloak.share.deps.jackson.annotation.JsonProperty;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.adapters.config.AdapterConfig;
import de.acosix.alfresco.utility.share.config.BaseCustomConfigElement;
import de.acosix.alfresco.utility.share.config.ConfigValueHolder;

6
share/src/main/java/de/acosix/alfresco/keycloak/share/remote/AccessTokenAwareSlingshotAlfrescoConnector.java
View File

@@ -20,6 +20,9 @@ import java.util.Collections;
import javax.servlet.http.HttpSession;
import org.alfresco.web.site.servlet.SlingshotAlfrescoConnector;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.extensions.config.RemoteConfigElement.ConnectorDescriptor;
@@ -27,9 +30,6 @@ import org.springframework.extensions.surf.ServletUtil;
import org.springframework.extensions.webscripts.connector.ConnectorContext;
import org.springframework.extensions.webscripts.connector.RemoteClient;
import de.acosix.alfresco.keycloak.share.deps.keycloak.KeycloakSecurityContext;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.OidcKeycloakAccount;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.KeycloakAccount;
import de.acosix.alfresco.keycloak.share.util.RefreshableAccessTokenHolder;
import de.acosix.alfresco.keycloak.share.web.KeycloakAuthenticationFilter;
import de.acosix.alfresco.utility.share.connector.MutableSlingshotRemoteClient;

11
share/src/main/java/de/acosix/alfresco/keycloak/share/util/RefreshableAccessTokenHolder.java
View File

@@ -18,12 +18,11 @@ package de.acosix.alfresco.keycloak.share.util;
import java.io.Serializable;
import org.alfresco.util.ParameterCheck;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.rotation.AdapterTokenVerifier.VerifiedTokens;
import de.acosix.alfresco.keycloak.share.deps.keycloak.common.util.Time;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.AccessToken;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.AccessTokenResponse;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.IDToken;
import org.keycloak.adapters.rotation.AdapterTokenVerifier.VerifiedTokens;
import org.keycloak.common.util.Time;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
/**
* Instances of this class encapsulate a potentially refreshable access token.

6
share/src/main/java/de/acosix/alfresco/keycloak/share/web/DefaultSessionIdMapper.java
View File

@@ -25,18 +25,18 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.keycloak.adapters.spi.InMemorySessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.config.ConfigService;
import de.acosix.alfresco.keycloak.share.config.KeycloakAuthenticationConfigElement;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.InMemorySessionIdMapper;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.SessionIdMapper;
/**
* This implementation of a {@link SessionIdMapper Keycloak session ID mapper} is based on the {@link InMemorySessionIdMapper in-memory
* mapper}, but uses a better model for synchronization and respects configured size limits, ejecting least-recently active sessions first.
* mapper}, but uses a better model for synchronisation and respects configured size limits, ejecting least-recently active sessions first.
* Activity of session with regards to being determined the "least-recently active" session is based upon validation calls to
* {@link #hasSession(String) hasSession}.
*

72
share/src/main/java/de/acosix/alfresco/keycloak/share/web/KeycloakAuthenticationFilter.java
View File

@@ -59,6 +59,39 @@ import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.HttpParams;
import org.apache.http.util.EntityUtils;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.OAuth2Constants;
import org.keycloak.TokenVerifier;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthenticatedActionsHandler;
import org.keycloak.adapters.BearerTokenRequestAuthenticator;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.OAuthRequestAuthenticator;
import org.keycloak.adapters.OIDCAuthenticationError;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.PreAuthActionsHandler;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
import org.keycloak.adapters.rotation.AdapterTokenVerifier;
import org.keycloak.adapters.rotation.AdapterTokenVerifier.VerifiedTokens;
import org.keycloak.adapters.servlet.FilterRequestAuthenticator;
import org.keycloak.adapters.servlet.OIDCFilterSessionStore;
import org.keycloak.adapters.servlet.OIDCServletHttpFacade;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.AuthenticationError;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.UserSessionManagement;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.Time;
import org.keycloak.constants.ServiceUrlConstants;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.JsonSerialization;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
@@ -89,39 +122,6 @@ import org.springframework.extensions.webscripts.servlet.DependencyInjectedFilte
import de.acosix.alfresco.keycloak.share.config.KeycloakAdapterConfigElement;
import de.acosix.alfresco.keycloak.share.config.KeycloakAuthenticationConfigElement;
import de.acosix.alfresco.keycloak.share.config.KeycloakConfigConstants;
import de.acosix.alfresco.keycloak.share.deps.keycloak.KeycloakSecurityContext;
import de.acosix.alfresco.keycloak.share.deps.keycloak.OAuth2Constants;
import de.acosix.alfresco.keycloak.share.deps.keycloak.TokenVerifier;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.AdapterDeploymentContext;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.AuthenticatedActionsHandler;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.BearerTokenRequestAuthenticator;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.HttpClientBuilder;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.KeycloakDeployment;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.KeycloakDeploymentBuilder;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.OAuthRequestAuthenticator;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.OIDCAuthenticationError;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.OidcKeycloakAccount;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.PreAuthActionsHandler;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.ServerRequest;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.rotation.AdapterTokenVerifier;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.rotation.AdapterTokenVerifier.VerifiedTokens;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.servlet.FilterRequestAuthenticator;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.servlet.OIDCFilterSessionStore;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.servlet.OIDCServletHttpFacade;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.AuthOutcome;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.AuthenticationError;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.KeycloakAccount;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.SessionIdMapper;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.UserSessionManagement;
import de.acosix.alfresco.keycloak.share.deps.keycloak.common.VerificationException;
import de.acosix.alfresco.keycloak.share.deps.keycloak.common.util.KeycloakUriBuilder;
import de.acosix.alfresco.keycloak.share.deps.keycloak.common.util.Time;
import de.acosix.alfresco.keycloak.share.deps.keycloak.constants.ServiceUrlConstants;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.AccessToken;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.AccessTokenResponse;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.adapters.config.AdapterConfig;
import de.acosix.alfresco.keycloak.share.deps.keycloak.util.JsonSerialization;
import de.acosix.alfresco.keycloak.share.remote.AccessTokenAwareSlingshotAlfrescoConnector;
import de.acosix.alfresco.keycloak.share.util.RefreshableAccessTokenHolder;
@@ -1474,6 +1474,10 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
* Checks if the backend requires HTTP Basic or Keycloak authentication for the current request context, which may include an externally
* authenticated user.
*
* @param req
* the request to check
* @param session
* the active session managing any persistent access token state
* @return {@code true} if the backend requires HTTP Basic or Keycloak authentication, {@code false} otherwise
*/
protected boolean isBackendRequiringBasicOrKeycloakAuthentication(final HttpServletRequest req, final HttpSession session)
@@ -1678,6 +1682,8 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
* @param session
* the active session managing any persistent access token state
* @return the response to obtaining the access token for the Alfresco backend
* @throws IOException
* if any error occurs calling Keycloak to exchange the access token
*/
protected AccessTokenResponse getAccessToken(final String alfrescoResourceName, final HttpSession session) throws IOException
{

5
share/src/main/java/de/acosix/alfresco/keycloak/share/web/ResponseHeaderCookieCaptureServletHttpFacade.java
View File

@@ -26,9 +26,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.alfresco.util.Pair;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.servlet.ServletHttpFacade;
import de.acosix.alfresco.keycloak.share.deps.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.servlet.ServletHttpFacade;
import org.keycloak.adapters.spi.HttpFacade;
/**
* This {@link HttpFacade} wraps servlet requests and responses in such a way that any response headers / cookies being set by Keycloak

3
share/src/test/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigTest.java
View File

@@ -20,14 +20,13 @@ import java.util.Map;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.springframework.extensions.config.Config;
import org.springframework.extensions.config.ConfigElement;
import org.springframework.extensions.config.ConfigSource;
import org.springframework.extensions.config.source.UrlConfigSource;
import org.springframework.extensions.config.xml.XMLConfigService;
import de.acosix.alfresco.keycloak.share.deps.keycloak.representations.adapters.config.AdapterConfig;
/**
* @author Axel Faust
*/