inteligr8/alfresco-keycloak
1
0
Fork 0
mirror of https://github.com/bmlong137/alfresco-keycloak.git synced 2025-09-10 14:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Safe reflection via setter + unit test config elements

Browse Source
This commit is contained in:
AFaust
2019-09-15 20:25:25 +02:00
parent fe3710cb6f
commit d857dbc9a3
10 changed files with 351 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pom.xml
View File

@@ -21,12 +21,12 @@
<parent>
<groupId>de.acosix.alfresco.maven</groupId>
<artifactId>de.acosix.alfresco.maven.project.parent-6.1.2</artifactId>
<version>1.2.0</version>
<version>1.2.1-SNAPSHOT</version>
</parent>
<groupId>de.acosix.alfresco.keycloak</groupId>
<artifactId>de.acosix.alfresco.keycloak.parent</artifactId>
<version>1.0.0</version>
<version>1.1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<name>Acosix Alfresco Keycloak - Parent</name>

2
repository/pom.xml
View File

@@ -21,7 +21,7 @@
<parent>
<groupId>de.acosix.alfresco.keycloak</groupId>
<artifactId>de.acosix.alfresco.keycloak.parent</artifactId>
<version>1.0.0</version>
<version>1.1.0-SNAPSHOT</version>
</parent>
<artifactId>de.acosix.alfresco.keycloak.repo</artifactId>

59
share/pom.xml
View File

@@ -21,12 +21,26 @@
<parent>
<groupId>de.acosix.alfresco.keycloak</groupId>
<artifactId>de.acosix.alfresco.keycloak.parent</artifactId>
<version>1.0.0</version>
<version>1.1.0-SNAPSHOT</version>
</parent>
<artifactId>de.acosix.alfresco.keycloak.share</artifactId>
<name>Acosix Alfresco Keycloak - Share Module</name>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>de.acosix.alfresco.keycloak.repo</artifactId>
<version>${project.version}</version>
<classifier>installable</classifier>
<scope>test</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
@@ -69,39 +83,50 @@
<dependency>
<groupId>de.acosix.alfresco.utility</groupId>
<artifactId>de.acosix.alfresco.utility.core.share</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>de.acosix.alfresco.utility</groupId>
<artifactId>de.acosix.alfresco.utility.core.share</artifactId>
<classifier>installable</classifier>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>de.acosix.alfresco.keycloak.repo</artifactId>
<version>${project.version}</version>
<classifier>installable</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
<configuration>
<excludes>
<exclude>**/KeycloakAdapterConfigElement.class</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>net.alchim31.maven</groupId>

59
share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigElement.java
View File

@@ -16,12 +16,15 @@
package de.acosix.alfresco.keycloak.share.config;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@@ -29,6 +32,8 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.ParameterCheck;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.extensions.config.ConfigElement;
import com.fasterxml.jackson.annotation.JsonProperty;
@@ -42,11 +47,13 @@ import de.acosix.alfresco.utility.share.config.ConfigValueHolder;
public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
{
public static final String NAME = "keycloak-adapter-config";
public static final String NAME = KeycloakConfigConstants.KEYCLOAK_ADAPTER_CONFIG_NAME;
private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakAdapterConfigElement.class);
private static final long serialVersionUID = -7211927327179092723L;
private static final Map<String, Field> FIELD_BY_CONFIG_NAME;
private static final Map<String, Method> SETTER_BY_CONFIG_NAME;
private static final Map<String, Class<?>> VALUE_TYPE_BY_CONFIG_NAME;
@@ -54,7 +61,7 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
static
{
final Map<String, Field> fieldByConfigName = new HashMap<>();
final Map<String, Method> setterByConfigName = new HashMap<>();
final Map<String, Class<?>> valueTypeByConfigName = new HashMap<>();
final List<String> configNames = new ArrayList<>();
@@ -81,17 +88,35 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
if (annotation != null)
{
final String configName = annotation.value();
Class<?> valueType = field.getType();
if (valueType.isPrimitive())
{
valueType = primitiveWrapperTypeMap.get(valueType);
}
if (supportedValueTypes.contains(valueType))
final String fieldName = field.getName();
final StringBuilder setterNameBuilder = new StringBuilder(3 + fieldName.length());
setterNameBuilder.append("set");
setterNameBuilder.append(fieldName.substring(0, 1).toUpperCase(Locale.ENGLISH));
setterNameBuilder.append(fieldName.substring(1));
final String setterName = setterNameBuilder.toString();
Class<?> valueType = field.getType();
try
{
fieldByConfigName.put(configName, field);
valueTypeByConfigName.put(configName, valueType);
configNames.add(configName);
final Method setter = cls.getDeclaredMethod(setterName, valueType);
if (valueType.isPrimitive())
{
valueType = primitiveWrapperTypeMap.get(valueType);
}
if (supportedValueTypes.contains(valueType))
{
setterByConfigName.put(configName, setter);
valueTypeByConfigName.put(configName, valueType);
configNames.add(configName);
}
}
catch (final NoSuchMethodException nsme)
{
LOGGER.warn("Cannot support Keycloak adapter config field {} as no appropriate setter {} could be found in {}",
fieldName, setterName, cls);
}
}
}
@@ -99,7 +124,7 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
cls = cls.getSuperclass();
}
FIELD_BY_CONFIG_NAME = Collections.unmodifiableMap(fieldByConfigName);
SETTER_BY_CONFIG_NAME = Collections.unmodifiableMap(setterByConfigName);
VALUE_TYPE_BY_CONFIG_NAME = Collections.unmodifiableMap(valueTypeByConfigName);
CONFIG_NAMES = Collections.unmodifiableList(configNames);
}
@@ -281,18 +306,16 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
{
for (final String configName : CONFIG_NAMES)
{
final Field field = FIELD_BY_CONFIG_NAME.get(configName);
final Method setter = SETTER_BY_CONFIG_NAME.get(configName);
final Object value = this.configValueByField.get(configName);
if (value != null)
{
// TODO Refactor towards use of setter to avoid setAccessible
field.setAccessible(true);
field.set(config, value);
setter.invoke(config, value);
}
}
}
catch (final IllegalAccessException ex)
catch (final IllegalAccessException | InvocationTargetException ex)
{
throw new AlfrescoRuntimeException("Error building adapter configuration", ex);
}

2
share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAuthenticationConfigElement.java
View File

@@ -29,7 +29,7 @@ public class KeycloakAuthenticationConfigElement extends BaseCustomConfigElement
private static final long serialVersionUID = 8587583775593697136L;
public static final String NAME = "keycloak-auth-config";
public static final String NAME = KeycloakConfigConstants.KEYCLOAK_AUTH_CONFIG_NAME;
protected final ConfigValueHolder<Boolean> enhanceLoginForm = new ConfigValueHolder<>();

30
share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakConfigConstants.java Normal file
View File

@@ -0,0 +1,30 @@
/*
* Copyright 2019 Acosix GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.acosix.alfresco.keycloak.share.config;
/**
* @author Axel Faust
*/
public interface KeycloakConfigConstants
{
String KEYCLOAK_CONFIG_SECTION_NAME = "Keycloak";
String KEYCLOAK_ADAPTER_CONFIG_NAME = "keycloak-adapter-config";
String KEYCLOAK_AUTH_CONFIG_NAME = "keycloak-auth-config";
}

16
share/src/main/java/de/acosix/alfresco/keycloak/share/web/KeycloakAuthenticationFilter.java
View File

@@ -81,6 +81,7 @@ import org.springframework.extensions.webscripts.servlet.DependencyInjectedFilte
import de.acosix.alfresco.keycloak.share.config.KeycloakAdapterConfigElement;
import de.acosix.alfresco.keycloak.share.config.KeycloakAuthenticationConfigElement;
import de.acosix.alfresco.keycloak.share.config.KeycloakConfigConstants;
import de.acosix.alfresco.keycloak.share.remote.BearerTokenAwareSlingshotAlfrescoConnector;
/**
@@ -229,8 +230,8 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
LOGGER.error("No remote configuration has been defined for the application");
}
final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) this.configService.getConfig("Keycloak")
.getConfigElement(KeycloakAdapterConfigElement.NAME);
final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) this.configService
.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAdapterConfigElement.NAME);
if (keycloakAdapterConfig != null)
{
final AdapterConfig adapterConfiguration = keycloakAdapterConfig.buildAdapterConfiguration();
@@ -268,7 +269,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
}
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
.getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
if (keycloakAuthConfig != null)
{
this.filterEnabled = Boolean.TRUE.equals(keycloakAuthConfig.getEnableSsoFilter());
@@ -405,7 +406,8 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
currentSession.getId());
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
.getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME)
.getConfigElement(KeycloakAuthenticationConfigElement.NAME);
final OIDCServletHttpFacade facade = new OIDCServletHttpFacade(req, res);
final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
@@ -445,7 +447,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
LOGGER.debug("Processing Keycloak authentication on request to {}", req.getRequestURL());
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
.getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
final Integer sslRedirectPort = keycloakAuthConfig.getSslRedirectPort();
@@ -579,7 +581,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
protected void prepareLoginFormEnhancement(final ServletContext context, final HttpServletRequest req, final HttpServletResponse res)
{
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
.getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
final Integer sslRedirectPort = keycloakAuthConfig.getSslRedirectPort();
@@ -901,7 +903,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
final OIDCServletHttpFacade facade = new OIDCServletHttpFacade(req, res);
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
.getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
final OIDCFilterSessionStore tokenStore = new OIDCFilterSessionStore(req, facade,

129
share/src/test/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigTest.java Normal file
View File

@@ -0,0 +1,129 @@
/*
* Copyright 2019 Acosix GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.acosix.alfresco.keycloak.share.config;
import java.util.Arrays;
import java.util.Map;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.springframework.extensions.config.Config;
import org.springframework.extensions.config.ConfigSource;
import org.springframework.extensions.config.source.UrlConfigSource;
import org.springframework.extensions.config.xml.XMLConfigService;
/**
* @author Axel Faust
*/
public class KeycloakAdapterConfigTest
{
@Test
public void loadDefaultConfig()
{
// default-config.xml copied from src/main/config into src/test/resoruces because default resource filtering will not copy into
// build / class path
final ConfigSource configSource = new UrlConfigSource(Arrays.asList("classpath:default-config.xml"), true);
final XMLConfigService configService = new XMLConfigService(configSource);
configService.initConfig();
final Config keycloakConfigSection = configService.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME);
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) keycloakConfigSection
.getConfigElement(KeycloakAuthenticationConfigElement.NAME);
Assert.assertTrue(keycloakAuthConfig.getEnhanceLoginForm());
Assert.assertTrue(keycloakAuthConfig.getEnableSsoFilter());
Assert.assertFalse(keycloakAuthConfig.getForceKeycloakSso());
Assert.assertEquals(Integer.valueOf(8443), keycloakAuthConfig.getSslRedirectPort());
Assert.assertEquals(Integer.valueOf(10485760), keycloakAuthConfig.getBodyBufferLimit());
Assert.assertEquals(Integer.valueOf(1000), keycloakAuthConfig.getSessionMapperLimit());
final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) keycloakConfigSection
.getConfigElement(KeycloakAdapterConfigElement.NAME);
Assert.assertEquals("http://localhost:8180/auth", keycloakAdapterConfig.getFieldValue("auth-server-url"));
Assert.assertEquals("alfresco", keycloakAdapterConfig.getFieldValue("realm"));
Assert.assertEquals("alfresco", keycloakAdapterConfig.getFieldValue("resource"));
Assert.assertEquals("none", keycloakAdapterConfig.getFieldValue("ssl-required"));
Assert.assertEquals(Boolean.FALSE, keycloakAdapterConfig.getFieldValue("public-client"));
Assert.assertTrue(keycloakAdapterConfig.getFieldValue("credentials") instanceof Map<?, ?>);
final Map<?, ?> credentials = (Map<?, ?>) keycloakAdapterConfig.getFieldValue("credentials");
Assert.assertEquals("secret", credentials.get("provider"));
final AdapterConfig adapterConfig = keycloakAdapterConfig.buildAdapterConfiguration();
Assert.assertEquals("http://localhost:8180/auth", adapterConfig.getAuthServerUrl());
Assert.assertEquals("alfresco", adapterConfig.getRealm());
Assert.assertEquals("alfresco", adapterConfig.getResource());
Assert.assertEquals("none", adapterConfig.getSslRequired());
Assert.assertFalse(adapterConfig.isPublicClient());
Assert.assertNotNull(adapterConfig.getCredentials());
Assert.assertEquals("secret", adapterConfig.getCredentials().get("provider"));
}
@Test
public void loadMergedConfig()
{
// default-config.xml copied from src/main/config into src/test/resoruces because default resource filtering will not copy into
// build / class path
final ConfigSource configSource = new UrlConfigSource(
Arrays.asList("classpath:default-config.xml", "classpath:addendum-config.xml"), true);
final XMLConfigService configService = new XMLConfigService(configSource);
configService.initConfig();
final Config keycloakConfigSection = configService.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME);
final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) keycloakConfigSection
.getConfigElement(KeycloakAuthenticationConfigElement.NAME);
Assert.assertFalse(keycloakAuthConfig.getEnhanceLoginForm());
Assert.assertFalse(keycloakAuthConfig.getEnableSsoFilter());
Assert.assertFalse(keycloakAuthConfig.getForceKeycloakSso());
Assert.assertEquals(Integer.valueOf(8443), keycloakAuthConfig.getSslRedirectPort());
Assert.assertEquals(Integer.valueOf(10485760), keycloakAuthConfig.getBodyBufferLimit());
Assert.assertEquals(Integer.valueOf(2000), keycloakAuthConfig.getSessionMapperLimit());
final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) keycloakConfigSection
.getConfigElement(KeycloakAdapterConfigElement.NAME);
Assert.assertEquals("http://localhost:8080/auth", keycloakAdapterConfig.getFieldValue("auth-server-url"));
Assert.assertEquals("my-realm", keycloakAdapterConfig.getFieldValue("realm"));
Assert.assertEquals("alfresco", keycloakAdapterConfig.getFieldValue("resource"));
Assert.assertEquals("none", keycloakAdapterConfig.getFieldValue("ssl-required"));
Assert.assertEquals(Boolean.FALSE, keycloakAdapterConfig.getFieldValue("public-client"));
Assert.assertEquals(Boolean.TRUE, keycloakAdapterConfig.getFieldValue("always-refresh-token"));
Assert.assertEquals(Integer.valueOf(123), keycloakAdapterConfig.getFieldValue("connection-pool-size"));
Assert.assertTrue(keycloakAdapterConfig.getFieldValue("credentials") instanceof Map<?, ?>);
final Map<?, ?> credentials = (Map<?, ?>) keycloakAdapterConfig.getFieldValue("credentials");
Assert.assertEquals("differentSecret", credentials.get("provider"));
final AdapterConfig adapterConfig = keycloakAdapterConfig.buildAdapterConfiguration();
Assert.assertEquals("http://localhost:8080/auth", adapterConfig.getAuthServerUrl());
Assert.assertEquals("my-realm", adapterConfig.getRealm());
Assert.assertEquals("alfresco", adapterConfig.getResource());
Assert.assertEquals("none", adapterConfig.getSslRequired());
Assert.assertFalse(adapterConfig.isPublicClient());
Assert.assertTrue(adapterConfig.isAlwaysRefreshToken());
Assert.assertEquals(123, adapterConfig.getConnectionPoolSize());
Assert.assertNotNull(adapterConfig.getCredentials());
Assert.assertEquals("differentSecret", adapterConfig.getCredentials().get("provider"));
}
}

36
share/src/test/resources/addendum-config.xml Normal file
View File

@@ -0,0 +1,36 @@
<?xml version='1.0' encoding='UTF-8' ?>
<!--
Copyright 2019 Acosix GmbH
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<alfresco-config>
<config evaluator="string-compare" condition="Keycloak">
<keycloak-auth-config>
<enhance-login-form>false</enhance-login-form>
<enable-sso-filter>false</enable-sso-filter>
<session-mapper-limit>2000</session-mapper-limit>
</keycloak-auth-config>
<keycloak-adapter-config>
<auth-server-url>http://localhost:8080/auth</auth-server-url>
<always-refresh-token>true</always-refresh-token>
<connection-pool-size>123</connection-pool-size>
<realm>my-realm</realm>
<credentials>
<provider>differentSecret</provider>
</credentials>
</keycloak-adapter-config>
</config>
</alfresco-config>

60
share/src/test/resources/default-config.xml Normal file
View File

@@ -0,0 +1,60 @@
<?xml version='1.0' encoding='UTF-8' ?>
<!--
Copyright 2019 Acosix GmbH
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<alfresco-config>
<plug-ins>
<element-readers>
<element-reader element-name="keycloak-auth-config"
class="${project.artifactId}.config.KeycloakAuthenticationConfigElementReader" />
<element-reader element-name="keycloak-adapter-config"
class="${project.artifactId}.config.KeycloakAdapterConfigElementReader" />
</element-readers>
</plug-ins>
<!-- sensible default configuration (similar to Repository identity-service-authentication.properties -->
<config evaluator="string-compare" condition="Keycloak">
<keycloak-auth-config>
<enhance-login-form>true</enhance-login-form>
<enable-sso-filter>true</enable-sso-filter>
<force-keycloak-sso>false</force-keycloak-sso>
<!-- use 8443 as default SSL redirect based on Tomcat default server.xml configuration -->
<ssl-redirect-port>8443</ssl-redirect-port>
<body-buffer-limit>10485760</body-buffer-limit>
<session-mapper-limit>1000</session-mapper-limit>
</keycloak-auth-config>
<keycloak-adapter-config>
<auth-server-url>http://localhost:8180/auth</auth-server-url>
<realm>alfresco</realm>
<resource>alfresco</resource>
<ssl-required>none</ssl-required>
<!-- other than content-app / Identity Service, Share must/should be a confidential client to exchange code for access token + refresh -->
<public-client>false</public-client>
<credentials>
<provider>secret</provider>
</credentials>
</keycloak-adapter-config>
</config>
<!-- add to the global configuration -->
<config evaluator="string-compare">
<user>
<!-- make sure groups of a user are kept up-to-date in at least 60 seconds intervals (lazily refreshed on next request) -->
<cached-user-groups-timeout>60000</cached-user-groups-timeout>
</user>
</config>
</alfresco-config>