Skip to content

Commit

Permalink
[KEYCLOAK-7703] HierarchicalPathBasedKeycloakConfigResolver for more …
Browse files Browse the repository at this point in the history 
…fine/coarse grained Keycloak configuration in Karaf
  • Loading branch information
@grgrzybek @hmlnarik
grgrzybek authored and hmlnarik committed Jul 19, 2018
1 parent 8b6979a commit 2cb7ec9
Show file tree
Hide file tree
Showing 3 changed files with 365 additions and 26 deletions.
89 changes: 89 additions & 0 deletions ...src/main/java/org/keycloak/adapters/osgi/HierarchicalPathBasedKeycloakConfigResolver.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.adapters.osgi;

import java.net.URI;
import java.util.ArrayList;
import java.util.List;

import org.jboss.logging.Logger;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OIDCHttpFacade;

/**
* This {@link KeycloakConfigResolver} tries to resolve most specific configuration for given URI path. If not found,
* <em>parent</em> path is checked up to top-level path.
*/
public class HierarchicalPathBasedKeycloakConfigResolver extends PathBasedKeycloakConfigResolver {

protected static final Logger log = Logger.getLogger(HierarchicalPathBasedKeycloakConfigResolver.class);

public HierarchicalPathBasedKeycloakConfigResolver() {
prepopulateCache();
}

@Override
public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
// we cached all available deployments initially and now we'll try to check them from
// most specific to most general
URI uri = URI.create(request.getURI());
String path = uri.getPath();
if (path != null) {
while (path.startsWith("/")) {
path = path.substring(1);
}
String[] segments = path.split("/");
List<String> paths = collectPaths(segments);
for (String pathFragment: paths) {
KeycloakDeployment cachedDeployment = super.getCachedDeployment(pathFragment);
if (cachedDeployment != null) {
return cachedDeployment;
}
}
}

throw new IllegalStateException("Can't find Keycloak configuration related to URI path " + uri);
}

/**
* <p>For segments like "a, b, c, d", returns:<ul>
* <li>"a-b-c-d"</li>
* <li>"a-b-c"</li>
* <li>"a-b"</li>
* <li>"a"</li>
* <li>""</li>
* </ul></p>
* @param segments
* @return
*/
private List<String> collectPaths(String[] segments) {
List<String> result = new ArrayList<>(segments.length + 1);
for (int idx = segments.length; idx >= 0; idx--) {
StringBuilder sb = null;
for (int i = 0; i < idx; i++) {
if (sb == null) {
sb = new StringBuilder();
}
sb.append("-").append(segments[i]);
}
result.add(sb == null ? "" : sb.toString().substring(1));
}
return result;
}

}
140 changes: 114 additions & 26 deletions ...sgi-adapter/src/main/java/org/keycloak/adapters/osgi/PathBasedKeycloakConfigResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,15 @@
*/
package org.keycloak.adapters.osgi;

import org.jboss.logging.Logger;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.OIDCHttpFacade;
import org.keycloak.adapters.spi.HttpFacade;

import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
Expand All @@ -31,10 +34,117 @@

public class PathBasedKeycloakConfigResolver implements KeycloakConfigResolver {

protected static final Logger log = Logger.getLogger(PathBasedKeycloakConfigResolver.class);

private final Map<String, KeycloakDeployment> cache = new ConcurrentHashMap<String, KeycloakDeployment>();

private File keycloakConfigLocation = null;

public PathBasedKeycloakConfigResolver() {
String location = null;
String keycloakConfig = (String) System.getProperties().get("keycloak.config");
if (keycloakConfig != null && !"".equals(keycloakConfig.trim())) {
location = keycloakConfig;
} else {
String karafEtc = (String) System.getProperties().get("karaf.etc");
if (karafEtc != null && !"".equals(karafEtc.trim())) {
location = karafEtc;
}
}
if (location != null) {
File loc = new File(location);
if (loc.isDirectory()) {
keycloakConfigLocation = loc;
}
}
}

@Override
public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
String webContext = getDeploymentKeyForURI(request);

return getOrCreateDeployment(webContext);
}

/**
* {@code pathFragment} is a key for {@link KeycloakDeployment deployments}. The key is used to construct
* a path relative to {@code keycloak.config} or {@code karaf.etc} system properties.
* For given key, {@code <key>-keycloak.json} file is checked.
* @param pathFragment
* @return
*/
protected synchronized KeycloakDeployment getOrCreateDeployment(String pathFragment) {
KeycloakDeployment deployment = getCachedDeployment(pathFragment);
if (null == deployment) {
// not found on the simple cache, try to load it from the file system
if (keycloakConfigLocation == null) {
throw new IllegalStateException("Neither \"keycloak.config\" nor \"karaf.etc\" java properties are set." +
" Please set one of them.");
}

File configuration = new File(keycloakConfigLocation, pathFragment + ("".equals(pathFragment) ? "" : "-")
+ "keycloak.json");
if (!cacheConfiguration(pathFragment, configuration)) {
throw new IllegalStateException("Not able to read the file " + configuration);
}
}

return deployment;
}

protected synchronized KeycloakDeployment getCachedDeployment(String pathFragment) {
return cache.get(pathFragment);
}

/**
* If there's a need, we can pre populate the cache of deployments.
*/
protected void prepopulateCache() {
if (keycloakConfigLocation == null || !keycloakConfigLocation.isDirectory()) {
log.warn("Can't cache Keycloak configurations. No configuration storage is accessible." +
" Please set either \"keycloak.config\" or \"karaf.etc\" system properties");
return;
}

File[] configs = keycloakConfigLocation.listFiles(new FileFilter() {
@Override
public boolean accept(File pathname) {
return pathname.isFile() && pathname.getName().endsWith("keycloak.json");
}
});
if (configs != null) {
for (File config: configs) {
String pathFragment = null;
if ("keycloak.json".equals(config.getName())) {
pathFragment = "";
} else if (config.getName().endsWith("-keycloak.json")) {
pathFragment = config.getName()
.substring(0, config.getName().length() - "-keycloak.json".length());
}
cacheConfiguration(pathFragment, config);
}
}
}

private boolean cacheConfiguration(String key, File config) {
try {
InputStream is = new FileInputStream(config);
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(is);
cache.put(key, deployment);
return true;
} catch (FileNotFoundException | RuntimeException e) {
log.warn("Can't cache " + config + ": " + e.getMessage(), e);
return false;
}
}

/**
* Finds a context path from given {@link HttpFacade.Request}. For default context, first path segment
* is returned.
* @param request
* @return
*/
private String getDeploymentKeyForURI(HttpFacade.Request request) {
String uri = request.getURI();
String relativePath = request.getRelativePath();
String webContext = null;
Expand All @@ -48,7 +158,9 @@ public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
} else {
URI parsedURI = URI.create(uri);
String path = parsedURI.getPath();
path = path.substring(0, path.indexOf(relativePath));
if (path.contains(relativePath)) {
path = path.substring(0, path.indexOf(relativePath));
}
while (path.startsWith("/")) {
path = path.substring(1);
}
Expand All @@ -65,31 +177,7 @@ public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
}
}

KeycloakDeployment deployment = cache.get(webContext);
if (null == deployment) {
// not found on the simple cache, try to load it from the file system
String keycloakConfig = (String) System.getProperties().get("keycloak.config");
if(keycloakConfig == null || "".equals(keycloakConfig.trim())){
String karafEtc = (String) System.getProperties().get("karaf.etc");
if(karafEtc == null || "".equals(karafEtc.trim())){
throw new IllegalStateException("Neither \"keycloak.config\" nor \"karaf.etc\" java properties are set. Please set one of them.");
}
keycloakConfig = karafEtc;
}

String absolutePath = keycloakConfig + File.separator + webContext + ("".equals(webContext) ? "" : "-")
+ "keycloak.json";
InputStream is = null;
try {
is = new FileInputStream(absolutePath);
} catch (FileNotFoundException e){
throw new IllegalStateException("Not able to find the file " + absolutePath);
}
deployment = KeycloakDeploymentBuilder.build(is);
cache.put(webContext, deployment);
}

return deployment;
return webContext;
}

}
Loading

0 comments on commit 2cb7ec9

Please sign in to comment.