From d7fbfc05e823072345d011ef99b08136b9bfe074 Mon Sep 17 00:00:00 2001
From: Martin Schmied <mschmied@gmail.com>
Date: Thu, 24 Mar 2016 09:32:43 +0100
Subject: [PATCH] Fix k_query_bearer_token endpoint in proxy

`org.keycloak.adapters.AuthenticatedActionsHandler` which handles token
requests performs blocking IO. However, the exchange is in non-blocking
mode when it reaches this handler in Keycloak proxy.
---
 .../keycloak/proxy/ProxyServerBuilder.java    |  4 +--
 .../proxy/TokenRequestPreHandler.java         | 27 +++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 proxy/proxy-server/src/main/java/org/keycloak/proxy/TokenRequestPreHandler.java

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
index 1dd96c6bf298..5c3dbc7fc6db 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
@@ -240,8 +240,7 @@ public ApplicationBuilder add() {
         }
 
         private HttpHandler addSecurity(final HttpHandler toWrap) {
-            HttpHandler handler = toWrap;
-            handler = new UndertowAuthenticatedActionsHandler(deploymentContext, toWrap);
+            HttpHandler handler = new UndertowAuthenticatedActionsHandler(deploymentContext, toWrap);
             if (errorPage != null) {
                 if (base.endsWith("/")) {
                     errorPage = base + errorPage;
@@ -249,6 +248,7 @@ private HttpHandler addSecurity(final HttpHandler toWrap) {
                     errorPage = base + "/" + errorPage;
                 }
             }
+            handler = new TokenRequestPreHandler(handler);
             handler = new ConstraintAuthorizationHandler(handler, errorPage, sendAccessToken, headerNameConfig);
             handler = new ProxyAuthenticationCallHandler(handler);
             handler = new ConstraintMatcherHandler(matches, handler, toWrap, errorPage);
diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/TokenRequestPreHandler.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/TokenRequestPreHandler.java
new file mode 100644
index 000000000000..312bd20023af
--- /dev/null
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/TokenRequestPreHandler.java
@@ -0,0 +1,27 @@
+package org.keycloak.proxy;
+
+import io.undertow.server.HttpHandler;
+import io.undertow.server.HttpServerExchange;
+import org.keycloak.constants.AdapterConstants;
+
+/**
+ * Dispatches requests for k_query_bearer_token through a worker thread (handler for this
+ * resource performs blocking IO).
+ */
+public class TokenRequestPreHandler implements HttpHandler {
+
+    private final HttpHandler next;
+
+    public TokenRequestPreHandler(HttpHandler next) {
+        this.next = next;
+    }
+
+    @Override
+    public void handleRequest(HttpServerExchange exchange) throws Exception {
+        if (exchange.getRequestURI().endsWith(AdapterConstants.K_QUERY_BEARER_TOKEN)) {
+            exchange.dispatch(next);
+        } else {
+            next.handleRequest(exchange);
+        }
+    }
+}