You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/05/23 20:59:27 UTC
airavata git commit: AIRAVATA-2342 Setting up trust store for
Keycloak ResteasyClient
Repository: airavata
Updated Branches:
refs/heads/develop 0a6afd12e -> 0eda7d202
AIRAVATA-2342 Setting up trust store for Keycloak ResteasyClient
The Keycloak ResteasyClient uses its own SSLContext so can't rely on the
configuration of the default SSLContext that the TrustStoreManager
performs.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/0eda7d20
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/0eda7d20
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/0eda7d20
Branch: refs/heads/develop
Commit: 0eda7d202c68bc64caa876a888b92e035d9ebcef
Parents: 0a6afd1
Author: Marcus Christie <ma...@apache.org>
Authored: Tue May 23 16:55:24 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Tue May 23 16:57:50 2017 -0400
----------------------------------------------------------------------
.../core/impl/TenantManagementKeycloakImpl.java | 63 ++++++++++++++++----
.../handlers/IamAdminServicesHandler.java | 15 ++---
2 files changed, 56 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/0eda7d20/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 0d2e9a8..60a8f5d 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -28,12 +28,19 @@ import org.apache.airavata.model.user.UserProfile;
import org.apache.airavata.model.workspace.Gateway;
import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface;
import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
import javax.ws.rs.core.Response;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -42,23 +49,57 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class);
+ // TODO: close Keycloak client once done with it?
private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) {
- return Keycloak.getInstance(
- adminUrl,
- realm, // the realm to log in to
- AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user
- "admin-cli"); // admin-cli is the client ID used for keycloak admin operations.
+ ResteasyClient resteasyClient = new ResteasyClientBuilder()
+ .connectionPoolSize(10)
+ .trustStore(loadKeyStore())
+ .build();
+ return KeycloakBuilder.builder()
+ .serverUrl(adminUrl)
+ .realm(realm)
+ .username(AdminPasswordCreds.getLoginUserName())
+ .password(AdminPasswordCreds.getPassword())
+ .clientId("admin-cli")
+ .resteasyClient(resteasyClient)
+ .build();
}
private static Keycloak getClient(String adminUrl, String realm, String authToken) {
- return Keycloak.getInstance(
- adminUrl,
- realm, // the realm to log in to
- "admin-cli",
- authToken // the realm admin's auth token
- );
+ ResteasyClient resteasyClient = new ResteasyClientBuilder()
+ .connectionPoolSize(10)
+ .trustStore(loadKeyStore())
+ .build();
+ return KeycloakBuilder.builder()
+ .serverUrl(adminUrl)
+ .realm(realm)
+ .authorization(authToken)
+ .clientId("admin-cli")
+ .resteasyClient(resteasyClient)
+ .build();
+ }
+
+ private static KeyStore loadKeyStore() {
+
+ FileInputStream fis = null;
+ try {
+ fis = new java.io.FileInputStream(ServerSettings.getTrustStorePath());
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(fis, ServerSettings.getTrustStorePassword().toCharArray());
+ return ks;
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to load trust store KeyStore instance", e);
+ } finally {
+ if (fis != null) {
+ try {
+ fis.close();
+ } catch (IOException e) {
+ logger.error("Failed to close trust store FileInputStream", e);
+ }
+ }
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/airavata/blob/0eda7d20/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 26fa1ed..9f33cd5 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -37,23 +37,16 @@ import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
import java.util.List;
public class IamAdminServicesHandler implements IamAdminServices.Iface {
private final static Logger logger = LoggerFactory.getLogger(IamAdminServicesHandler.class);
- public IamAdminServicesHandler() {
-
- try {
- //initialize SSL context with the trust store that contains the CA cert signing the Keycloak server cert
- TrustStoreManager trustStoreManager = new TrustStoreManager();
- trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
- ServerSettings.getTrustStorePassword());
- } catch (Exception e) {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
@Override
public String getAPIVersion(AuthzToken authzToken) throws IamAdminServicesException, AuthorizationException {