Now orchestrators calls are UMA authenticated with keycloak-client credentials and audience
This commit is contained in:
parent
b7060749ea
commit
55861fbe4c
|
@ -47,10 +47,6 @@ public class OrchestratorEventPublisherProvider extends AbstractEventPublisher
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onEvent(Event event) {
|
public void onEvent(Event event) {
|
||||||
// if (event.getError() != null) {
|
|
||||||
// logger.debug("Skipping error event publish");
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
if (!INTERESTING_EVENTS.contains(event.getType())) {
|
if (!INTERESTING_EVENTS.contains(event.getType())) {
|
||||||
logger.debug("Skipping publish of not interesting event");
|
logger.debug("Skipping publish of not interesting event");
|
||||||
return;
|
return;
|
||||||
|
@ -71,11 +67,17 @@ public class OrchestratorEventPublisherProvider extends AbstractEventPublisher
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected EventSender createEventSender() {
|
protected EventSender createEventSender() {
|
||||||
logger.infof("Creating the HTTP event sender with endpoint: %s",
|
logger.infof(
|
||||||
OrchestratorEventPublisherProviderFactory.endpoint);
|
"Creating the HTTP event sender with endpoint: %s, clientId: %s, KC token endpoint: %s, UMA adience: %s",
|
||||||
|
OrchestratorEventPublisherProviderFactory.ORCHESTRATOR_ENDPOINT,
|
||||||
|
OrchestratorEventPublisherProviderFactory.KEYCLOAK_ENDPOINT,
|
||||||
|
OrchestratorEventPublisherProviderFactory.KEYCLOAK_CLIENT_ID);
|
||||||
|
|
||||||
return new HTTPWithUMAAuthEventSender(OrchestratorEventPublisherProviderFactory.endpoint, null, null, null,
|
return new HTTPWithUMAAuthEventSender(OrchestratorEventPublisherProviderFactory.ORCHESTRATOR_ENDPOINT,
|
||||||
null);
|
OrchestratorEventPublisherProviderFactory.KEYCLOAK_CLIENT_ID,
|
||||||
|
OrchestratorEventPublisherProviderFactory.KEYCLOAK_CLIENT_SECRET,
|
||||||
|
OrchestratorEventPublisherProviderFactory.KEYCLOAK_ENDPOINT,
|
||||||
|
OrchestratorEventPublisherProviderFactory.KEYCLOAK_CLIENT_ID);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,11 +17,19 @@ import org.keycloak.models.RealmModel;
|
||||||
*/
|
*/
|
||||||
public class OrchestratorEventPublisherProviderFactory implements EventListenerProviderFactory {
|
public class OrchestratorEventPublisherProviderFactory implements EventListenerProviderFactory {
|
||||||
|
|
||||||
public static final String ORCHESTRATOR_CLIENT_ID = "orchestrator";
|
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(OrchestratorEventPublisherProviderFactory.class);
|
private static final Logger logger = Logger.getLogger(OrchestratorEventPublisherProviderFactory.class);
|
||||||
|
|
||||||
public static URL endpoint;
|
public static final String MASTER_REALM_NAME = "master";
|
||||||
|
public static final String ORCHESTRATOR_CLIENT_ID = "orchestrator";
|
||||||
|
public static final String KEYCLOAK_CLIENT_ID = "keycloak-client";
|
||||||
|
|
||||||
|
private static final int CHECK_DELAY = 60 * 1000; // One minute
|
||||||
|
|
||||||
|
public static URL ORCHESTRATOR_ENDPOINT;
|
||||||
|
public static URL KEYCLOAK_ENDPOINT;
|
||||||
|
public static String KEYCLOAK_CLIENT_SECRET;
|
||||||
|
|
||||||
|
protected Long lastEndpointCheck = new Long(0);
|
||||||
protected OrchestratorEventPublisherProvider oepp;
|
protected OrchestratorEventPublisherProvider oepp;
|
||||||
|
|
||||||
public OrchestratorEventPublisherProviderFactory() {
|
public OrchestratorEventPublisherProviderFactory() {
|
||||||
|
@ -34,35 +42,74 @@ public class OrchestratorEventPublisherProviderFactory implements EventListenerP
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public synchronized OrchestratorEventPublisherProvider create(KeycloakSession keycloakSession) {
|
public synchronized OrchestratorEventPublisherProvider create(KeycloakSession keycloakSession) {
|
||||||
logger.debug("Getting actual realm from session's context");
|
Long now = System.currentTimeMillis();
|
||||||
RealmModel realm = keycloakSession.getContext().getRealm();
|
Long elapsed = now - lastEndpointCheck;
|
||||||
|
if (oepp == null || elapsed > CHECK_DELAY) {
|
||||||
|
lastEndpointCheck = now;
|
||||||
|
ClientModel orchestratorClient = getClientInActualOrMasterRealm(keycloakSession, ORCHESTRATOR_CLIENT_ID);
|
||||||
|
ClientModel keycloakClient = getClientInActualOrMasterRealm(keycloakSession, KEYCLOAK_CLIENT_ID);
|
||||||
|
logger.debug("Getting configured orchestrator endpoint address from client's base URL");
|
||||||
|
String orchestratorAddress = orchestratorClient.getBaseUrl();
|
||||||
|
logger.debug("Getting configured keycloak endpoint address from client's base URL");
|
||||||
|
String keycloakAddress = keycloakClient.getBaseUrl();
|
||||||
|
logger.debug("Getting configured keycloak client client-secret from client");
|
||||||
|
String keycloakClientSecret = keycloakClient.getSecret();
|
||||||
|
URL newOrchestratorEndpoint;
|
||||||
|
URL newKeycloakEndpoint;
|
||||||
|
try {
|
||||||
|
newOrchestratorEndpoint = new URL(orchestratorAddress);
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
logger.errorf("Can't create new orchestrator endpoint address: %s",
|
||||||
|
orchestratorAddress, e);
|
||||||
|
oepp = null;
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
newKeycloakEndpoint = new URL(keycloakAddress);
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
logger.errorf("Can't create new keycloak token address: %s", keycloakAddress, e);
|
||||||
|
oepp = null;
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
if (oepp == null || !newOrchestratorEndpoint.equals(ORCHESTRATOR_ENDPOINT)
|
||||||
|
|| !newKeycloakEndpoint.equals(KEYCLOAK_ENDPOINT)
|
||||||
|
|| !keycloakClientSecret.equals(KEYCLOAK_CLIENT_SECRET)) {
|
||||||
|
|
||||||
logger.debugf("Getting configured endpoint address for client '%s' in realm '%s'", ORCHESTRATOR_CLIENT_ID,
|
logger.infof("Creating new orchestrator event publisher provider for endpoint: %s",
|
||||||
realm.getName());
|
orchestratorAddress);
|
||||||
|
// Address and other fileds will be then read from static fields in this class by
|
||||||
ClientModel client = realm.getClientByClientId(ORCHESTRATOR_CLIENT_ID);
|
// the createEventSender() called by the superclass' constructor, overridden in the impl.
|
||||||
if (client == null) {
|
ORCHESTRATOR_ENDPOINT = newOrchestratorEndpoint;
|
||||||
logger.warnf("Cannot find %s client in realm: %s", ORCHESTRATOR_CLIENT_ID, realm.getName());
|
KEYCLOAK_ENDPOINT = newKeycloakEndpoint;
|
||||||
return null;
|
KEYCLOAK_CLIENT_SECRET = keycloakClientSecret;
|
||||||
}
|
|
||||||
|
|
||||||
String address = client.getBaseUrl();
|
|
||||||
try {
|
|
||||||
URL newEndpoint = new URL(address);
|
|
||||||
if (oepp == null || !newEndpoint.equals(endpoint)) {
|
|
||||||
logger.infof("Creating new orchestrator event publisher provider for endpoint: %s", address);
|
|
||||||
OrchestratorEventPublisherProviderFactory.endpoint = newEndpoint;
|
|
||||||
// Endpoint address will be read from 'address' static field in this class
|
|
||||||
oepp = new OrchestratorEventPublisherProvider();
|
oepp = new OrchestratorEventPublisherProvider();
|
||||||
}
|
}
|
||||||
} catch (MalformedURLException e) {
|
|
||||||
logger.error("Can't create new orchestrator event publisher provider with endpoint address: " + address,
|
} else {
|
||||||
e);
|
logger.debugf("Next check is in %d millis", CHECK_DELAY - elapsed);
|
||||||
oepp = null;
|
|
||||||
}
|
}
|
||||||
return oepp;
|
return oepp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected ClientModel getClientInActualOrMasterRealm(KeycloakSession keycloakSession, String clientId) {
|
||||||
|
logger.debug("Getting actual realm from session's context");
|
||||||
|
RealmModel realm = keycloakSession.getContext().getRealm();
|
||||||
|
logger.debugf("Trying getting '%s' client in current realm '%s'", clientId, realm.getName());
|
||||||
|
ClientModel client = realm.getClientByClientId(clientId);
|
||||||
|
if (client == null) {
|
||||||
|
logger.debugf("Not found. Now trying getting '%s' in '%s' realm", clientId, MASTER_REALM_NAME);
|
||||||
|
realm = keycloakSession.realms().getRealmByName(MASTER_REALM_NAME);
|
||||||
|
client = realm.getClientByClientId(clientId);
|
||||||
|
if (client == null) {
|
||||||
|
logger.warnf("Cannot find '%s' client not even in '%s' realm", clientId, realm.getName(),
|
||||||
|
MASTER_REALM_NAME);
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return client;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getId() {
|
public String getId() {
|
||||||
return "orchestrator-event-publisher";
|
return "orchestrator-event-publisher";
|
||||||
|
|
Loading…
Reference in New Issue