I'm in charge of the migration of an old keycloak ( 3.4.2 ) to the latest version. I already migrated the database and the template.
The last thing that poses problem is custom providers for Account and Login.
I have two custom providers that extends :
FreeMarkerAccountProviderFactory
FreeMarkerLoginProviderFactory
At first, no providers was loaded at the starting of keycloak in version > 4.x. I investigate, and i found that override the default getId() method to return a value other than the default "freemarker" makes keycloak load them again.
But after that if i try to access the login page, i got a nullpointer exception on org.keycloak.services.resources.account.AccountFormService.init(AccountFormService.java:139)
Any idea ?
Edit : spi in provider are declared in META-INF/services and provider in standalone.xml
Edit 2 : I share the loginFormProvider as it as the same problem, trigger the same error but it less complicated in it's implementation
public class KeycloakFreeMarkerLoginFormsProvider extends FreeMarkerLoginFormProvider {
public KeycloakFreeMarkerLoginFormsProvider(KeycloakSession session, FreeMarkerUtil freeMarker) {
super(sesssion, freeMarker);
}
public Response createResponse(LoginFormsPages page) {
List<Foo> foo = // loading foo entities
List<Bar> bar = // loading bar entities
super.attributes.put("foo", foo);
super.attributes.put("bar", bar);
return super.createResponse(page);
}
}
public class KeycloakFreeMarkerLoginProviderFactory extends FreeMarkerLoginFormsProviderFactory {
private FreeMarkerUtil freeMarker;
public KeycloakFreeMarkerLoginProviderFactory() {
super();
}
#Override
public LoginFormsProvider create(KeycloakSession session) {
return new KeycloakFreeMarkerLoginFormsProvider(session, this.freeMarker);
}
#Override
public void init(Config.Scope config) {
this.freeMarker = new FreeMarkerUtil();
}
#Override
public void close() {
this.freeMarker = null;
}
/* Without getId() or with a value at freeMarker, the provider
is not load. With other value, get NPE */
#Override
public String getId() {
return "custom.provider";
}
}
Based on the comments chain, it appears that the problem is that the provider is not getting picked up by Keycloak. You have a couple of options for bundling a custom provider with Keycloak: as a module, or as a deployed war/ear/jar in the deployments directory.
Here's how to do it as a module:
You'll need to add some configuration (module.xml), and your jar, to the modules directory structure. It should look like something like this:
(keycloak root)
|- modules
|- system
|- layers
|- keycloak
|- com
|- yourcompany
|- yourmodule
|- main
|- your-module-name.jar
|- module.xml (see below)
Your module.xml should look something like this:
<?xml version="1.0" encoding="UTF-8"?>
<module name="com.yourcompany.yourmodule" xmlns="urn:jboss:module:1.6">
<resources>
<resource-root path="your-module-name.jar"/>
</resources>
<dependencies>
<!-- whatever module dependencies you need go here -->
<!-- these are just an example; you may or may not need them -->
<module name="org.jboss.logging" />
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-services"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
</dependencies>
</module>
Additionally, you'll need to configure standalone.xml and/or possibly standalone-ha.xml depending on your scenario (The default Keycloak Docker image uses -ha.xml by default). The pertinent section should look something like this:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
<provider>
classpath:${jboss.home.dir}/providers/*
</provider>
<!-- add this -->
<provider>
module:com.yourcompany.yourmodule
</provider>
<!-- end add -->
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
...
</subsystem>
Lastly, like you mention, you'll need the correct config in your META-INF/services directory: a file with the fully qualified classname of the ProviderFactory as defined by the SPI, with one line containing the fully qualified classname of your implementation. In your case, the file should be called org.keycloak.forms.login.LoginFormsProviderFactory and its value should be one line: (com.yourpackage).KeycloakFreeMarkerLoginProviderFactory
If it's picked up, you should be able to see it listed in the providers config in the admin UI. To view, log in to the admin console, click on your username in the upper right, and select "Server Info", then click on the "Providers" tab. You should see your provider listed under "login".
Related
I've added the CDI feature to the server.xml file<feature>cdi-1.2</feature>.
My maven module contains the beans.xml inside the <module_name>/src/main/resources/META-INF folder.
This is the beans.xml content:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
version="1.1" bean-discovery-mode="all">
</beans>
But when I use the #Inject annotation it doesn't work, my bean is always null.
Code:
package ch.webapp.presentation;
...
#Path("/test/")
public class MyController {
#Inject
private MyService myService;
#GET
#Path("/foo/{count}")
#OAuthSecurity(scope = "login")
#Produces("application/json")
public Response news(#PathParam("count") int count) {
return Response
.ok(myService.getBar(count))
.build();
}
}
EDIT:
That's my bean
package ch.webapp.service;
...
#RequestScoped
public class MyService {
public String getBar(int count) {
return "foo";
}
}
I initialize jax-rs by extended the MFPJAXRSApplication class
package ch.webapp;
...
public class AccountApplication extends MFPJAXRSApplication {
#Override
protected void init() throws Exception {
}
#Override
protected void destroy() throws Exception {
}
#Override
protected String getPackageToScan() {
return getClass().getPackage().getName();
}
}
Environment details:
Launching mfp (WebSphere Application Server 8.5.5.8/wlp-1.0.11.cl50820151201-1942) on Java HotSpot(TM) 64-Bit Server VM, version 1.8.0_172-b11 (en_CH)
Console Product version: 8.0.0.00-20180717-175523
What's wrong?
First it seems that websphere jax-rs implementation does not integrate jax-rs resources automatically unless you annotate them appropriately.
Put the jax-rs in a CDI managed context by annotating it appropriately
#Path("/test/")
#javax.enterprise.context.RequestScoped
public class MyController {
#Inject
private MyService myService;
#GET
#Path("/foo/{count}")
#OAuthSecurity(scope = "login")
#Produces("application/json")
public Response news(#PathParam("count") int count) {
return Response
.ok(myService.getBar(count))
.build();
}
}
Also be sure that the annotation used for your service is
#javax.enterprise.context.RequestScoped
Based on the inputs provided by you please go through the below checklist.
Your services and controllers are in the same module and its packaging type is war, So you must place your beans.xml in this path src/main/resources/WEB-INF/beans.xml. (If this is Java EE 7 application then beans.xml is optional.
In your AccountApplication class try hardcoding the package name to ch.webapp.presentation
#Override
protected String getPackageToScan() {
return "ch.webapp.presentation";
}
This is just to check Behaviour of MFPJAXRSApplication.getPackageToScan() method whether it is scanning the specified package only or its child packages too.
Except these, everything seems fine to me. If this still doesn't work add complete application startup logs so that community can find the root cause of it.
This is classical mistake. CDI works for managed beans (for instance EJB's and servlets). If you want to enable it on your JAXRS bean, you have to make it "managed", that is annotate MyController as (for instance) javax.annotation.ManagedBean or as a javax.ejb.Stateless.
Also beware that in case of webapp (.war), the beans.xml file has to be located in the WEB-INF folder !
I am in a process of deploying ActiveMQ with custom Authentication and Authorization. I have a query regarding custom authorization map.
Question
I want to have the authorization entries read from database rather than activemq.xml. We don't want to write our authorization entries in activemq.xml file. I don't want to change the wildcard queue name hierarchies as provided in default authorization plugin.
What code components do I need to re-write ?
I have figured out the answer to my above question. I only need to interface my custom class so that I am able to load authorization entries from a source other than activemq.xml. And I can also re-load my authorization every 1 minute so that If a new role or authorization entry is made, it gets reloaded in to the system without restarting.
Solution Configurations
Create a class that interface AuthorizationMap.
In my case I extended my class from DefaultAuthorizationMap.java. I
want similar functionality and want to change only the input of authorization entries. My code reads roles from a database. Refer to section "Code-CustomAuthorizationMap" below.
Configure CustomAuthorizationMap class as bean in activemq.xml
<plugins>
<jaasAuthenticationPlugin configuration="activemq"/>
<authorizationPlugin>
<map>
<bean xmlns="" class="com.test.CustomAuthorizationMap"
</map>
</authorizationPlugin
</plugins>
Add lib to classpath
a. Create the jar file. Place it in "%ActiveMQ-Home%/lib" folder. E.g. custom-authorization.jar
b. Modify "%ActiveMQ-Home%/bin/activemq.bat".
**Replace**
set ACTIVEMQ_CLASSPATH=%ACTIVEMQ_CONF%;%ACTIVEMQ_BASE%/conf;%ACTIVEMQ_HOME%/conf;%ACTIVEMQ_CLASSPATH%;
**With**
set ACTIVEMQ_CLASSPATH=%ACTIVEMQ_CONF%;%ACTIVEMQ_BASE%/conf;%ACTIVEMQ_HOME%/conf;%ACTIVEMQ_CLASSPATH%;%ACTIVEMQ_HOME%/lib/custom-authorization.jar;
Code-CustomAuthorizationMap
package com.test.authorization.map;
import java.util.ArrayList;
import java.util.List;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTempQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.filter.DefaultDestinationMapEntry;
import org.apache.activemq.filter.DestinationMapEntry;
import org.apache.activemq.security.AuthorizationEntry;
import org.apache.activemq.security.DefaultAuthorizationMap;
public class SecGwAuthorizationMap extends DefaultAuthorizationMap {
public SecGwAuthorizationMap() throws Exception {
super();
List<DestinationMapEntry> authorizationEntries =
loadAuthorizationEntriesFromPropFiles();
// For information. After loading I populate
//authorization entries like below
// AuthorizationEntry entry = new AuthorizationEntry();
// entry.setTopic(">");
// entry.setAdmin("admins");
// entry.setRead("admins");
// entry.setWrite("admins");
// authorizationEntries.add(entry);
// entry = new AuthorizationEntry();
// entry.setQueue(">");
// entry.setAdmin("admins");
// entry.setRead("admins");
// entry.setWrite("admins");
// authorizationEntries.add(entry);
// entry= new AuthorizationEntry();
// entry.setTopic("ActiveMQ.Advisory.>");
// entry.setAdmin("gcabrokerusers,admins,users");
// entry.setRead("gcabrokerusers");
// entry.setWrite("gcabrokerusers");
// authorizationEntries.add(entry);
// entry = new AuthorizationEntry();
// entry.setQueue("gcaa.test.jms.>");
// entry.setAdmin("gcabrokerusers");
// entry.setRead("gcabrokerusers");
// entry.setWrite("gcabrokerusers");
// authorizationEntries.add(entry);
setAuthorizationEntries(authorizationEntries);
}
public SecGwAuthorizationMap(List<DestinationMapEntry>
authorizationEntries) {
super(authorizationEntries);
// TODO Auto-generated constructor stub
}
}
Note:- Below is a sample roles.properties files to tell how we are creating authorization roles.
roles.properties file
//commentedLine Destination Read-ACLs Write-ACLs AdminAcls Type
ActiveMQ.Advisory.>::admins,appUsr::admins,appusr::admins,appUsr::TOPIC
test.accounts.queue::appClientId::appClientId::admins::QUEUE
>::admins::admins::admins::QUEUE
>::admins::admins::admins::TOPIC
Glassfish4 is using Moxy to serialize REST responses into JSON. Does anybody know how to configure application to use Jackson instead of Moxy?
You need to register JacksonFeature in your application if you want to use Jackson as your JSON provider (by registering this feature your disable MOXy to be your JSON provider).
You can do it either in Application subclass:
public class MyApplication extends Application {
public Set<Class<?>> getClasses() {
final Set<Class<?>> classes = new HashSet<Class<?>>();
// Add root resources.
classes.add(HelloWorldResource.class);
// Add JacksonFeature.
classes.add(JacksonFeature.class);
return classes;
}
}
or in ResourceConfig:
final Application application = new ResourceConfig()
.packages("org.glassfish.jersey.examples.jackson")
.register(MyObjectMapperProvider.class) // No need to register this provider if no special configuration is required.
// Register JacksonFeature.
.register(JacksonFeature.class);
See Jackson section in Jersey Users Guide for more information.
Answer by Michal Gajdos is correct, just to add to that, add this dependency in your pom.xml ,
<dependency>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-json-jackson</artifactId>
<version>2.26</version>
</dependency>
I have a simple java class which displays "waiting" text on execution , in "TMSCore" java project.
package com.stock.bo;
public class example {
/**
* #param args
*/
public static void main(String[] args) {
// ApplicationContext context = new ClassPathXmlApplicationContext("applicationContext.xml");
System.out.println("================================> waiting");
}
}
I have created TMSCore.jar and have set this example.class as entry point ,of my jar file.
Then i have created a module for this project in C:\Jboss\jboss-as-7.1.1\modules\org\tms\main , and pasted the jar in the same path
then i have created module.xml and pasted in the same path
module.xml
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.tms">
<resources>
<resource-root path="TMSCore.jar"/>
</resources>
</module>
then i have created a jboss-deployment-structure.xml in my webproject/web-inf directory
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.tms"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
when i start the server with my war containing above jboss-deployment-structure.xml, in my console its showing deployed TMSCore.jar
but my "waiting" text in my jar is not displayed on console
my requirement is i should get "================================> waiting" on my console once jboss is started up
or else can any one can suggest how to make a jar to execute on starting jboss server?
BTW i am using JBOSS7.1
If I am right it's because JBoss doesn't execute a library, it only loads the classes contained in the jar file. So putting a main function and generating an executable jar will not help.
If your goal is to have an global module on the server, I suggest you these modifications:
Create the module (as you have already done)
Declare it as dependency in jboss-deployment-structure.xml (as you have already done)
Declare it as global module on the server, so it will be loaded only once by JBoss. Edit the configuration file standalone.xml and modify the section:
<subsystem xmlns="urn:jboss:domain:ee:1.0">
<global-modules>
<module name="org.tms" />
</global-modules>
</subsystem>
Now you have a module that have classes loaded only once. I you need to have only one instance of your Example class, the I suggest you to use an singleton:
public class Example {
// The only one instance
private static Example instance;
// Private constructor to avoid creation of other instances of this class
private Example()
{
System.out.println("================================> waiting");
}
public static Example getInstance()
{
if(instance == null)
{
instance = new Example();
}
return instance;
}
}
Then to use it in all projects on the server
Example ex = Example.getInstance();
will give you back the existing instance (or create one the first time).
Notice: I can't try, so no guarantee that that will work.
Edit: Maybe a small modification of the Example class can also make it run during the classes loading:
public class Example {
// The only one instance
private static Example instance = new Example();
// Private constructor to avoid creation of other instances of this class
private Example()
{
System.out.println("================================> waiting");
}
public static Example getInstance()
{
return instance;
}
}
Again: not tested.
You can't run a jar, but you can execute a startup method in a singleton.
#Startup
#Singleton
public class FooBean {
#PostConstruct
void atStartup() { ... }
#PreDestroy
void atShutdown() { ... }
}
This will happen at application start up and shutdown. I'd call the function you need from there.
See http://docs.oracle.com/javaee/6/tutorial/doc/gipvi.html
I want to validate a custom content type document(xml kind), with an custom validator. Want to validate it with a xsd, but only after certain preprocessing of main document.
Normal xml validator can't be used because-
1.) The schema location(xsd) & namespaces are not defined in the main document file.
2.) And bcz of first reason & many more, want to do some preprocessing to the document file, before applying xsd validation.
So I want to use the xml validator, but only after preprocessing of my file.
My plugin.xml is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<?eclipse version="3.4"?>
<plugin>
<extension
point="org.eclipse.core.runtime.contentTypes">
<content-type
id="com.xyz.ide.core.contentType.dummy"
base-type="org.eclipse.core.runtime.xml"
file-extensions="blabla"
/>
</extension>
<extension
point="org.eclipse.wst.sse.ui.sourcevalidation">
<validator
scope="total"
class="mc.CustomValidator"
id="com.xyz.myValidator">
<contentTypeIdentifier
id="com.xyz.ide.core.contentType.dummy">
<partitionType
id="org.eclipse.wst.xml.XML_DEFAULT">
</partitionType>
</contentTypeIdentifier>
</validator>
</extension>
</plugin>
CustomValidator.java
public class CustomValidator implements ISourceValidator, IValidator {
XMLValidator validator = new XMLValidator();
IDocument document;
public void validate(IValidationContext helper, IReporter reporter) {
String fileContent = this.document.get();
final InputStream is = new ByteArrayInputStream(fileContent.toLowerCase().getBytes());
// Whats the problem in this line???
XMLValidationReport report = validator.validate("/home/rchawla/xmlWorkspace/abc.xsd", is);
ValidationMessage[] messages = report.getValidationMessages();
for(ValidationMessage message:messages){
System.out.println(message.getMessage());
}
}
I can hit the validate method on running the plugin in debug mode, but
the document is not getting validated with the xsd.
What is wrong in the above method as,
ValidationMessage[] messages = report.getValidationMessages(); is giving zero messages, even though the there are errors in the main document file.
I also had a lot of trouble trying to make org.eclipse.wst.sse.ui.sourcevalidation extension point work. I ended up using another extension point org.eclipse.wst.validation.validatorV2. The only difference between the 2 validators is that this one is only triggered when you save a file, not while you are typing. See an example bellow :
<extension id="customValidator" name="Custom Validator" point="org.eclipse.wst.validation.validatorV2">
<validator class="aaa.bbb.CustomValidator" markerId="customMarker" version="3">
<include>
<rules>
<contentType id="customContentType" exactMatch="false"/>
</rules>
</include>
</validator>
</extension>
Your implementation of the validator should override org.eclipse.wst.validation.AbstractValidator.