Can keycloak JavaScript based policy calls remote REST API? - authorization

Can I call remote REST API from keycloak's JavaScript based policy? I need this because the current version of keycloak does not support custom attributes for resources according to this answer. Thus I created a special server that contains all required metadata for making decisions about granting access to resources.

1.You can make jar and copy it into modules dir. Make it like other modules, create module.xml
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.5" name="io.geewit.keycloak.provider">
<resources>
<resource-root path="keycloak-mock-module-1.0.0.jar"/>
</resources>
<dependencies>
<module name="sun.jdk"/>
<module name="sun.scripting"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
</dependencies>
</module>
2.You edit the "keycloak-services" module.xml
<dependencies>
<module name="sun.scripting"/>
<module name="io.geewit.keycloak.provider"/>
</dependencies>

Related

Can't register AWS-SDK on Jboss modules correctly

I found the dependency aws-java-sdk was being compiled on a legacy code, having as result a very heavy EAR.
I declared this dependency as provided and wanted to put it as part of the Jboss modules, but no matter where I put it, I'm still having the ClassNotFound issue.
Here is my module.xml:
<module xmlns="urn:jboss:module:1.1" name="com.amazonaws">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="aws-java-sdk-1.11.584.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.xml.stream.api"/>
<module name="javax.xml.bind.api"/>
<module name="com.fasterxml.jackson"/>
<module name="org.joda.time"/>
</dependencies>
</module>
And the error:
Caused by: java.lang.NoClassDefFoundError: com/amazonaws/auth/AWSCredentials
The problem was on the JAR file, needed sdk-core. Check your JARs always.

Axis1 on Wildlfy

Trying to deploy a war on Wildfly 10.0.0. Final standalone got the following error :
java.lang.LinkageError: loader constraint violation: when resolving method "org.apache.axis.description.TypeDesc.setXmlType(Ljavax/xml/namespace/QName;)V"
the class loader (instance of org/jboss/modules/ModuleClassLoader) of the current class, mypackage/MyClass,
and the class loader (instance of org/jboss/modules/ModuleClassLoader) for the method's defining class, org/apache/axis/description/TypeDesc,
have different Class objects for the type javax/xml/namespace/QName used in the signature
wildfly-10.0.0.Final\modules\org\apache\axis\jaxrpc\main\axis-jaxrpc-1.4.jar\javax\xml\namespace\QName.class major version: 47jdk1.8.0_60\jre\lib\rt.jar\javax\xml\namespace\QName.class major version: 52
I have read the Class Loading in WildFly but have no idea what the proper "specific order" is:
A common source of errors in Java applications is including API
classes in a deployment that are also provided by the container. This
can result in multiple versions of the class being created and the
deployment failing to deploy properly. To prevent this in WildFly,
module dependencies are added in a specific order that should prevent
this situation from occurring.
jboss-deployment-structure.xml contains:
<module name="org.apache.axis.axis" />
pom.xml contains:
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
<scope>provided</scope>
</dependency>
wildfly-10.0.0.Final\modules\org\apache\axis\axis\main\module.xml:
<module xmlns="urn:jboss:module:1.1" name="org.apache.axis.axis">
<resources>
<resource-root path="axis-1.4.jar"/>
</resources>
<dependencies>
<module name="org.apache.axis.jaxrpc"/>
<module name="org.apache.axis.saaj"/>
<module name="org.apache.axis.wsdl4j"/>
<module name="org.apache.commons.discovery"/>
<module name="org.apache.commons.logging"/>
<module name="javax.activation.api"/>
<module name="javax.api"/>
<module name="javax.mail.api"/>
<module name="javax.servlet.api"/>
</dependencies>
</module>
wildfly-10.0.0.Final\modules\org\apache\axis\jaxrpc\main\module.xml:
<module xmlns="urn:jboss:module:1.1" name="org.apache.axis.jaxrpc">
<resources>
<resource-root path="axis-jaxrpc-1.4.jar"/>
</resources>
</module>
Using Local Resource instead of User Dependencies solved the problem.
From jboss-deployment-structure.xml removed:
<module name="org.apache.axis.axis" />
pom.xml (no provided scope anymore):
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-jaxrpc</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-saaj</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
<version>1.5.1</version>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
</dependency>

How is possible to exclude all automatic dependencies from being added in JBoss 7?

I want to exclude all automatic dependencies in JBoss 7.
Was not able to find the answer here:
https://docs.jboss.org/author/display/AS7/Class+Loading+in+AS7
Added
Automatic (implicit) dependencies are described here:
https://docs.jboss.org/author/display/AS7/Implicit+module+dependencies+for+deployments
Now I need to do it explicitly. See below.
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.jboss.as.jmx"/>
</dependencies>
<exclusions>
<module name="javaee.api" />
<module name="javax.xml.bind.api" />
<module name="javax.persistence.api" />
...
</exclusions>
</deployment>
</jboss-deployment-structure>
Question if I can do it using simple configuration like:
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.jboss.as.jmx"/>
</dependencies>
<exclusions>
<subsystem name="implicit" />
</exclusions>
</deployment>
</jboss-deployment-structure>
I don't think you can. However, it wouldn't make sense anyway, as for example JDK is part of those implicit dependencies - you really don't want to deploy the entire JDK with your application, now, do you?
Create a set of implicit dependencies that you don't want and put them into jboss-deployment-structure like you have done.

Jboss AS7 - How to create module.xml for external libraries?

I have multiple .ear projects which use multiple libraries. So I need to make those as common and add those in the module. So Is there any easy way to create module.xml as I need to create module.xml for each library?
Also do I need to define the dependency for each library in module.xml?
Please let me know if there is any easy way to handle this?
No need to create 'module.xml' for each library.
Create a single module and put all libraries there and mention it in resource-root. Also mention any module dependencies (if no, ignore it).
Example module.xml
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.test.myownresteasy">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="activation-1.1.jar"/>
<resource-root path="httpcore-4.1.2.jar"/>
<resource-root path="jettison-1.3.1.jar"/>
<resource-root path="resteasy-jaxrs-2.3.2.Final.jar"/>
<resource-root path="scannotation-1.0.3.jar"/>
<resource-root path="httpclient-4.1.2.jar"/>
<resource-root path="jaxrs-api-2.3.2.Final.jar"/>
<resource-root path="jul-to-slf4j-stub-1.0.0.Final.jar"/>
<resource-root path="resteasy-jaxb-provider-2.3.2.Final.jar"/>
<resource-root path="resteasy-jettison-provider-2.3.2.Final.jar"/>
</resources>
<dependencies>
<!-- Insert dependencies here -->
</dependencies>
</module>
Copy your modules to '$JBOSS/modules' directory which makes it as global module.
Refer:
How can I use the external jars on JBoss 7?

JBoss 7.1.1 Final Jasperreports 4.0.2 as a module

I am trying this new class loading feature of JB7, witch sounds pretty good and i want to implement in a new project, but i am kinda stuck at this point... this is what i got:
<module xmlns="urn:jboss:module:1.1" name="net.sourceforge.jasperreports">
<resources>
<resource-root path="commons-javaflow-20060411.jar"/>
<resource-root path="iText-2.1.0.jar"/>
<resource-root path="jasperreports-4.0.2.jar"/>
<resource-root path="jcommon-1.0.15.jar"/>
<resource-root path="jfreechart-1.0.14.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.apache.commons.beanutils"/>
<module name="org.apache.commons.collection"/>
<module name="org.apache.commons.digester" slot="1.7"/>
<module name="org.apache.commons.logging"/>
</dependencies>
</module>
Without the <module name="org.apache.commons.logging"/> dependency, the trace stack was showing an error of it being missing, even when this particular jar is already being deployed with the application by default, so i took out the jar from the app java libs folder and made a module for it, now my application hangs when the module net.sourceforge.jasperreports is needed, is there something am i missing?
This is the JBoss-deployment-structure if needed:
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.apache.commons.collections"/>
<module name="org.apache.commons.logging"/>
<module name="net.sourceforge.jasperreports"/>
<module name="org.apache.log4j"/>
</dependencies>
<resources>
<resource-root path="."/>
</resources>
</deployment>
</jboss-deployment-structure>
Its a Java EE project deploying as a war.
I have <module name="org.apache.commons.collection"/>
And sould be <module name="org.apache.commons.collections"/>
And that was it... "-.-
Its weird because, when a module in Jboss sctructure fails to load, the war deployment fails and shows an error in the console, in this case it should be something about "org.apache.commons.collection not found" but somehow, my app was running normally, and any jasper report sevlet used was hanging eternally because of this missing module dependency.
Edit: Jboss doesn't show any error when a dependency is missing, it just hangs in that line. But it does show an error when a module fails to load resources.