use of org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityConstraint in project indy by Commonjava.
the class KeycloakDeploymentProvider method getDeploymentInfo.
@Override
public DeploymentInfo getDeploymentInfo() {
logger.debug("Keycloak deployment provider triggered.");
final DeploymentInfo di = new DeploymentInfo();
if (config.isEnabled()) {
di.addAuthenticationMechanism(BASIC_LOGIN_MECHANISM, new ImmediateAuthenticationMechanismFactory(basicAuthInjector));
logger.debug("Adding keycloak security constraints");
final SecurityConstraint ui = new SecurityConstraint();
ui.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
final WebResourceCollection uiCollection = new WebResourceCollection();
uiCollection.addUrlPatterns(UIServlet.PATHS);
uiCollection.addHttpMethods(UIServlet.METHODS);
ui.addWebResourceCollection(uiCollection);
di.addSecurityConstraint(ui);
for (final KeycloakSecurityConstraint constraint : bindings.getConstraints()) {
final SecurityConstraint sc = new SecurityConstraint();
sc.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
final WebResourceCollection collection = new WebResourceCollection();
collection.addUrlPattern(constraint.getUrlPattern());
logger.debug("new constraint>>> URL pattern: {}", constraint.getUrlPattern());
if (constraint.getMethods() != null) {
logger.debug("methods: {}", constraint.getMethods());
collection.addHttpMethods(constraint.getMethods());
}
sc.addWebResourceCollection(collection);
if (constraint.getRole() != null) {
logger.debug("role: {}", constraint.getRole());
sc.addRoleAllowed(constraint.getRole());
}
logger.debug("Keycloak Security Constraint: {}", sc);
di.addSecurityConstraint(sc);
}
logger.debug("Using keycloak.json: {} (exists? {})", config.getKeycloakJson(), new File(config.getKeycloakJson()).exists());
di.addInitParameter(KEYCLOAK_CONFIG_FILE_PARAM, config.getKeycloakJson());
logger.debug("login realm: {}", config.getRealm());
final LoginConfig loginConfig = new LoginConfig(KEYCLOAK_LOGIN_MECHANISM, config.getRealm());
loginConfig.addFirstAuthMethod(BASIC_LOGIN_MECHANISM);
di.setLoginConfig(loginConfig);
}
return di;
}
Aggregations