experimentation

2025-10-24 00:09:27 +02:00 · 2025-10-24 00:09:27 +02:00 · 8c1d25133f
commit 8c1d25133f
parent cfb12cfc6e
6 changed files with 163 additions and 18 deletions
--- a/compose.yaml
+++ b/compose.yaml
@ -1,11 +1,12 @@
 services:
  keycloak:
-    image: quay.io/keycloak/keycloak:latest
+    image: quay.io/keycloak/keycloak:26.4.2
    pull_policy: always
    command: start-dev
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_LOG_LEVEL: info
    ports:
      - "8080:8080"
    volumes:
--- a/ssh-key-provider/pom.xml
+++ b/ssh-key-provider/pom.xml
@ -15,9 +15,9 @@
  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.source>17</maven.compiler.source>
-    <maven.compiler.target>1.7</maven.compiler.target>
+    <maven.compiler.target>17</maven.compiler.target>
-    <keycloak.version>26.4.0</keycloak.version>
+    <keycloak.version>26.4.2</keycloak.version>
  </properties>
  <dependencies>
@ -43,6 +43,11 @@
      <artifactId>keycloak-services</artifactId>
      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>com.google.auto.service</groupId>
      <artifactId>auto-service</artifactId>
      <version>1.1.1</version>
    </dependency>
  </dependencies>
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/App.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/App.java
@ -1,13 +0,0 @@
 package de.ccc.hamburg.keycloak;
 /**
 * Hello world!
 *
 */
 public class App 
 {
    public static void main( String[] args )
    {
        System.out.println( "Hello World!" );
    }
 }
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/AuthHelper.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/AuthHelper.java
@ -0,0 +1,52 @@
 package de.ccc.hamburg.keycloak;
 import jakarta.ws.rs.ForbiddenException;
 import jakarta.ws.rs.NotAuthorizedException;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.services.managers.AppAuthManager;
 import org.keycloak.services.managers.Auth;
 import org.keycloak.services.managers.AuthenticationManager;
 import java.util.function.Function;
 public class AuthHelper {
 	public static AuthenticationManager.AuthResult getAuthResult(KeycloakSession session, Function<AuthenticationManager.AuthResult, Boolean> authFn) {
 		AuthenticationManager.AuthResult auth = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
        System.err.println(auth.getToken().getIssuedFor());
 		if (auth == null) {
 			throw new NotAuthorizedException("Bearer");
 		} else if (!authFn.apply(auth)) {
 			throw new ForbiddenException();
 		}
 		return auth;
 	}
 	public static Auth getAuth(KeycloakSession session, Function<AuthenticationManager.AuthResult, Boolean> authFn) {
 		return getAuth(session, getAuthResult(session, authFn));
 	}
 	public static Auth getAuth(KeycloakSession session, String clientId, Function<AuthenticationManager.AuthResult, Boolean> authFn) {
 		return getAuth(session, getAuthResult(session, authFn), clientId);
 	}
 	public static Auth getAuth(KeycloakSession session, AuthenticationManager.AuthResult authResult) {
 		return getAuth(session, authResult, null);
 	}
 	public static Auth getAuth(KeycloakSession session, AuthenticationManager.AuthResult authResult, String clientId) {
 		RealmModel realm = session.getContext().getRealm();
 		ClientModel client;
 		if (clientId == null) {
 			client = authResult.getClient();
 		} else {
 			client = realm.getClientByClientId(clientId);
 		}
 		return new Auth(realm, authResult.getToken(), authResult.getUser(), client, authResult.getSession(), false);
 	}
 }
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProvider.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProvider.java
@ -0,0 +1,60 @@
 package de.ccc.hamburg.keycloak;
 import java.util.Map;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.MediaType;
 import org.eclipse.microprofile.openapi.annotations.Operation;
 import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
 import org.eclipse.microprofile.openapi.annotations.media.Content;
 import org.eclipse.microprofile.openapi.annotations.media.Schema;
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.services.managers.Auth;
 import org.keycloak.services.resource.RealmResourceProvider;
 public class SSHKeyResourceProvider implements RealmResourceProvider {
    private final KeycloakSession session;
    public SSHKeyResourceProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }
    @Override
    public Object getResource() {
        return this;
    }
    @Override
    public void close() {
    }
    @GET
    @Path("hello")
    @Produces(MediaType.APPLICATION_JSON)
    @Operation(summary = "Public hello endpoint", description = "This endpoint returns hello and the name of the requested realm.")
    @APIResponse(responseCode = "200", description = "", content = {
            @Content(schema = @Schema(implementation = Response.class, type = SchemaType.OBJECT)) })
    public Response helloAnonymous() {
        return Response.ok(Map.of("hello", session.getContext().getRealm().getName())).build();
    }
    @GET
    @Path("hello-auth")
    @Produces(MediaType.APPLICATION_JSON)
    public Response helloAuthenticated() {
        try {
            Auth auth = AuthHelper.getAuth(session,
                    authResult -> authResult.getToken().getIssuedFor().equals("admin-cli"));
            return Response.ok(Map.of("hello", auth.getUser().getUsername())).build();
        } catch (Exception e) {
            System.err.println(e);
            return Response.status(401, e.getMessage()).build();
        }
    }
 }
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProviderFactory.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProviderFactory.java
@ -0,0 +1,40 @@
 package de.ccc.hamburg.keycloak;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.services.resource.RealmResourceProvider;
 import org.keycloak.services.resource.RealmResourceProviderFactory;
 import org.keycloak.Config.Scope;
 import com.google.auto.service.AutoService;
 import org.keycloak.Config;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.services.resource.RealmResourceProvider;
 import org.keycloak.services.resource.RealmResourceProviderFactory;
@AutoService(RealmResourceProviderFactory.class)
 public class SSHKeyResourceProviderFactory implements RealmResourceProviderFactory {
    static final String PROVIDER_ID = "ssh-key-provider";
    @Override
 	public RealmResourceProvider create(KeycloakSession keycloakSession) {
 		return new SSHKeyResourceProvider(keycloakSession);
 	}
 	@Override
 	public void init(Config.Scope scope) {
 	}
 	@Override
 	public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
 	}
 	@Override
 	public void close() {
 	}
 	@Override
 	public String getId() {
 		return PROVIDER_ID;
 	}
 }