Skip to content

Commit

Permalink
Merge pull request #37206 from barreiro/keycloak-tls
Browse files Browse the repository at this point in the history
recognize quarkus.tls.trust-all property by keycloak-admin-client extension
  • Loading branch information
sberyozkin authored Nov 20, 2023
2 parents ce8cb65 + 6e414c2 commit 3326e64
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import io.quarkus.keycloak.admin.client.common.KeycloakAdminClientInjectionEnabled;
import io.quarkus.keycloak.admin.client.reactive.runtime.ResteasyReactiveClientProvider;
import io.quarkus.keycloak.admin.client.reactive.runtime.ResteasyReactiveKeycloakAdminClientRecorder;
import io.quarkus.runtime.TlsConfig;

public class KeycloakAdminClientReactiveProcessor {

Expand Down Expand Up @@ -53,8 +54,8 @@ public void nativeImage(BuildProducer<ServiceProviderBuildItem> serviceProviderP
@Record(ExecutionTime.STATIC_INIT)
@Produce(ServiceStartBuildItem.class)
@BuildStep
public void integrate(ResteasyReactiveKeycloakAdminClientRecorder recorder) {
recorder.setClientProvider();
public void integrate(ResteasyReactiveKeycloakAdminClientRecorder recorder, TlsConfig tlsConfig) {
recorder.setClientProvider(tlsConfig.trustAll);
}

@Record(ExecutionTime.RUNTIME_INIT)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,15 @@ public class ResteasyReactiveClientProvider implements ResteasyClientProvider {
private static final List<String> HANDLED_MEDIA_TYPES = List.of(MediaType.APPLICATION_JSON);
private static final int PROVIDER_PRIORITY = Priorities.USER + 100; // ensures that it will be used first

private final boolean tlsTrustAll;

public ResteasyReactiveClientProvider(boolean tlsTrustAll) {
this.tlsTrustAll = tlsTrustAll;
}

@Override
public Client newRestEasyClient(Object messageHandler, SSLContext sslContext, boolean disableTrustManager) {
ClientBuilderImpl clientBuilder = new ClientBuilderImpl().trustAll(disableTrustManager);
ClientBuilderImpl clientBuilder = new ClientBuilderImpl().trustAll(tlsTrustAll || disableTrustManager);
return registerJacksonProviders(clientBuilder).build();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ public ResteasyReactiveKeycloakAdminClientRecorder(
this.keycloakAdminClientConfigRuntimeValue = keycloakAdminClientConfigRuntimeValue;
}

public void setClientProvider() {
Keycloak.setClientProvider(new ResteasyReactiveClientProvider());
public void setClientProvider(boolean tlsTrustAll) {
Keycloak.setClientProvider(new ResteasyReactiveClientProvider(tlsTrustAll));
}

public Supplier<Keycloak> createAdminClient() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import io.quarkus.keycloak.admin.client.common.AutoCloseableDestroyer;
import io.quarkus.keycloak.admin.client.common.KeycloakAdminClientInjectionEnabled;
import io.quarkus.keycloak.adminclient.ResteasyKeycloakAdminClientRecorder;
import io.quarkus.runtime.TlsConfig;

public class KeycloakAdminClientProcessor {

Expand All @@ -48,8 +49,8 @@ ReflectiveClassBuildItem reflect() {
@Record(ExecutionTime.STATIC_INIT)
@Produce(ServiceStartBuildItem.class)
@BuildStep
public void integrate(ResteasyKeycloakAdminClientRecorder recorder) {
recorder.setClientProvider();
public void integrate(ResteasyKeycloakAdminClientRecorder recorder, TlsConfig tlsConfig) {
recorder.setClientProvider(tlsConfig.trustAll);
}

@Record(ExecutionTime.RUNTIME_INIT)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,13 @@ public Keycloak get() {
};
}

public void setClientProvider() {
public void setClientProvider(boolean tlsTrustAll) {
Keycloak.setClientProvider(new ResteasyClientClassicProvider() {
@Override
public Client newRestEasyClient(Object customJacksonProvider, SSLContext sslContext, boolean disableTrustManager) {
// point here is to use default Quarkus providers rather than org.keycloak.admin.client.JacksonProvider
// as it doesn't work properly in native mode
return ClientBuilderWrapper.create(sslContext, disableTrustManager).build();
return ClientBuilderWrapper.create(sslContext, tlsTrustAll || disableTrustManager).build();
}
});
}
Expand Down

0 comments on commit 3326e64

Please sign in to comment.