From 87d7b59047bcb75a8b8e1b18139a99cfc293f07d Mon Sep 17 00:00:00 2001 From: David Festal Date: Wed, 23 Aug 2017 15:20:19 +0200 Subject: [PATCH 1/9] Fix some incorrect environment variables Signed-off-by: David Festal --- dockerfiles/init/manifests/che.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dockerfiles/init/manifests/che.env b/dockerfiles/init/manifests/che.env index 6dab4bcb13..8de51b911f 100644 --- a/dockerfiles/init/manifests/che.env +++ b/dockerfiles/init/manifests/che.env @@ -468,11 +468,11 @@ CHE_SINGLE_PORT=false # CHE_KEYCLOAK_OSO_ENDPOINT=NULL -CHE_KEYCLOAK_GITHUB.ENDPOINT=NULL -CHE_KEYCLOAK_AUTH-SERVER-URL=http://172.17.0.1:5050/auth +CHE_KEYCLOAK_GITHUB_ENDPOINT=NULL +CHE_KEYCLOAK_AUTH__SERVER__URL=http://172.17.0.1:5050/auth CHE_KEYCLOAK_REALM=che -CHE_KEYCLOAK_CLIENT-ID=che-public +CHE_KEYCLOAK_CLIENT__ID=che-public CHE_KEYCLOAK_PRIVATE_REALM=che -CHE_KEYCLOAK_PRIVATE_CLIENT-ID=che -CHE_KEYCLOAK_PRIVATE_CLIENT-SECRET=2c1b2621-d251-4701-82c4-a7dd447faa97 +CHE_KEYCLOAK_PRIVATE_CLIENT__ID=che +CHE_KEYCLOAK_PRIVATE_CLIENT__SECRET=2c1b2621-d251-4701-82c4-a7dd447faa97 From 8d17bd8cf6990f8b0a3cd2c27ae9755ad93d4c5b Mon Sep 17 00:00:00 2001 From: David Festal Date: Fri, 25 Aug 2017 17:55:41 +0200 Subject: [PATCH 2/9] Fix invalid property names Signed-off-by: David Festal --- .../src/main/patches/src/app/index.module.ts.patch | 6 +++--- .../eclipse/che/keycloak/shared/KeycloakConstants.java | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/assembly-multiuser/dashboard/src/main/patches/src/app/index.module.ts.patch b/assembly-multiuser/dashboard/src/main/patches/src/app/index.module.ts.patch index 54d85ddcff..6fbc4a5bc1 100644 --- a/assembly-multiuser/dashboard/src/main/patches/src/app/index.module.ts.patch +++ b/assembly-multiuser/dashboard/src/main/patches/src/app/index.module.ts.patch @@ -8,9 +8,9 @@ + +function buildKeycloakConfig(keycloakSettings) { + return { -+ url: keycloakSettings['che.keycloak.auth-server-url'], ++ url: keycloakSettings['che.keycloak.auth_server_url'], + realm: keycloakSettings['che.keycloak.realm'], -+ clientId: keycloakSettings['che.keycloak.client-id'] ++ clientId: keycloakSettings['che.keycloak.client_id'] + }; +} + @@ -30,7 +30,7 @@ + new Promise((resolve, reject) => { + const script = document.createElement('script'); + script.async = true; -+ script.src = keycloakSettings['che.keycloak.auth-server-url'] + '/js/keycloak.js'; ++ script.src = keycloakSettings['che.keycloak.auth_server_url'] + '/js/keycloak.js'; + script.addEventListener('load', resolve); + script.addEventListener('error', () => reject('Error loading script.')); + script.addEventListener('abort', () => reject('Script loading aborted.')); diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-shared/src/main/java/org/eclipse/che/keycloak/shared/KeycloakConstants.java b/plugins/plugin-keycloak/che-plugin-keycloak-shared/src/main/java/org/eclipse/che/keycloak/shared/KeycloakConstants.java index 7ccdb79cfa..ef0e82916d 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-shared/src/main/java/org/eclipse/che/keycloak/shared/KeycloakConstants.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-shared/src/main/java/org/eclipse/che/keycloak/shared/KeycloakConstants.java @@ -17,18 +17,18 @@ public class KeycloakConstants { private static final String PRIVATE_PREFIX = "private."; private static final String KEYCLOAK_SETTINGS_ENDPOINT_PATH = "/keycloak/settings"; - public static final String AUTH_SERVER_URL_SETTING = KEYCLOAK_SETTING_PREFIX + "auth-server-url"; + public static final String AUTH_SERVER_URL_SETTING = KEYCLOAK_SETTING_PREFIX + "auth_server_url"; public static final String REALM_SETTING = KEYCLOAK_SETTING_PREFIX + "realm"; - public static final String CLIENT_ID_SETTING = KEYCLOAK_SETTING_PREFIX + "client-id"; + public static final String CLIENT_ID_SETTING = KEYCLOAK_SETTING_PREFIX + "client_id"; public static final String REWRITE_RULE_SETTING = - KEYCLOAK_SETTING_PREFIX + "redirect-rewrite-rules"; + KEYCLOAK_SETTING_PREFIX + "redirect_rewrite_rules"; public static final String PRIVATE_REALM_SETTING = KEYCLOAK_SETTING_PREFIX + PRIVATE_PREFIX + "realm"; public static final String PRIVATE_CLIENT_ID_SETTING = - KEYCLOAK_SETTING_PREFIX + PRIVATE_PREFIX + "client-id"; + KEYCLOAK_SETTING_PREFIX + PRIVATE_PREFIX + "client_id"; public static final String PRIVATE_CLIENT_SECRET_SETTING = - KEYCLOAK_SETTING_PREFIX + PRIVATE_PREFIX + "client-secret"; + KEYCLOAK_SETTING_PREFIX + PRIVATE_PREFIX + "client_secret"; public static final String OSO_ENDPOINT_SETTING = KEYCLOAK_SETTING_PREFIX + "oso.endpoint"; public static final String PROFILE_ENDPOINT_SETTING = From 34244dd3887d39cd598963b0f75bab2bb1ec6df0 Mon Sep 17 00:00:00 2001 From: David Festal Date: Fri, 25 Aug 2017 17:57:53 +0200 Subject: [PATCH 3/9] Add filtering rules for health checks and icons ... ... and factorize some code Signed-off-by: David Festal --- .../server/AbstractKeycloakFilter.java | 20 ++++++ .../server/KeycloakAuthenticationFilter.java | 67 +++++++++---------- ...eycloakEnvironmentInitalizationFilter.java | 12 +--- .../server/deploy/KeycloakServletModule.java | 6 +- 4 files changed, 55 insertions(+), 50 deletions(-) create mode 100644 plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java new file mode 100644 index 0000000000..09cbe44a26 --- /dev/null +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java @@ -0,0 +1,20 @@ +package org.eclipse.che.keycloak.server; + +import javax.servlet.Filter; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; + +public abstract class AbstractKeycloakFilter implements Filter { + + protected boolean shouldSkipAuthentication(HttpServletRequest request, String token) { + return request.getScheme().startsWith("ws") + || (token != null && token.startsWith("machine")); + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException {} + + @Override + public void destroy() {} +} diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java index 21ce5a0ed4..db404b47d7 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java @@ -29,9 +29,7 @@ import java.util.Base64; import java.util.Map; import javax.inject.Inject; import javax.inject.Named; -import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -42,7 +40,7 @@ import org.eclipse.che.keycloak.shared.KeycloakConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class KeycloakAuthenticationFilter implements Filter { +public class KeycloakAuthenticationFilter extends AbstractKeycloakFilter { private static final Logger LOG = LoggerFactory.getLogger(KeycloakAuthenticationFilter.class); @@ -61,54 +59,52 @@ public class KeycloakAuthenticationFilter implements Filter { this.tokenExtractor = tokenExtractor; } - @Override - public void init(FilterConfig filterConfig) throws ServletException {} - @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; + final String token = tokenExtractor.getToken(request); - if (request.getScheme().startsWith("ws") || (token != null && token.startsWith("machine"))) { + if (shouldSkipAuthentication(request, token)) { chain.doFilter(req, res); return; - } else { - final String requestURI = request.getRequestURI(); - if (token == null) { - LOG.debug("No 'Authorization' header for {}", requestURI); - send403(res); - return; - } + } - Jws jwt; + final String requestURI = request.getRequestURI(); + if (token == null) { + LOG.debug("No 'Authorization' header for {}", requestURI); + send403(res); + return; + } + + Jws jwt; + try { + jwt = Jwts.parser().setSigningKey(getJwtPublicKey(false)).parseClaimsJws(token); + LOG.debug("JWT = " + jwt.toString()); + //OK, we can trust this JWT + } catch (SignatureException + | NoSuchAlgorithmException + | InvalidKeySpecException + | IllegalArgumentException e) { + //don't trust the JWT! + LOG.error("Failed verifying the JWT token", e); try { - jwt = Jwts.parser().setSigningKey(getJwtPublicKey(false)).parseClaimsJws(token); + LOG.info("Retrying after updating the public key", e); + jwt = Jwts.parser().setSigningKey(getJwtPublicKey(true)).parseClaimsJws(token); LOG.debug("JWT = " + jwt.toString()); //OK, we can trust this JWT } catch (SignatureException | NoSuchAlgorithmException | InvalidKeySpecException - | IllegalArgumentException e) { + | IllegalArgumentException ee) { //don't trust the JWT! - LOG.error("Failed verifying the JWT token", e); - try { - LOG.info("Retrying after updating the public key", e); - jwt = Jwts.parser().setSigningKey(getJwtPublicKey(true)).parseClaimsJws(token); - LOG.debug("JWT = " + jwt.toString()); - //OK, we can trust this JWT - } catch (SignatureException - | NoSuchAlgorithmException - | InvalidKeySpecException - | IllegalArgumentException ee) { - //don't trust the JWT! - LOG.error("Failed verifying the JWT token after public key update", e); - send403(res); - return; - } + LOG.error("Failed verifying the JWT token after public key update", e); + send403(res); + return; } - request.setAttribute("token", jwt); - chain.doFilter(req, res); } + request.setAttribute("token", jwt); + chain.doFilter(req, res); } private synchronized PublicKey getJwtPublicKey(boolean reset) @@ -146,7 +142,4 @@ public class KeycloakAuthenticationFilter implements Filter { HttpServletResponse response = (HttpServletResponse) res; response.sendError(403); } - - @Override - public void destroy() {} } diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakEnvironmentInitalizationFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakEnvironmentInitalizationFilter.java index 616c7dd2f2..086bccd116 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakEnvironmentInitalizationFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakEnvironmentInitalizationFilter.java @@ -18,9 +18,7 @@ import java.io.IOException; import java.security.Principal; import javax.inject.Inject; import javax.inject.Singleton; -import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -47,7 +45,7 @@ import org.eclipse.che.commons.subject.SubjectImpl; * @author Max Shaposhnik (mshaposhnik@redhat.com) */ @Singleton -public class KeycloakEnvironmentInitalizationFilter implements Filter { +public class KeycloakEnvironmentInitalizationFilter extends AbstractKeycloakFilter { private final UserManager userManager; private final AccountManager accountManager; @@ -63,16 +61,13 @@ public class KeycloakEnvironmentInitalizationFilter implements Filter { this.tokenExtractor = tokenExtractor; } - @Override - public void init(FilterConfig filterConfig) throws ServletException {} - @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) request; final String token = tokenExtractor.getToken(httpRequest); - if (request.getScheme().startsWith("ws") || (token != null && token.startsWith("machine"))) { + if (shouldSkipAuthentication(httpRequest, token)) { filterChain.doFilter(request, response); return; } @@ -153,7 +148,4 @@ public class KeycloakEnvironmentInitalizationFilter implements Filter { } }; } - - @Override - public void destroy() {} } diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java index 2348669aa2..afb4aa70e4 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java @@ -20,10 +20,10 @@ public class KeycloakServletModule extends ServletModule { protected void configureServlets() { bind(KeycloakAuthenticationFilter.class).in(Singleton.class); - // Not contains '/websocket', /docs/ (for swagger) and not ends with '/ws' or '/eventbus' or '/settings/' - filterRegex("^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?)$).*") + // Not contains '/websocket', /docs/ (for swagger) and not ends with '/ws' or '/eventbus' or '/settings/' or '/api/system/state' or '/api/stack/[^/]+/icon/' + filterRegex("^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?|/api/system/state/?|/api/stack/[^/]+/icon/?)$).*") .through(KeycloakAuthenticationFilter.class); - filterRegex("^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?)$).*") + filterRegex("^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?|/api/system/state/?|/api/stack/[^/]+/icon/?)$).*") .through(KeycloakEnvironmentInitalizationFilter.class); } } From a196b585b77deb1454c24a58836968fdc0a81ac5 Mon Sep 17 00:00:00 2001 From: David Festal Date: Fri, 25 Aug 2017 17:59:06 +0200 Subject: [PATCH 4/9] Format code Signed-off-by: David Festal --- .../che/keycloak/server/AbstractKeycloakFilter.java | 7 +++---- .../che/keycloak/server/deploy/KeycloakServletModule.java | 6 ++++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java index 09cbe44a26..acf0f18fe7 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java @@ -8,13 +8,12 @@ import javax.servlet.http.HttpServletRequest; public abstract class AbstractKeycloakFilter implements Filter { protected boolean shouldSkipAuthentication(HttpServletRequest request, String token) { - return request.getScheme().startsWith("ws") - || (token != null && token.startsWith("machine")); + return request.getScheme().startsWith("ws") || (token != null && token.startsWith("machine")); } - + @Override public void init(FilterConfig filterConfig) throws ServletException {} - + @Override public void destroy() {} } diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java index afb4aa70e4..656abf61b2 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/deploy/KeycloakServletModule.java @@ -21,9 +21,11 @@ public class KeycloakServletModule extends ServletModule { bind(KeycloakAuthenticationFilter.class).in(Singleton.class); // Not contains '/websocket', /docs/ (for swagger) and not ends with '/ws' or '/eventbus' or '/settings/' or '/api/system/state' or '/api/stack/[^/]+/icon/' - filterRegex("^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?|/api/system/state/?|/api/stack/[^/]+/icon/?)$).*") + filterRegex( + "^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?|/api/system/state/?|/api/stack/[^/]+/icon/?)$).*") .through(KeycloakAuthenticationFilter.class); - filterRegex("^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?|/api/system/state/?|/api/stack/[^/]+/icon/?)$).*") + filterRegex( + "^(?!.*(/websocket/?|/docs/))(?!.*(/ws/?|/eventbus/?|/settings/?|/api/system/state/?|/api/stack/[^/]+/icon/?)$).*") .through(KeycloakEnvironmentInitalizationFilter.class); } } From 84fc282b00ddb20c2bd28d64f68840f6c2b8117f Mon Sep 17 00:00:00 2001 From: David Festal Date: Thu, 31 Aug 2017 14:08:58 +0200 Subject: [PATCH 5/9] Make it a singleton Signed-off-by: David Festal --- .../che/keycloak/server/KeycloakAuthenticationFilter.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java index db404b47d7..8f7bcfc771 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java @@ -29,6 +29,7 @@ import java.util.Base64; import java.util.Map; import javax.inject.Inject; import javax.inject.Named; +import javax.inject.Singleton; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; @@ -40,6 +41,7 @@ import org.eclipse.che.keycloak.shared.KeycloakConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +@Singleton public class KeycloakAuthenticationFilter extends AbstractKeycloakFilter { private static final Logger LOG = LoggerFactory.getLogger(KeycloakAuthenticationFilter.class); From af9a04ab0bd927dd35ca1a7b7e42a0b636d44a34 Mon Sep 17 00:00:00 2001 From: David Festal Date: Thu, 31 Aug 2017 14:13:31 +0200 Subject: [PATCH 6/9] Add Javadoc Signed-off-by: David Festal --- .../che/keycloak/server/AbstractKeycloakFilter.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java index acf0f18fe7..41b48443cd 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java @@ -5,6 +5,13 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; +/** + * Base abstract class for the Keycloak-related servlet filters. + * + * In particular it defines commnon use-cases when the + * authentication / multi-user logic should be skipped + * + */ public abstract class AbstractKeycloakFilter implements Filter { protected boolean shouldSkipAuthentication(HttpServletRequest request, String token) { From d06a8f5bb84c9312e81df2233794e1c32128b2f8 Mon Sep 17 00:00:00 2001 From: David Festal Date: Fri, 1 Sep 2017 18:24:13 +0200 Subject: [PATCH 7/9] Add missing license copyright Signed-off-by: David Festal --- .../che/keycloak/server/AbstractKeycloakFilter.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java index 41b48443cd..8afb9c0510 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java @@ -1,3 +1,13 @@ +/* + * Copyright (c) 2012-2017 Red Hat, Inc. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Red Hat, Inc. - initial API and implementation + */ package org.eclipse.che.keycloak.server; import javax.servlet.Filter; From f342bafac1cafad55756ad739921188c4b344e8b Mon Sep 17 00:00:00 2001 From: David Festal Date: Fri, 1 Sep 2017 18:25:55 +0200 Subject: [PATCH 8/9] Fix log calls with toString() Signed-off-by: David Festal --- .../che/keycloak/server/KeycloakAuthenticationFilter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java index 8f7bcfc771..ede6a2466c 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/KeycloakAuthenticationFilter.java @@ -82,7 +82,7 @@ public class KeycloakAuthenticationFilter extends AbstractKeycloakFilter { Jws jwt; try { jwt = Jwts.parser().setSigningKey(getJwtPublicKey(false)).parseClaimsJws(token); - LOG.debug("JWT = " + jwt.toString()); + LOG.debug("JWT = ", jwt); //OK, we can trust this JWT } catch (SignatureException | NoSuchAlgorithmException @@ -93,7 +93,7 @@ public class KeycloakAuthenticationFilter extends AbstractKeycloakFilter { try { LOG.info("Retrying after updating the public key", e); jwt = Jwts.parser().setSigningKey(getJwtPublicKey(true)).parseClaimsJws(token); - LOG.debug("JWT = " + jwt.toString()); + LOG.debug("JWT = ", jwt); //OK, we can trust this JWT } catch (SignatureException | NoSuchAlgorithmException From 261de9f5b8a732ee695a5384418ed27873ffb65a Mon Sep 17 00:00:00 2001 From: David Festal Date: Wed, 6 Sep 2017 19:44:35 +0200 Subject: [PATCH 9/9] Format code Signed-off-by: David Festal --- .../eclipse/che/keycloak/server/AbstractKeycloakFilter.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java index 8afb9c0510..2677cf9020 100644 --- a/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java +++ b/plugins/plugin-keycloak/che-plugin-keycloak-server/src/main/java/org/eclipse/che/keycloak/server/AbstractKeycloakFilter.java @@ -17,10 +17,9 @@ import javax.servlet.http.HttpServletRequest; /** * Base abstract class for the Keycloak-related servlet filters. - * - * In particular it defines commnon use-cases when the - * authentication / multi-user logic should be skipped * + *

In particular it defines commnon use-cases when the authentication / multi-user logic should + * be skipped */ public abstract class AbstractKeycloakFilter implements Filter {