├── server ├── config │ └── .gitkeep ├── src │ └── main │ │ ├── webapp │ │ ├── META-INF │ │ │ └── services │ │ │ │ ├── org.keycloak.provider.Spi │ │ │ │ └── jp.openstandia.keycloak.grpc.GrpcServerProviderFactory │ │ └── WEB-INF │ │ │ └── jboss-deployment-structure.xml │ │ └── java │ │ └── jp │ │ └── openstandia │ │ └── keycloak │ │ └── grpc │ │ ├── GrpcServerProvider.java │ │ ├── GrpcServerProviderFactory.java │ │ ├── GrpcServerSPI.java │ │ ├── KeycloakSessionInterceptor.java │ │ └── DefaultGrpcServerProviderFactory.java ├── pom.xml └── keycloak-grpc-server.iml ├── admin ├── src │ └── main │ │ ├── resources │ │ └── META-INF │ │ │ ├── services │ │ │ ├── org.keycloak │ │ │ └── jp.openstandia.keycloak.grpc.GrpcServiceProviderFactory │ │ │ └── jboss-deployment-structure.xml │ │ ├── java │ │ └── jp │ │ │ └── openstandia │ │ │ └── keycloak │ │ │ └── grpc │ │ │ └── admin │ │ │ ├── AdminRestTask.java │ │ │ ├── GrpcAdminRESTServiceProvider.java │ │ │ ├── UserResourceServiceFactory.java │ │ │ ├── UsersResourceServiceFactory.java │ │ │ ├── RealmAdminResourceServiceFactory.java │ │ │ ├── RealmAdminResourceService.java │ │ │ ├── AdminRestTaskContext.java │ │ │ ├── UsersResourceService.java │ │ │ └── UserResourceService.java │ │ └── proto │ │ ├── RealmAdminResource.proto │ │ ├── UsersResource.proto │ │ └── UserResource.proto ├── pom.xml └── keycloak-grpc-admin-services.iml ├── .idea ├── .gitignore ├── codeStyles │ ├── codeStyleConfig.xml │ └── Project.xml ├── vcs.xml ├── misc.xml ├── modules.xml ├── compiler.xml └── uiDesigner.xml ├── service-spi ├── src │ └── main │ │ ├── resources │ │ └── META-INF │ │ │ └── services │ │ │ └── org.keycloak.provider.Spi │ │ └── java │ │ ├── jp │ │ └── openstandia │ │ │ └── keycloak │ │ │ └── grpc │ │ │ ├── AdminTask.java │ │ │ ├── TransactionalTask.java │ │ │ ├── GrpcRemoveServiceEvent.java │ │ │ ├── GrpcAddServiceEvent.java │ │ │ ├── TransactionalTaskContext.java │ │ │ ├── GrpcServiceProviderFactory.java │ │ │ ├── BuilderWrapper.java │ │ │ ├── GrpcServiceSPI.java │ │ │ ├── ServerConstant.java │ │ │ ├── AbstractGrpcServiceProviderFactory.java │ │ │ ├── AdminTaskContext.java │ │ │ ├── ErrorHandler.java │ │ │ └── GrpcServiceProvider.java │ │ └── org │ │ └── keycloak │ │ └── services │ │ └── resources │ │ └── admin │ │ └── GrpcAdminRoot.java ├── pom.xml └── keycloak-grpc-service-spi.iml ├── maven-settings.xml ├── .mvn └── wrapper │ ├── maven-wrapper.properties │ └── MavenWrapperDownloader.java ├── client-spi ├── src │ └── main │ │ └── java │ │ └── jp.openstandia.keycloak.grpc │ │ └── Constant.java ├── pom.xml └── keycloak-grpc-client-spi.iml ├── .gitignore ├── keycloak-grpc-parent.iml ├── .github └── workflows │ └── release.yml ├── README.md ├── mvnw.cmd ├── pom.xml ├── mvnw └── LICENSE /server/config/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /admin/src/main/resources/META-INF/services/org.keycloak: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Default ignored files 3 | /workspace.xml -------------------------------------------------------------------------------- /server/src/main/webapp/META-INF/services/org.keycloak.provider.Spi: -------------------------------------------------------------------------------- 1 | jp.openstandia.keycloak.grpc.GrpcServerSPI -------------------------------------------------------------------------------- /service-spi/src/main/resources/META-INF/services/org.keycloak.provider.Spi: -------------------------------------------------------------------------------- 1 | jp.openstandia.keycloak.grpc.GrpcServiceSPI -------------------------------------------------------------------------------- /server/src/main/webapp/META-INF/services/jp.openstandia.keycloak.grpc.GrpcServerProviderFactory: -------------------------------------------------------------------------------- 1 | jp.openstandia.keycloak.grpc.DefaultGrpcServerProviderFactory -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/AdminTask.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | public interface AdminTask { 4 | T run(AdminTaskContext ctx); 5 | } -------------------------------------------------------------------------------- /.idea/codeStyles/codeStyleConfig.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/AdminRestTask.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | public interface AdminRestTask { 4 | T run(AdminRestTaskContext ctx); 5 | } 6 | -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /maven-settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | github 5 | ${env.GITHUB_TOKEN} 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/TransactionalTask.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | public interface TransactionalTask { 4 | T run(TransactionalTaskContext task); 5 | } -------------------------------------------------------------------------------- /.idea/codeStyles/Project.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | -------------------------------------------------------------------------------- /server/src/main/java/jp/openstandia/keycloak/grpc/GrpcServerProvider.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.provider.Provider; 4 | 5 | public interface GrpcServerProvider extends Provider { 6 | } 7 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.1/apache-maven-3.6.1-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar 3 | -------------------------------------------------------------------------------- /server/src/main/java/jp/openstandia/keycloak/grpc/GrpcServerProviderFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.provider.ProviderFactory; 4 | 5 | public interface GrpcServerProviderFactory extends ProviderFactory { 6 | } 7 | -------------------------------------------------------------------------------- /admin/src/main/resources/META-INF/services/jp.openstandia.keycloak.grpc.GrpcServiceProviderFactory: -------------------------------------------------------------------------------- 1 | jp.openstandia.keycloak.grpc.admin.RealmAdminResourceServiceFactory 2 | jp.openstandia.keycloak.grpc.admin.UsersResourceServiceFactory 3 | jp.openstandia.keycloak.grpc.admin.UserResourceServiceFactory -------------------------------------------------------------------------------- /client-spi/src/main/java/jp.openstandia.keycloak.grpc/Constant.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import io.grpc.Metadata; 4 | 5 | import static io.grpc.Metadata.ASCII_STRING_MARSHALLER; 6 | 7 | public class Constant { 8 | public static final Metadata.Key AuthorizationMetadataKey = 9 | Metadata.Key.of("Authorization", ASCII_STRING_MARSHALLER); 10 | } 11 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/GrpcRemoveServiceEvent.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.provider.ProviderEvent; 4 | 5 | public class GrpcRemoveServiceEvent implements ProviderEvent { 6 | private final String id; 7 | 8 | public GrpcRemoveServiceEvent(String id) { 9 | this.id = id; 10 | } 11 | 12 | public String getId() { 13 | return id; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.nar 17 | *.ear 18 | *.zip 19 | *.tar.gz 20 | *.rar 21 | 22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 23 | hs_err_pid* 24 | 25 | # IntelliJ 26 | .idea/**/workspace.xml 27 | .idea/**/tasks.xml 28 | .idea/libraries 29 | 30 | # Build 31 | target -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/GrpcAdminRESTServiceProvider.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import jp.openstandia.keycloak.grpc.GrpcServiceProvider; 4 | 5 | public interface GrpcAdminRESTServiceProvider extends GrpcServiceProvider { 6 | 7 | default T runAdminRestTask(AdminRestTask task) { 8 | return runAdminTask(ctx -> { 9 | return task.run(new AdminRestTaskContext(ctx, ctx.adminRoot, ctx.adminAuth)); 10 | }); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /admin/src/main/proto/RealmAdminResource.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | option java_multiple_files = true; 4 | option java_package = "jp.openstandia.keycloak.grpc.admin"; 5 | 6 | package keycloak; 7 | 8 | service RealmAdminResource { 9 | rpc logoutAll(LogoutAllRequest) returns (LogoutAllResponse); 10 | } 11 | 12 | message LogoutAllRequest { 13 | string realm = 1; 14 | } 15 | 16 | message LogoutAllResponse { 17 | repeated string failedRequests = 1; 18 | repeated string successRequests = 2; 19 | } 20 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/UserResourceServiceFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import jp.openstandia.keycloak.grpc.AbstractGrpcServiceProviderFactory; 4 | import jp.openstandia.keycloak.grpc.GrpcServiceProvider; 5 | 6 | public class UserResourceServiceFactory extends AbstractGrpcServiceProviderFactory { 7 | 8 | @Override 9 | public GrpcServiceProvider create() { 10 | return new UserResourceService(); 11 | } 12 | 13 | @Override 14 | public String getId() { 15 | return "grpc-user-resource-service"; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/UsersResourceServiceFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import jp.openstandia.keycloak.grpc.AbstractGrpcServiceProviderFactory; 4 | import jp.openstandia.keycloak.grpc.GrpcServiceProvider; 5 | 6 | public class UsersResourceServiceFactory extends AbstractGrpcServiceProviderFactory { 7 | 8 | @Override 9 | public GrpcServiceProvider create() { 10 | return new UsersResourceService(); 11 | } 12 | 13 | @Override 14 | public String getId() { 15 | return "grpc-users-resource-service"; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/GrpcAddServiceEvent.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.provider.ProviderEvent; 4 | 5 | public class GrpcAddServiceEvent implements ProviderEvent { 6 | private final String id; 7 | private final boolean hotDeploy; 8 | 9 | public GrpcAddServiceEvent(String id, boolean hotDeploy) { 10 | this.id = id; 11 | this.hotDeploy = hotDeploy; 12 | } 13 | 14 | public String getId() { 15 | return id; 16 | } 17 | 18 | public boolean isHotDeploy() { 19 | return hotDeploy; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/RealmAdminResourceServiceFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import jp.openstandia.keycloak.grpc.AbstractGrpcServiceProviderFactory; 4 | import jp.openstandia.keycloak.grpc.GrpcServiceProvider; 5 | 6 | public class RealmAdminResourceServiceFactory extends AbstractGrpcServiceProviderFactory { 7 | 8 | @Override 9 | public GrpcServiceProvider create() { 10 | return new RealmAdminResourceService(); 11 | } 12 | 13 | @Override 14 | public String getId() { 15 | return "grpc-realm-admin-resource-service"; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /keycloak-grpc-parent.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/TransactionalTaskContext.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.common.ClientConnection; 4 | import org.keycloak.models.KeycloakSession; 5 | 6 | public class TransactionalTaskContext { 7 | 8 | public final String baseUrl; 9 | public final KeycloakSession session; 10 | public final ClientConnection clientConnection; 11 | 12 | public TransactionalTaskContext(String baseUrl, KeycloakSession session) { 13 | this.baseUrl = baseUrl; 14 | this.session = session; 15 | this.clientConnection = session.getContext().getConnection(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/GrpcServiceProviderFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.Config; 4 | import org.keycloak.models.KeycloakSession; 5 | import org.keycloak.provider.ProviderFactory; 6 | 7 | public interface GrpcServiceProviderFactory extends ProviderFactory { 8 | 9 | @Override 10 | default GrpcServiceProvider create(KeycloakSession nullSession) { 11 | throw new UnsupportedOperationException("You should implement create() method"); 12 | } 13 | 14 | GrpcServiceProvider create(); 15 | 16 | @Override 17 | default void init(Config.Scope config) { 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/BuilderWrapper.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | public class BuilderWrapper { 4 | public interface Task { 5 | T run(T builer, V value); 6 | } 7 | 8 | private T b; 9 | 10 | private BuilderWrapper(T b) { 11 | this.b = b; 12 | } 13 | 14 | public static BuilderWrapper wrap(T b) { 15 | return new BuilderWrapper(b); 16 | } 17 | 18 | public BuilderWrapper nullSafe(V value, Task t) { 19 | if (value != null) { 20 | t.run((T) this.b, value); 21 | } 22 | return this; 23 | } 24 | 25 | public T unwrap() { 26 | return b; 27 | } 28 | } -------------------------------------------------------------------------------- /server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /server/src/main/java/jp/openstandia/keycloak/grpc/GrpcServerSPI.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.provider.Provider; 4 | import org.keycloak.provider.ProviderFactory; 5 | import org.keycloak.provider.Spi; 6 | 7 | public class GrpcServerSPI implements Spi { 8 | 9 | @Override 10 | public boolean isInternal() { 11 | return false; 12 | } 13 | 14 | @Override 15 | public String getName() { 16 | return "grpc-server"; 17 | } 18 | 19 | @Override 20 | public Class getProviderClass() { 21 | return GrpcServerProvider.class; 22 | } 23 | 24 | @Override 25 | public Class getProviderFactoryClass() { 26 | return GrpcServerProviderFactory.class; 27 | } 28 | } -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/GrpcServiceSPI.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.provider.Provider; 4 | import org.keycloak.provider.ProviderFactory; 5 | import org.keycloak.provider.Spi; 6 | 7 | public class GrpcServiceSPI implements Spi { 8 | 9 | @Override 10 | public boolean isInternal() { 11 | return false; 12 | } 13 | 14 | @Override 15 | public String getName() { 16 | return "grpc-service"; 17 | } 18 | 19 | @Override 20 | public Class getProviderClass() { 21 | return GrpcServiceProvider.class; 22 | } 23 | 24 | @Override 25 | public Class getProviderFactoryClass() { 26 | return GrpcServiceProviderFactory.class; 27 | } 28 | } -------------------------------------------------------------------------------- /admin/src/main/resources/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/ServerConstant.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import io.grpc.Context; 4 | import io.grpc.Metadata; 5 | import org.keycloak.models.KeycloakSession; 6 | import org.keycloak.services.resources.KeycloakApplication; 7 | 8 | import static io.grpc.Metadata.ASCII_STRING_MARSHALLER; 9 | 10 | public class ServerConstant { 11 | public static final Context.Key KeycloakApplicationContextKey = Context.key("keycloakApplication"); 12 | public static final Context.Key KeycloakSessionContextKey = Context.key("keycloakSession"); 13 | public static final Context.Key BaseUrlContextKey = Context.key("baseUrl"); 14 | public static final Context.Key AuthorizationHeaderContextKey = Context.key("authorization"); 15 | } 16 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /admin/src/main/proto/UsersResource.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | option java_multiple_files = true; 4 | option java_package = "jp.openstandia.keycloak.grpc.admin"; 5 | 6 | package keycloak; 7 | 8 | service UsersResource { 9 | rpc getUsers(GetUsersRequest) returns (GetUsersResponse); 10 | } 11 | 12 | message GetUsersRequest { 13 | string realm = 1; 14 | } 15 | 16 | message GetUsersResponse { 17 | repeated User users = 1; 18 | } 19 | 20 | message User { 21 | string id = 1; 22 | int64 createdTimestamp = 2; 23 | string username = 3; 24 | string email = 4; 25 | string firstName = 5; 26 | string lastName = 6; 27 | bool enabled = 7; 28 | bool totp = 8; 29 | bool emailVerified = 9; 30 | repeated string disableableCredentialTypes = 10; 31 | repeated string requiredActions = 11; 32 | int32 notBefore = 12; 33 | repeated Attribute attributes = 13; 34 | map access = 14; 35 | } 36 | 37 | message Attribute { 38 | string key = 1; 39 | repeated string value = 2; 40 | } -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/AbstractGrpcServiceProviderFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.keycloak.common.util.Resteasy; 4 | import org.keycloak.models.KeycloakSessionFactory; 5 | 6 | import javax.servlet.ServletContext; 7 | 8 | public abstract class AbstractGrpcServiceProviderFactory implements GrpcServiceProviderFactory { 9 | protected KeycloakSessionFactory sessionFactory; 10 | protected String baseUrl; 11 | 12 | @Override 13 | public void postInit(KeycloakSessionFactory factory) { 14 | sessionFactory = factory; 15 | factory.publish(new GrpcAddServiceEvent(getId(), isHotDeploy())); 16 | } 17 | 18 | @Override 19 | public void close() { 20 | sessionFactory.publish(new GrpcRemoveServiceEvent(getId())); 21 | baseUrl = null; 22 | } 23 | 24 | public boolean isHotDeploy() { 25 | ServletContext context = Resteasy.getContextData(ServletContext.class); 26 | return context == null; 27 | } 28 | 29 | public String getBaseUrl() { 30 | return baseUrl; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Java CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | build: 10 | name: Build and release 11 | runs-on: ubuntu-latest 12 | if: "!contains(github.event.head_commit.message, '[ci skip]')" 13 | steps: 14 | - uses: actions/checkout@v1 15 | - name: Set up JDK 1.8 16 | uses: actions/setup-java@v1 17 | with: 18 | java-version: 1.8 19 | - uses: actions/cache@v1 20 | with: 21 | path: ~/.m2/repository 22 | key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} 23 | restore-keys: | 24 | ${{ runner.os }}-maven- 25 | - name: Setup node 26 | uses: actions/setup-node@v1 27 | with: 28 | node-version: '10.x' 29 | - name: Setup semantic-release 30 | run: npm install -g @conveyal/maven-semantic-release semantic-release@15 31 | - name: Release 32 | run: semantic-release --prepare @conveyal/maven-semantic-release --publish @semantic-release/github,@conveyal/maven-semantic-release --verify-conditions @semantic-release/github,@conveyal/maven-semantic-release --verify-release @conveyal/maven-semantic-release --use-conveyal-workflow --dev-branch=dev 33 | env: 34 | GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} 35 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/RealmAdminResourceService.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import io.grpc.stub.StreamObserver; 4 | import org.jboss.logging.Logger; 5 | import org.keycloak.representations.adapters.action.GlobalRequestResult; 6 | import org.keycloak.services.resources.admin.RealmAdminResource; 7 | 8 | import javax.ws.rs.HttpMethod; 9 | 10 | public class RealmAdminResourceService extends RealmAdminResourceGrpc.RealmAdminResourceImplBase implements GrpcAdminRESTServiceProvider { 11 | 12 | private static final Logger logger = Logger.getLogger(RealmAdminResourceService.class); 13 | 14 | @Override 15 | public void logoutAll(LogoutAllRequest request, StreamObserver responseObserver) { 16 | GlobalRequestResult response = runAdminRestTask(ctx -> { 17 | RealmAdminResource resource = ctx.getRealmAdminResource(HttpMethod.POST, request.getRealm(), "logout-all"); 18 | return resource.logoutAll(); 19 | }); 20 | 21 | LogoutAllResponse res = LogoutAllResponse.newBuilder() 22 | .addAllFailedRequests(response.getFailedRequests()) 23 | .addAllSuccessRequests(response.getSuccessRequests()) 24 | .build(); 25 | responseObserver.onNext(res); 26 | responseObserver.onCompleted(); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /admin/src/main/proto/UserResource.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | option java_multiple_files = true; 4 | option java_package = "jp.openstandia.keycloak.grpc.admin"; 5 | 6 | package keycloak; 7 | 8 | service UserResource { 9 | rpc executeActionsEmail(ExecuteActionsEmailRequest) returns (ExecuteActionsEmailResponse); 10 | rpc executeActionsEmailByUsername(ExecuteActionsEmailByUsernameRequest) returns (ExecuteActionsEmailResponse); 11 | rpc logout(LogoutRequest) returns (LogoutResponse); 12 | rpc logoutByUsername(LogoutByUsernameRequest) returns (LogoutResponse); 13 | } 14 | 15 | message ExecuteActionsEmailRequest { 16 | string realm = 1; 17 | string userId = 2; 18 | string redirectUri = 3; 19 | string clientId = 4; 20 | int32 lifespan = 5; 21 | repeated string requiredActions = 6; 22 | } 23 | 24 | message ExecuteActionsEmailByUsernameRequest { 25 | string realm = 1; 26 | string username = 2; 27 | string redirectUri = 3; 28 | string clientId = 4; 29 | int32 lifespan = 5; 30 | repeated string requiredActions = 6; 31 | } 32 | 33 | message ExecuteActionsEmailResponse { 34 | } 35 | 36 | message LogoutRequest { 37 | string realm = 1; 38 | string userId = 2; 39 | } 40 | 41 | message LogoutByUsernameRequest { 42 | string realm = 1; 43 | string username = 2; 44 | bool removeCurrent = 3; 45 | string currentSessionId = 4; 46 | } 47 | 48 | message LogoutResponse { 49 | } -------------------------------------------------------------------------------- /service-spi/src/main/java/org/keycloak/services/resources/admin/GrpcAdminRoot.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.services.resources.admin; 2 | 3 | import org.jboss.resteasy.core.Headers; 4 | import org.jboss.resteasy.mock.MockHttpRequest; 5 | import org.jboss.resteasy.specimpl.ResteasyHttpHeaders; 6 | import org.keycloak.models.KeycloakSession; 7 | 8 | import javax.ws.rs.core.HttpHeaders; 9 | import javax.ws.rs.core.MultivaluedMap; 10 | import java.net.URISyntaxException; 11 | 12 | public class GrpcAdminRoot extends AdminRoot { 13 | 14 | public GrpcAdminRoot(KeycloakSession session, String httpMethod, String url) { 15 | this.session = session; 16 | this.clientConnection = session.getContext().getConnection(); 17 | try { 18 | this.request = MockHttpRequest.create(httpMethod, url); 19 | } catch (URISyntaxException e) { 20 | throw new IllegalStateException(e); 21 | } 22 | } 23 | 24 | public GrpcAdminRoot(KeycloakSession session) { 25 | this.session = session; 26 | this.clientConnection = session.getContext().getConnection(); 27 | } 28 | 29 | public AdminAuth authenticateRealmAdminRequest(String authorizationHeaderValue) { 30 | MultivaluedMap map = new Headers<>(); 31 | map.putSingle("Authorization", authorizationHeaderValue); 32 | HttpHeaders headers = new ResteasyHttpHeaders(map); 33 | return super.authenticateRealmAdminRequest(headers); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /client-spi/pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | keycloak-grpc-parent 5 | jp.openstandia.keycloak.grpc 6 | 0.4.1-SNAPSHOT 7 | ../pom.xml 8 | 9 | 4.0.0 10 | 11 | keycloak-grpc-client-spi 12 | jar 13 | 14 | Keycloak gRPC Client SPI 15 | 16 | 17 | 18 | 19 | io.grpc 20 | grpc-netty-shaded 21 | compile 22 | 23 | 24 | io.grpc 25 | grpc-protobuf 26 | compile 27 | 28 | 29 | io.grpc 30 | grpc-stub 31 | compile 32 | 33 | 34 | 35 | 36 | 37 | 38 | org.apache.maven.plugins 39 | maven-compiler-plugin 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/AdminRestTaskContext.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import jp.openstandia.keycloak.grpc.AdminTaskContext; 4 | import jp.openstandia.keycloak.grpc.TransactionalTaskContext; 5 | import org.keycloak.services.resources.admin.*; 6 | 7 | public class AdminRestTaskContext extends AdminTaskContext { 8 | 9 | public AdminRestTaskContext(TransactionalTaskContext ctx, GrpcAdminRoot adminRoot, AdminAuth adminAuth) { 10 | super(ctx, adminRoot, adminAuth); 11 | } 12 | 13 | public String attachAdminRestUri(String realm, String pathTemplate, String ...params) { 14 | StringBuilder sb = new StringBuilder(); 15 | sb.append(baseUrl); 16 | sb.append("/admin/realms/"); 17 | sb.append(realm); 18 | sb.append("/"); 19 | sb.append(String.format(pathTemplate, params)); 20 | String url = sb.toString(); 21 | 22 | attachUri(realm, url); 23 | 24 | return url; 25 | } 26 | 27 | public RealmsAdminResource getRealmsAdminResource(String httpMethod, String realm, String pathTemplate, String ...params) { 28 | String url = attachAdminRestUri(realm, pathTemplate, params); 29 | 30 | GrpcAdminRoot adminRoot = new GrpcAdminRoot(session, httpMethod, url); 31 | RealmsAdminResource resource = (RealmsAdminResource) adminRoot.getRealmsAdmin(getHeaders()); 32 | 33 | return resource; 34 | } 35 | 36 | public RealmAdminResource getRealmAdminResource(String httpMethod, String realm, String pathTemplate, String ...params) { 37 | RealmsAdminResource resource = getRealmsAdminResource(httpMethod, realm, pathTemplate, params); 38 | RealmAdminResource realmAdminResource = resource.getRealmAdmin(getHeaders(), realm); 39 | 40 | return realmAdminResource; 41 | } 42 | 43 | public UsersResource getUsersResource(String httpMethod, String realm, String pathTemplate, String ...params) { 44 | RealmAdminResource resource = getRealmAdminResource(httpMethod, realm, pathTemplate, params); 45 | UsersResource usersResource = resource.users(); 46 | 47 | return usersResource; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /service-spi/pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | keycloak-grpc-parent 5 | jp.openstandia.keycloak.grpc 6 | 0.4.1-SNAPSHOT 7 | ../pom.xml 8 | 9 | 4.0.0 10 | 11 | keycloak-grpc-service-spi 12 | jar 13 | 14 | Keycloak gRPC Service SPI 15 | 16 | 17 | 18 | 19 | org.keycloak 20 | keycloak-core 21 | provided 22 | 23 | 24 | org.keycloak 25 | keycloak-server-spi 26 | provided 27 | 28 | 29 | org.keycloak 30 | keycloak-server-spi-private 31 | provided 32 | 33 | 34 | org.keycloak 35 | keycloak-services 36 | provided 37 | 38 | 39 | io.grpc 40 | grpc-netty-shaded 41 | provided 42 | 43 | 44 | io.grpc 45 | grpc-protobuf 46 | provided 47 | 48 | 49 | io.grpc 50 | grpc-stub 51 | provided 52 | 53 | 54 | 55 | 56 | keycloak-grpc-service-spi 57 | 58 | 59 | 60 | org.apache.maven.plugins 61 | maven-compiler-plugin 62 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/AdminTaskContext.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import org.jboss.resteasy.core.Headers; 4 | import org.jboss.resteasy.specimpl.ResteasyHttpHeaders; 5 | import org.jboss.resteasy.spi.ResteasyUriInfo; 6 | import org.keycloak.common.util.Resteasy; 7 | import org.keycloak.models.RealmModel; 8 | import org.keycloak.services.managers.RealmManager; 9 | import org.keycloak.services.resources.admin.AdminAuth; 10 | import org.keycloak.services.resources.admin.AdminEventBuilder; 11 | import org.keycloak.services.resources.admin.GrpcAdminRoot; 12 | import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; 13 | import org.keycloak.services.resources.admin.permissions.AdminPermissions; 14 | 15 | import javax.ws.rs.NotFoundException; 16 | import javax.ws.rs.core.HttpHeaders; 17 | import javax.ws.rs.core.MultivaluedMap; 18 | import javax.ws.rs.core.UriInfo; 19 | import java.net.URI; 20 | 21 | public class AdminTaskContext extends TransactionalTaskContext { 22 | public final GrpcAdminRoot adminRoot; 23 | public final AdminAuth adminAuth; 24 | 25 | public AdminTaskContext(TransactionalTaskContext ctx, GrpcAdminRoot adminRoot, AdminAuth adminAuth) { 26 | super(ctx.baseUrl, ctx.session); 27 | this.adminRoot = adminRoot; 28 | this.adminAuth = adminAuth; 29 | } 30 | 31 | public HttpHeaders getHeaders() { 32 | String token = ServerConstant.AuthorizationHeaderContextKey.get(); 33 | 34 | MultivaluedMap map = new Headers<>(); 35 | map.putSingle("Authorization", token); 36 | HttpHeaders headers = new ResteasyHttpHeaders(map); 37 | return headers; 38 | } 39 | 40 | public AdminEventBuilder getAdminEventBuilder(RealmModel realm) { 41 | return new AdminEventBuilder(realm, adminAuth, session, clientConnection); 42 | } 43 | 44 | public AdminPermissionEvaluator getAdminPermission(RealmModel realm) { 45 | return AdminPermissions.evaluator(session, realm, adminAuth); 46 | } 47 | 48 | public RealmModel getRealm(String realmName) { 49 | RealmManager realmManager = new RealmManager(session); 50 | RealmModel realm = realmManager.getRealmByName(realmName); 51 | if (realm == null) { 52 | throw new NotFoundException("Realm does not exist"); 53 | } 54 | return realm; 55 | } 56 | 57 | public void attachUri(String realm, String urlTemplate, String ...params) { 58 | String url = String.format(urlTemplate, params); 59 | 60 | URI uri = URI.create(url); 61 | URI baseUri = URI.create(baseUrl); 62 | 63 | ResteasyUriInfo resteasyUriInfo = new ResteasyUriInfo(url, uri.getRawQuery(), baseUri.getPath()); 64 | Resteasy.pushContext(UriInfo.class, resteasyUriInfo); 65 | 66 | // Need this for resetting uriInfo in the KeycloakSession 67 | session.getContext().setRealm(getRealm(realm)); 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /client-spi/keycloak-grpc-client-spi.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /admin/pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | keycloak-grpc-parent 5 | jp.openstandia.keycloak.grpc 6 | 0.4.1-SNAPSHOT 7 | ../pom.xml 8 | 9 | 4.0.0 10 | 11 | keycloak-grpc-admin-services 12 | jar 13 | 14 | Keycloak gRPC Admin Services 15 | 16 | 17 | 18 | 19 | org.keycloak 20 | keycloak-core 21 | provided 22 | 23 | 24 | org.keycloak 25 | keycloak-server-spi 26 | provided 27 | 28 | 29 | org.keycloak 30 | keycloak-server-spi-private 31 | provided 32 | 33 | 34 | org.keycloak 35 | keycloak-services 36 | provided 37 | 38 | 39 | io.grpc 40 | grpc-netty-shaded 41 | provided 42 | 43 | 44 | io.grpc 45 | grpc-protobuf 46 | provided 47 | 48 | 49 | io.grpc 50 | grpc-stub 51 | provided 52 | 53 | 54 | 55 | jp.openstandia.keycloak.grpc 56 | keycloak-grpc-service-spi 57 | provided 58 | 59 | 60 | jp.openstandia.keycloak.grpc 61 | keycloak-grpc-client-spi 62 | test 63 | 64 | 65 | 66 | 67 | keycloak-grpc-admin-services 68 | 69 | 70 | 71 | org.apache.maven.plugins 72 | maven-compiler-plugin 73 | 74 | 75 | org.xolstice.maven.plugins 76 | protobuf-maven-plugin 77 | 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /server/pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | keycloak-grpc-parent 5 | jp.openstandia.keycloak.grpc 6 | 0.4.1-SNAPSHOT 7 | ../pom.xml 8 | 9 | 4.0.0 10 | 11 | keycloak-grpc-server 12 | war 13 | 14 | Keycloak gRPC Server 15 | 16 | 17 | 18 | 19 | org.keycloak 20 | keycloak-core 21 | provided 22 | 23 | 24 | org.keycloak 25 | keycloak-server-spi 26 | provided 27 | 28 | 29 | org.keycloak 30 | keycloak-server-spi-private 31 | provided 32 | 33 | 34 | org.keycloak 35 | keycloak-services 36 | provided 37 | 38 | 39 | 40 | 41 | io.grpc 42 | grpc-netty-shaded 43 | compile 44 | 45 | 46 | io.grpc 47 | grpc-protobuf 48 | compile 49 | 50 | 51 | io.grpc 52 | grpc-stub 53 | compile 54 | 55 | 56 | 57 | 58 | jp.openstandia.keycloak.grpc 59 | keycloak-grpc-service-spi 60 | compile 61 | 62 | 63 | jp.openstandia.keycloak.grpc 64 | keycloak-grpc-client-spi 65 | compile 66 | 67 | 68 | 69 | 70 | keycloak-grpc-server 71 | 72 | 73 | 74 | org.apache.maven.plugins 75 | maven-compiler-plugin 76 | 77 | 78 | org.apache.maven.plugins 79 | maven-war-plugin 80 | 81 | 82 | 83 | 84 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/UsersResourceService.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import io.grpc.stub.StreamObserver; 4 | import jp.openstandia.keycloak.grpc.BuilderWrapper; 5 | import org.keycloak.representations.idm.UserRepresentation; 6 | import org.keycloak.services.resources.admin.UsersResource; 7 | 8 | import javax.ws.rs.HttpMethod; 9 | import java.util.List; 10 | import java.util.stream.Collectors; 11 | 12 | public class UsersResourceService extends UsersResourceGrpc.UsersResourceImplBase implements GrpcAdminRESTServiceProvider { 13 | 14 | @Override 15 | public void getUsers(GetUsersRequest request, StreamObserver responseObserver) { 16 | List results = runAdminRestTask(ctx -> { 17 | UsersResource usersResource = ctx.getUsersResource(HttpMethod.GET, request.getRealm(), "users"); 18 | 19 | List users = usersResource.getUsers(null, null, null, null, null, null, null, null); 20 | 21 | List resUsers = users.stream().map(x -> { 22 | return BuilderWrapper.wrap(User.newBuilder()) 23 | .nullSafe(x.getId(), (b, v) -> b.setId(v)) 24 | .nullSafe(x.getCreatedTimestamp(), (b, v) -> b.setCreatedTimestamp(v)) 25 | .nullSafe(x.getUsername(), (b, v) -> b.setUsername(v)) 26 | .nullSafe(x.getFirstName(), (b, v) -> b.setFirstName(v)) 27 | .nullSafe(x.getLastName(), (b, v) -> b.setLastName(v)) 28 | .nullSafe(x.isEnabled(), (b, v) -> b.setEnabled(v)) 29 | .nullSafe(x.isTotp(), (b, v) -> b.setTotp(v)) 30 | .nullSafe(x.isEmailVerified(), (b, v) -> b.setEmailVerified(v)) 31 | .nullSafe(x.getDisableableCredentialTypes(), (b, v) -> b.addAllDisableableCredentialTypes(v)) 32 | .nullSafe(x.getRequiredActions(), (b, v) -> b.addAllRequiredActions(v)) 33 | .nullSafe(x.getNotBefore(), (b, v) -> b.setNotBefore(v)) 34 | .nullSafe(x.getAttributes(), (b, v) -> { 35 | List attrs = v.entrySet().stream().map(y -> { 36 | return Attribute.newBuilder() 37 | .setKey(y.getKey()) 38 | .addAllValue(y.getValue()) 39 | .build(); 40 | }).collect(Collectors.toList()); 41 | return b.addAllAttributes(attrs); 42 | }) 43 | .nullSafe(x.getAccess(), (b, v) -> b.putAllAccess(v)) 44 | .unwrap() 45 | .build(); 46 | }).collect(Collectors.toList()); 47 | 48 | return resUsers; 49 | }); 50 | 51 | GetUsersResponse res = GetUsersResponse.newBuilder().addAllUsers(results).build(); 52 | responseObserver.onNext(res); 53 | responseObserver.onCompleted(); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/ErrorHandler.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import io.grpc.Status; 4 | import io.grpc.StatusRuntimeException; 5 | 6 | import javax.ws.rs.*; 7 | import javax.ws.rs.core.Response; 8 | 9 | public class ErrorHandler { 10 | 11 | public static boolean hasError(Response response) { 12 | return response != null && response.getStatus() != 200; 13 | } 14 | 15 | public static StatusRuntimeException convert(Response response) { 16 | if (response.getStatusInfo() == Response.Status.CONFLICT) { 17 | return Status.ALREADY_EXISTS 18 | .withDescription(response.getStatusInfo().getReasonPhrase()) 19 | .asRuntimeException(); 20 | } 21 | if (response.getStatusInfo() == Response.Status.BAD_REQUEST) { 22 | return Status.INVALID_ARGUMENT 23 | .withDescription(response.getStatusInfo().getReasonPhrase()) 24 | .asRuntimeException(); 25 | } 26 | if (response.getStatusInfo() == Response.Status.NOT_FOUND) { 27 | return Status.NOT_FOUND 28 | .withDescription(response.getStatusInfo().getReasonPhrase()) 29 | .asRuntimeException(); 30 | } 31 | if (response.getStatusInfo() == Response.Status.FORBIDDEN) { 32 | return Status.PERMISSION_DENIED 33 | .withDescription(response.getStatusInfo().getReasonPhrase()) 34 | .asRuntimeException(); 35 | } 36 | if (response.getStatusInfo() == Response.Status.INTERNAL_SERVER_ERROR) { 37 | return Status.INTERNAL 38 | .withDescription(response.getStatusInfo().getReasonPhrase()) 39 | .asRuntimeException(); 40 | } 41 | if (response.getStatusInfo() == Response.Status.PRECONDITION_FAILED) { 42 | return Status.FAILED_PRECONDITION 43 | .withDescription(response.getStatusInfo().getReasonPhrase()) 44 | .asRuntimeException(); 45 | 46 | } 47 | 48 | return Status.UNKNOWN 49 | .withDescription(response.getStatusInfo().getReasonPhrase()) 50 | .asRuntimeException(); 51 | } 52 | 53 | public static StatusRuntimeException convert(RuntimeException e) { 54 | if (e instanceof NotAuthorizedException) { 55 | return Status.UNAUTHENTICATED 56 | .withDescription(e.getMessage()) 57 | .withCause(e) 58 | .asRuntimeException(); 59 | } 60 | if (e instanceof NotFoundException) { 61 | return Status.NOT_FOUND 62 | .withDescription(e.getMessage()) 63 | .withCause(e) 64 | .asRuntimeException(); 65 | } 66 | if (e instanceof BadRequestException) { 67 | return Status.INVALID_ARGUMENT 68 | .withDescription(e.getMessage()) 69 | .withCause(e) 70 | .asRuntimeException(); 71 | } 72 | if (e instanceof ForbiddenException || e instanceof org.keycloak.services.ForbiddenException ) { 73 | return Status.PERMISSION_DENIED 74 | .withDescription(e.getMessage()) 75 | .withCause(e) 76 | .asRuntimeException(); 77 | } 78 | if (e instanceof InternalServerErrorException) { 79 | return Status.INTERNAL 80 | .withDescription(e.getMessage()) 81 | .withCause(e) 82 | .asRuntimeException(); 83 | } 84 | 85 | // UNKNOWN 86 | throw e; 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # keycloak-grpc 2 | **This repository is heavily under development.** 3 | 4 | [Keycloak](https://github.com/keycloak/keycloak) extension that enables serving gRPC services on Keycloak server. 5 | 6 | ## Features 7 | 8 | * gRPC server on Keycloak 9 | * Provide SPI for gRPC services 10 | * gRPC services deployer (with hot deployment for easy development) 11 | * Sample implementation of Admin gRPC Service for keycloak 12 | 13 | ## Install 14 | 15 | ### Build 16 | 17 | Install JDK 8+ and [maven3](https://maven.apache.org/download.cgi) then build: 18 | 19 | ``` 20 | mvn install 21 | ``` 22 | 23 | After successful the build, you can find `keycloak-grpc-server.war` in `./server/target` directory. 24 | Also, you can see `keycloak-grpc-admin-services.jar` in `./admin/target` directory which is sample implementation of admin gRPC service. 25 | 26 | ### Setting 27 | 28 | #### SPI loader setting 29 | 30 | Since **keycloak-grpc** defines own custom SPIs for gRPC server and services, 31 | you need to add a bit of configuration into your `$KEYCLOAK_HOME/standalone/configuration/standalone.xml` or `standalone-ha.xml` to load the SPIs. 32 | 33 | ``` 34 | 35 | auth 36 | 37 | 38 | classpath:${jboss.home.dir}/providers/* 39 | 40 | 41 | 42 | module:deployment.keycloak-grpc-server.war 43 | 44 | 45 | ``` 46 | 47 | #### gRPC server setting 48 | 49 | The gRPC server has some options that you can configure in your `$KEYCLOAK_HOME/standalone/configuration/standalone.xml` or `standalone-ha.xml`. 50 | 51 | * `port`: Port number of the gRPC server. (Default: 6565) 52 | * `baseUrl`: Base URL of keycloak server which is used as issuer. You need to configure this option when using authorization by access token in the gRPC services. 53 | 54 | ``` 55 | 56 | default 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | ``` 75 | 76 | ### Deploy gRPC server and sample gRPC admin service 77 | 78 | Put `keycloak-grpc-server.war` into `$KEYCLOAK_HOME/standalone/deployments` directory. 79 | Also, put `keycloak-grpc-admin-services.jar` into `$KEYCLOAK_HOME/standalone/deployments` directory simply 80 | if you want to deploy the sample gRPC admin service. 81 | 82 | ### Start gRPC server and services 83 | 84 | Start your keycloak server. You can see some logging about starting gRPC server and services: 85 | 86 | ``` 87 | 13:51:44,495 INFO [jp.openstandia.keycloak.grpc.DefaultGrpcServerProviderFactory] (ServerService Thread Pool -- 63) Adding gRPC service: grpc-user-resource-service 88 | 13:51:44,584 INFO [jp.openstandia.keycloak.grpc.DefaultGrpcServerProviderFactory] (ServerService Thread Pool -- 63) Starting gRPC server with port=6,565 89 | ``` 90 | 91 | ## How to write own custom gRPC service 92 | 93 | You need to extend gRPC service SPI which is defined in [this sub-project](https://github.com/openstandia/keycloak-grpc/tree/master/service-spi). 94 | Please see [the sample implementation of admin gRPC service](https://github.com/openstandia/keycloak-grpc/tree/master/admin). 95 | 96 | After building your services, you can deploy it by putting it into `$KEYCLOAK_HOME/standalone/deployments` directory simply. 97 | Also, it supports hot deployment thanks to keycloak. 98 | 99 | ## License 100 | 101 | Licensed under the [Apache License 2.0](/LICENSE). 102 | -------------------------------------------------------------------------------- /service-spi/src/main/java/jp/openstandia/keycloak/grpc/GrpcServiceProvider.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import io.grpc.BindableService; 4 | import org.jboss.resteasy.spi.ResteasyUriInfo; 5 | import org.keycloak.common.ClientConnection; 6 | import org.keycloak.common.util.Resteasy; 7 | import org.keycloak.models.KeycloakSession; 8 | import org.keycloak.models.KeycloakTransaction; 9 | import org.keycloak.models.KeycloakTransactionManager; 10 | import org.keycloak.provider.Provider; 11 | import org.keycloak.services.resources.KeycloakApplication; 12 | import org.keycloak.services.resources.admin.AdminAuth; 13 | import org.keycloak.services.resources.admin.GrpcAdminRoot; 14 | 15 | import javax.ws.rs.HttpMethod; 16 | import javax.ws.rs.core.UriInfo; 17 | import java.net.URI; 18 | 19 | public interface GrpcServiceProvider extends Provider, BindableService { 20 | 21 | default T nullable(T s) { 22 | if (s != null) { 23 | if (s instanceof String) { 24 | if (((String) s).isEmpty()) { 25 | return null; 26 | } 27 | } else if (s instanceof Integer) { 28 | if ((Integer) s == 0) { 29 | return null; 30 | } 31 | } 32 | } 33 | return s; 34 | } 35 | 36 | default KeycloakApplication getKeycloakApplication() { 37 | return ServerConstant.KeycloakApplicationContextKey.get(); 38 | } 39 | 40 | default KeycloakSession getKeycloakSession() { 41 | return ServerConstant.KeycloakSessionContextKey.get(); 42 | } 43 | 44 | default String getBaseUrl() { 45 | return ServerConstant.BaseUrlContextKey.get(); 46 | } 47 | 48 | default T withTransaction(TransactionalTask task) { 49 | KeycloakSession session = getKeycloakSession(); 50 | KeycloakTransactionManager tx = session.getTransactionManager(); 51 | 52 | // Need for validating JWT access token 53 | URI uri = URI.create(getBaseUrl()); 54 | ResteasyUriInfo resteasyUriInfo = new ResteasyUriInfo(getBaseUrl(), "", uri.getPath()); 55 | Resteasy.pushContext(UriInfo.class, resteasyUriInfo); 56 | 57 | // See KeycloakSessionServletFilter 58 | Resteasy.pushContext(KeycloakApplication.class, getKeycloakApplication()); 59 | Resteasy.pushContext(KeycloakSession.class, session); 60 | Resteasy.pushContext(ClientConnection.class, session.getContext().getConnection()); 61 | Resteasy.pushContext(KeycloakTransaction.class, tx); 62 | 63 | try { 64 | tx.begin(); 65 | T result = task.run(new TransactionalTaskContext(getBaseUrl(), session)); 66 | if (tx.isActive()) { 67 | if (tx.getRollbackOnly()) { 68 | tx.rollback(); 69 | } else { 70 | tx.commit(); 71 | } 72 | } 73 | return result; 74 | } catch (RuntimeException e) { 75 | if (tx.isActive()) { 76 | tx.rollback(); 77 | } 78 | throw ErrorHandler.convert(e); 79 | } finally { 80 | Resteasy.clearContextData(); 81 | } 82 | } 83 | 84 | default T runAdminTask(AdminTask task) { 85 | return withTransaction(ctx -> { 86 | String token = ServerConstant.AuthorizationHeaderContextKey.get(); 87 | 88 | GrpcAdminRoot adminRoot = new GrpcAdminRoot(ctx.session, HttpMethod.GET, getBaseUrl() + "/admin"); 89 | AdminAuth adminAuth = adminRoot.authenticateRealmAdminRequest(token); 90 | 91 | return task.run(new AdminTaskContext(ctx, adminRoot, adminAuth)); 92 | }); 93 | } 94 | 95 | default AdminAuth authenticate() { 96 | KeycloakSession session = getKeycloakSession(); 97 | KeycloakTransactionManager tx = session.getTransactionManager(); 98 | if (!tx.isActive() || Resteasy.getContextData(UriInfo.class) == null) { 99 | throw new IllegalStateException("You must call this method within 'withTransaction()'"); 100 | } 101 | 102 | String token = ServerConstant.AuthorizationHeaderContextKey.get(); 103 | 104 | GrpcAdminRoot adminRoot = new GrpcAdminRoot(session); 105 | AdminAuth adminAuth = adminRoot.authenticateRealmAdminRequest(token); 106 | 107 | return adminAuth; 108 | } 109 | 110 | default String getToken() { 111 | return ServerConstant.AuthorizationHeaderContextKey.get(); 112 | } 113 | 114 | @Override 115 | default void close() { 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /server/src/main/java/jp/openstandia/keycloak/grpc/KeycloakSessionInterceptor.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import io.grpc.*; 4 | import org.jboss.logging.Logger; 5 | import org.keycloak.common.ClientConnection; 6 | import org.keycloak.models.KeycloakSession; 7 | import org.keycloak.models.KeycloakSessionFactory; 8 | import org.keycloak.services.resources.KeycloakApplication; 9 | 10 | public class KeycloakSessionInterceptor implements ServerInterceptor { 11 | 12 | private static final Logger logger = Logger.getLogger(DefaultGrpcServerProviderFactory.class); 13 | 14 | private final KeycloakApplication application; 15 | private final KeycloakSessionFactory sessionFactory; 16 | private final String baseUrl; 17 | 18 | private KeycloakSessionInterceptor(KeycloakApplication application, KeycloakSessionFactory sessionFactory, String baseUrl) { 19 | this.application = application; 20 | this.sessionFactory = sessionFactory; 21 | this.baseUrl = baseUrl; 22 | } 23 | 24 | public static ServerInterceptor instance(KeycloakApplication application, KeycloakSessionFactory sessionFactory, String baseUrl) { 25 | return new KeycloakSessionInterceptor(application, sessionFactory, baseUrl); 26 | } 27 | 28 | @Override 29 | public ServerCall.Listener interceptCall(ServerCall call, Metadata headers, ServerCallHandler next) { 30 | final KeycloakSession session = sessionFactory.create(); 31 | 32 | // How to get remote address/port 33 | // https://github.com/grpc/grpc-java/blob/30b59885b7496b53eb17f64ba1d822c2d9a6c69a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java#L1627-L1639 34 | 35 | final String inetSocketString = call.getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR).toString(); 36 | final String host = inetSocketString.substring(0, inetSocketString.lastIndexOf(':')); 37 | final String port = inetSocketString.substring(inetSocketString.lastIndexOf(':')); 38 | 39 | final String localInetSocketString = call.getAttributes().get(Grpc.TRANSPORT_ATTR_LOCAL_ADDR).toString(); 40 | final String localHost = localInetSocketString.substring(0, localInetSocketString.lastIndexOf(':')); 41 | final String localPort = localInetSocketString.substring(localInetSocketString.lastIndexOf(':')); 42 | 43 | final ClientConnection connection = new ClientConnection() { 44 | @Override 45 | public String getRemoteAddr() { 46 | return host; 47 | } 48 | 49 | @Override 50 | public String getRemoteHost() { 51 | return host; 52 | } 53 | 54 | @Override 55 | public int getRemotePort() { 56 | return Integer.parseInt(port); 57 | } 58 | 59 | @Override 60 | public String getLocalAddr() { 61 | return localHost; 62 | } 63 | 64 | @Override 65 | public int getLocalPort() { 66 | return Integer.parseInt(localPort); 67 | } 68 | }; 69 | session.getContext().setConnection(connection); 70 | 71 | ForwardingServerCall.SimpleForwardingServerCall serverCall = new ForwardingServerCall.SimpleForwardingServerCall(call) { 72 | @Override 73 | public void close(Status status, Metadata trailers) { 74 | if (!status.isOk()) { 75 | logger.errorv("Error in calling gRPC service. status={0}, metadata={1}", status, trailers); 76 | } 77 | closeSession(session); 78 | super.close(status, trailers); 79 | } 80 | }; 81 | 82 | String token = headers.get(Constant.AuthorizationMetadataKey); 83 | 84 | Context ctx = Context.current() 85 | .withValue(ServerConstant.KeycloakApplicationContextKey, application) 86 | .withValue(ServerConstant.KeycloakSessionContextKey, session) 87 | .withValue(ServerConstant.BaseUrlContextKey, baseUrl) 88 | .withValue(ServerConstant.AuthorizationHeaderContextKey, token); 89 | 90 | return Contexts.interceptCall(ctx, serverCall, headers, next); 91 | } 92 | 93 | private void closeSession(KeycloakSession session) { 94 | // KeycloakTransactionCommitter is responsible for committing the transaction, but if an exception is thrown it's not invoked and transaction 95 | // should be rolled back 96 | if (session.getTransactionManager() != null && session.getTransactionManager().isActive()) { 97 | session.getTransactionManager().rollback(); 98 | } 99 | 100 | session.close(); 101 | // Resteasy.clearContextData(); 102 | } 103 | } 104 | -------------------------------------------------------------------------------- /.mvn/wrapper/MavenWrapperDownloader.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2007-present the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | import java.net.*; 17 | import java.io.*; 18 | import java.nio.channels.*; 19 | import java.util.Properties; 20 | 21 | public class MavenWrapperDownloader { 22 | 23 | private static final String WRAPPER_VERSION = "0.5.5"; 24 | /** 25 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided. 26 | */ 27 | private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/" 28 | + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar"; 29 | 30 | /** 31 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to 32 | * use instead of the default one. 33 | */ 34 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH = 35 | ".mvn/wrapper/maven-wrapper.properties"; 36 | 37 | /** 38 | * Path where the maven-wrapper.jar will be saved to. 39 | */ 40 | private static final String MAVEN_WRAPPER_JAR_PATH = 41 | ".mvn/wrapper/maven-wrapper.jar"; 42 | 43 | /** 44 | * Name of the property which should be used to override the default download url for the wrapper. 45 | */ 46 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl"; 47 | 48 | public static void main(String args[]) { 49 | System.out.println("- Downloader started"); 50 | File baseDirectory = new File(args[0]); 51 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath()); 52 | 53 | // If the maven-wrapper.properties exists, read it and check if it contains a custom 54 | // wrapperUrl parameter. 55 | File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH); 56 | String url = DEFAULT_DOWNLOAD_URL; 57 | if(mavenWrapperPropertyFile.exists()) { 58 | FileInputStream mavenWrapperPropertyFileInputStream = null; 59 | try { 60 | mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); 61 | Properties mavenWrapperProperties = new Properties(); 62 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); 63 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); 64 | } catch (IOException e) { 65 | System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); 66 | } finally { 67 | try { 68 | if(mavenWrapperPropertyFileInputStream != null) { 69 | mavenWrapperPropertyFileInputStream.close(); 70 | } 71 | } catch (IOException e) { 72 | // Ignore ... 73 | } 74 | } 75 | } 76 | System.out.println("- Downloading from: " + url); 77 | 78 | File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH); 79 | if(!outputFile.getParentFile().exists()) { 80 | if(!outputFile.getParentFile().mkdirs()) { 81 | System.out.println( 82 | "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'"); 83 | } 84 | } 85 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath()); 86 | try { 87 | downloadFileFromURL(url, outputFile); 88 | System.out.println("Done"); 89 | System.exit(0); 90 | } catch (Throwable e) { 91 | System.out.println("- Error downloading"); 92 | e.printStackTrace(); 93 | System.exit(1); 94 | } 95 | } 96 | 97 | private static void downloadFileFromURL(String urlString, File destination) throws Exception { 98 | if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) { 99 | String username = System.getenv("MVNW_USERNAME"); 100 | char[] password = System.getenv("MVNW_PASSWORD").toCharArray(); 101 | Authenticator.setDefault(new Authenticator() { 102 | @Override 103 | protected PasswordAuthentication getPasswordAuthentication() { 104 | return new PasswordAuthentication(username, password); 105 | } 106 | }); 107 | } 108 | URL website = new URL(urlString); 109 | ReadableByteChannel rbc; 110 | rbc = Channels.newChannel(website.openStream()); 111 | FileOutputStream fos = new FileOutputStream(destination); 112 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); 113 | fos.close(); 114 | rbc.close(); 115 | } 116 | 117 | } 118 | -------------------------------------------------------------------------------- /server/src/main/java/jp/openstandia/keycloak/grpc/DefaultGrpcServerProviderFactory.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc; 2 | 3 | import io.grpc.Server; 4 | import io.grpc.ServerBuilder; 5 | import io.grpc.util.TransmitStatusRuntimeExceptionInterceptor; 6 | import org.jboss.logging.Logger; 7 | import org.keycloak.Config; 8 | import org.keycloak.common.util.Resteasy; 9 | import org.keycloak.models.KeycloakSession; 10 | import org.keycloak.models.KeycloakSessionFactory; 11 | import org.keycloak.models.utils.PostMigrationEvent; 12 | import org.keycloak.provider.ProviderEvent; 13 | import org.keycloak.provider.ProviderEventListener; 14 | import org.keycloak.provider.ProviderFactory; 15 | import org.keycloak.services.resources.KeycloakApplication; 16 | 17 | import javax.servlet.ServletContext; 18 | import java.io.IOException; 19 | import java.util.List; 20 | 21 | public class DefaultGrpcServerProviderFactory implements GrpcServerProviderFactory { 22 | 23 | private static final Logger logger = Logger.getLogger(DefaultGrpcServerProviderFactory.class); 24 | 25 | protected KeycloakApplication application; 26 | protected KeycloakSessionFactory sessionFactory; 27 | protected Config.Scope scope; 28 | protected Server server; 29 | protected GrpcServerEventListener listener; 30 | 31 | private final Object lock = new Object(); 32 | 33 | @Override 34 | public GrpcServerProvider create(KeycloakSession nullSession) { 35 | return null; 36 | } 37 | 38 | @Override 39 | public void init(Config.Scope scope) { 40 | this.scope = scope; 41 | } 42 | 43 | @Override 44 | public void postInit(KeycloakSessionFactory factory) { 45 | sessionFactory = factory; 46 | 47 | listener = new GrpcServerEventListener(); 48 | sessionFactory.register(listener); 49 | 50 | // Need to start server now because PostMigrationEvent is finished when hot deploy mode 51 | if (isHotDeploy()) { 52 | synchronized (lock) { 53 | startServer(); 54 | } 55 | } 56 | } 57 | 58 | protected void stopServer() { 59 | if (server != null && !server.isShutdown()) { 60 | server.shutdownNow(); 61 | logger.infov("Stopped gRPC server"); 62 | } 63 | } 64 | 65 | protected void startServer() { 66 | int port = scope.getInt("port", 6565); 67 | String baseUrl = scope.get("baseUrl"); 68 | 69 | if (baseUrl == null || baseUrl.isEmpty()) { 70 | logger.warnv("'baseUrl' is empty. You need to setup it when using authorization by Bearer token."); 71 | } 72 | 73 | ServerBuilder builder = ServerBuilder.forPort(port) 74 | .intercept(TransmitStatusRuntimeExceptionInterceptor.instance()) 75 | .intercept(KeycloakSessionInterceptor.instance(application, sessionFactory, baseUrl)); 76 | 77 | List factories = sessionFactory.getProviderFactories(GrpcServiceProvider.class); 78 | 79 | for (ProviderFactory factory : factories) { 80 | logger.infov("Adding gRPC service: {0}", factory.getId()); 81 | GrpcServiceProvider grpcResourceProvider = ((GrpcServiceProviderFactory) factory).create(); 82 | builder.addService(grpcResourceProvider); 83 | } 84 | 85 | server = builder.build(); 86 | 87 | try { 88 | logger.infov("Starting gRPC server with port={0}", port); 89 | server.start(); 90 | } catch (IOException e) { 91 | logger.error("Failed to start gRPC server", e); 92 | throw new IllegalStateException(e); 93 | } 94 | } 95 | 96 | @Override 97 | public void close() { 98 | logger.infov("Stopping gRPC server"); 99 | sessionFactory.unregister(listener); 100 | 101 | synchronized (lock) { 102 | server.shutdownNow(); 103 | server = null; 104 | sessionFactory = null; 105 | scope = null; 106 | } 107 | 108 | logger.infov("Stopped gRPC server"); 109 | } 110 | 111 | @Override 112 | public String getId() { 113 | return "default"; 114 | } 115 | 116 | public boolean isHotDeploy() { 117 | ServletContext context = Resteasy.getContextData(ServletContext.class); 118 | return context == null; 119 | } 120 | 121 | private class GrpcServerEventListener implements ProviderEventListener { 122 | @Override 123 | public void onEvent(ProviderEvent event) { 124 | // Called when keycloak-grpc-server.war is deployed when booting keycloak. 125 | // If the war is deployed after booting (Hot deployed), we cant't trap this event. 126 | if (event instanceof PostMigrationEvent) { 127 | synchronized (lock) { 128 | application = Resteasy.getContextData(KeycloakApplication.class); 129 | startServer(); 130 | } 131 | return; 132 | } 133 | 134 | if (event instanceof GrpcAddServiceEvent) { 135 | GrpcAddServiceEvent addEvent = (GrpcAddServiceEvent) event; 136 | if (addEvent.isHotDeploy()) { 137 | synchronized (lock) { 138 | logger.infov("Restarting gRPC server"); 139 | stopServer(); 140 | startServer(); 141 | } 142 | } 143 | return; 144 | } 145 | 146 | if (event instanceof GrpcRemoveServiceEvent) { 147 | synchronized (lock) { 148 | logger.infov("Restarting gRPC server"); 149 | stopServer(); 150 | startServer(); 151 | } 152 | return; 153 | } 154 | } 155 | } 156 | } 157 | -------------------------------------------------------------------------------- /admin/src/main/java/jp/openstandia/keycloak/grpc/admin/UserResourceService.java: -------------------------------------------------------------------------------- 1 | package jp.openstandia.keycloak.grpc.admin; 2 | 3 | import io.grpc.stub.StreamObserver; 4 | import jp.openstandia.keycloak.grpc.ErrorHandler; 5 | import org.jboss.logging.Logger; 6 | import org.keycloak.common.util.Time; 7 | import org.keycloak.events.admin.OperationType; 8 | import org.keycloak.events.admin.ResourceType; 9 | import org.keycloak.models.KeycloakSession; 10 | import org.keycloak.models.RealmModel; 11 | import org.keycloak.models.UserModel; 12 | import org.keycloak.models.UserSessionModel; 13 | import org.keycloak.services.managers.AuthenticationManager; 14 | import org.keycloak.services.resources.admin.AdminEventBuilder; 15 | import org.keycloak.services.resources.admin.UserResource; 16 | import org.keycloak.services.resources.admin.UsersResource; 17 | import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; 18 | 19 | import javax.ws.rs.HttpMethod; 20 | import javax.ws.rs.NotFoundException; 21 | import javax.ws.rs.core.Response; 22 | import java.util.List; 23 | 24 | public class UserResourceService extends UserResourceGrpc.UserResourceImplBase implements GrpcAdminRESTServiceProvider { 25 | 26 | private static final Logger logger = Logger.getLogger(UserResourceService.class); 27 | 28 | @Override 29 | public void executeActionsEmail(ExecuteActionsEmailRequest request, StreamObserver responseObserver) { 30 | Response response = runAdminRestTask(ctx -> { 31 | UsersResource resource = ctx.getUsersResource(HttpMethod.PUT, request.getRealm(), "users/%s/execute-actions-email", request.getUserId()); 32 | UserResource user = resource.user(request.getUserId()); 33 | return user.executeActionsEmail(nullable(request.getRedirectUri()), 34 | nullable(request.getClientId()), 35 | nullable(request.getLifespan()), 36 | request.getRequiredActionsList()); 37 | }); 38 | 39 | if (ErrorHandler.hasError(response)) { 40 | throw ErrorHandler.convert(response); 41 | } 42 | 43 | ExecuteActionsEmailResponse res = ExecuteActionsEmailResponse.newBuilder().build(); 44 | responseObserver.onNext(res); 45 | responseObserver.onCompleted(); 46 | } 47 | 48 | @Override 49 | public void executeActionsEmailByUsername(ExecuteActionsEmailByUsernameRequest request, StreamObserver responseObserver) { 50 | Response response = runAdminRestTask(ctx -> { 51 | RealmModel realm = ctx.getRealm(request.getRealm()); 52 | UserModel userModel = getKeycloakSession().users().getUserByUsername(request.getUsername(), realm); 53 | if (userModel == null) { 54 | throw new NotFoundException("User does not exist"); 55 | } 56 | 57 | UsersResource resource = ctx.getUsersResource(HttpMethod.PUT, request.getRealm(), "users/%s/execute-actions-email", userModel.getId()); 58 | UserResource user = resource.user(userModel.getId()); 59 | return user.executeActionsEmail(nullable(request.getRedirectUri()), 60 | nullable(request.getClientId()), 61 | nullable(request.getLifespan()), 62 | request.getRequiredActionsList()); 63 | }); 64 | 65 | if (ErrorHandler.hasError(response)) { 66 | throw ErrorHandler.convert(response); 67 | } 68 | 69 | ExecuteActionsEmailResponse res = ExecuteActionsEmailResponse.newBuilder().build(); 70 | responseObserver.onNext(res); 71 | responseObserver.onCompleted(); 72 | } 73 | 74 | @Override 75 | public void logout(LogoutRequest request, StreamObserver responseObserver) { 76 | runAdminRestTask(ctx -> { 77 | UsersResource resource = ctx.getUsersResource(HttpMethod.PUT, request.getRealm(), "users/%s/logout", request.getUserId()); 78 | UserResource user = resource.user(request.getUserId()); 79 | user.logout(); 80 | return null; 81 | }); 82 | 83 | LogoutResponse res = LogoutResponse.newBuilder().build(); 84 | responseObserver.onNext(res); 85 | responseObserver.onCompleted(); 86 | } 87 | 88 | @Override 89 | public void logoutByUsername(LogoutByUsernameRequest request, StreamObserver responseObserver) { 90 | runAdminRestTask(ctx -> { 91 | KeycloakSession session = ctx.session; 92 | 93 | RealmModel realm = ctx.getRealm(request.getRealm()); 94 | UserModel userModel = getKeycloakSession().users().getUserByUsername(request.getUsername(), realm); 95 | if (userModel == null) { 96 | throw new NotFoundException("User does not exist"); 97 | } 98 | 99 | ctx.attachAdminRestUri(request.getRealm(), "users/%s/logout", userModel.getId()); 100 | 101 | AdminPermissionEvaluator auth = ctx.getAdminPermission(realm); 102 | AdminEventBuilder adminEvent = ctx.getAdminEventBuilder(realm) 103 | .realm(realm) 104 | .resource(ResourceType.USER); 105 | 106 | auth.users().requireManage(userModel); 107 | 108 | session.users().setNotBeforeForUser(realm, userModel, Time.currentTime()); 109 | 110 | List userSessions = session.sessions().getUserSessions(realm, userModel); 111 | for (UserSessionModel userSession : userSessions) { 112 | if (request.getRemoveCurrent() || !isCurrentSession(userSession, request.getCurrentSessionId())) { 113 | AuthenticationManager.backchannelLogout(session, userSession, true); 114 | } 115 | } 116 | adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); 117 | 118 | return null; 119 | }); 120 | 121 | LogoutResponse res = LogoutResponse.newBuilder().build(); 122 | responseObserver.onNext(res); 123 | responseObserver.onCompleted(); 124 | } 125 | 126 | private boolean isCurrentSession(UserSessionModel session, String current) { 127 | return session.getId().equals(current); 128 | } 129 | } 130 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar" 124 | 125 | FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 127 | ) 128 | 129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 131 | if exist %WRAPPER_JAR% ( 132 | if "%MVNW_VERBOSE%" == "true" ( 133 | echo Found %WRAPPER_JAR% 134 | ) 135 | ) else ( 136 | if not "%MVNW_REPOURL%" == "" ( 137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar" 138 | ) 139 | if "%MVNW_VERBOSE%" == "true" ( 140 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 141 | echo Downloading from: %DOWNLOAD_URL% 142 | ) 143 | 144 | powershell -Command "&{"^ 145 | "$webclient = new-object System.Net.WebClient;"^ 146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 148 | "}"^ 149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ 150 | "}" 151 | if "%MVNW_VERBOSE%" == "true" ( 152 | echo Finished downloading %WRAPPER_JAR% 153 | ) 154 | ) 155 | @REM End of extension 156 | 157 | @REM Provide a "standardized" way to retrieve the CLI args that will 158 | @REM work with both Windows and non-Windows executions. 159 | set MAVEN_CMD_LINE_ARGS=%* 160 | 161 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 162 | if ERRORLEVEL 1 goto error 163 | goto end 164 | 165 | :error 166 | set ERROR_CODE=1 167 | 168 | :end 169 | @endlocal & set ERROR_CODE=%ERROR_CODE% 170 | 171 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 172 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 173 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 174 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 175 | :skipRcPost 176 | 177 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 178 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 179 | 180 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 181 | 182 | exit /B %ERROR_CODE% 183 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4.0.0 4 | 5 | jp.openstandia.keycloak.grpc 6 | keycloak-grpc-parent 7 | 0.4.1-SNAPSHOT 8 | pom 9 | 10 | Keycloak gRPC extension 11 | 12 | 13 | 14 | 15 | Apache License, Version 2.0 16 | https://www.apache.org/licenses/LICENSE-2.0 17 | repo 18 | 19 | 20 | 21 | 22 | 9.0.2 23 | 1.25.0 24 | 3.10.0 25 | 26 | github 27 | 28 | 29 | 30 | client-spi 31 | server 32 | service-spi 33 | admin 34 | 35 | 36 | 37 | 38 | 39 | org.keycloak 40 | keycloak-core 41 | ${version.keycloak} 42 | provided 43 | 44 | 45 | org.keycloak 46 | keycloak-server-spi 47 | ${version.keycloak} 48 | provided 49 | 50 | 51 | org.keycloak 52 | keycloak-server-spi-private 53 | ${version.keycloak} 54 | provided 55 | 56 | 57 | org.keycloak 58 | keycloak-services 59 | ${version.keycloak} 60 | provided 61 | 62 | 63 | com.google.guava 64 | guava 65 | 66 | 67 | 68 | 69 | io.grpc 70 | grpc-netty-shaded 71 | ${version.grpc-java} 72 | 73 | 74 | io.grpc 75 | grpc-protobuf 76 | ${version.grpc-java} 77 | 78 | 79 | io.grpc 80 | grpc-stub 81 | ${version.grpc-java} 82 | 83 | 84 | 85 | jp.openstandia.keycloak.grpc 86 | keycloak-grpc-service-spi 87 | ${project.version} 88 | 89 | 90 | jp.openstandia.keycloak.grpc 91 | keycloak-grpc-client-spi 92 | ${project.version} 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | kr.motd.maven 101 | os-maven-plugin 102 | 1.6.2 103 | 104 | 105 | 106 | 107 | 108 | org.apache.maven.plugins 109 | maven-compiler-plugin 110 | 2.3.2 111 | 112 | 1.8 113 | 1.8 114 | 115 | 116 | 117 | maven-war-plugin 118 | 3.2.3 119 | 120 | true 121 | 122 | 123 | 124 | org.xolstice.maven.plugins 125 | protobuf-maven-plugin 126 | 0.6.1 127 | 128 | com.google.protobuf:protoc:${version.protoc}:exe:${os.detected.classifier} 129 | grpc-java 130 | io.grpc:protoc-gen-grpc-java:${version.grpc-java}:exe:${os.detected.classifier} 131 | true 132 | 133 | 134 | 135 | 136 | compile 137 | compile-custom 138 | 139 | 140 | 141 | 142 | 143 | maven-deploy-plugin 144 | 2.8.2 145 | 146 | internal.repo::default::file://${project.build.directory}/mvn-repo 147 | 148 | 149 | 150 | com.github.github 151 | site-maven-plugin 152 | 0.12 153 | 154 | Maven artifacts for ${project.version} 155 | true 156 | true 157 | ${project.build.directory}/mvn-repo 158 | refs/heads/mvn-repo 159 | **/* 160 | keycloak-grpc 161 | openstandia 162 | 163 | 164 | 165 | 166 | site 167 | 168 | deploy 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | com.github.github 178 | site-maven-plugin 179 | 180 | 181 | 182 | 183 | 184 | 185 | internal.repo 186 | Temporary Staging Repository 187 | file://${project.build.directory}/mvn-repo 188 | 189 | 190 | 191 | 192 | -------------------------------------------------------------------------------- /.idea/uiDesigner.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /server/keycloak-grpc-server.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /service-spi/keycloak-grpc-service-spi.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Mingw, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | fi 118 | 119 | if [ -z "$JAVA_HOME" ]; then 120 | javaExecutable="`which javac`" 121 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 122 | # readlink(1) is not available as standard on Solaris 10. 123 | readLink=`which readlink` 124 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 125 | if $darwin ; then 126 | javaHome="`dirname \"$javaExecutable\"`" 127 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 128 | else 129 | javaExecutable="`readlink -f \"$javaExecutable\"`" 130 | fi 131 | javaHome="`dirname \"$javaExecutable\"`" 132 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 133 | JAVA_HOME="$javaHome" 134 | export JAVA_HOME 135 | fi 136 | fi 137 | fi 138 | 139 | if [ -z "$JAVACMD" ] ; then 140 | if [ -n "$JAVA_HOME" ] ; then 141 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 142 | # IBM's JDK on AIX uses strange locations for the executables 143 | JAVACMD="$JAVA_HOME/jre/sh/java" 144 | else 145 | JAVACMD="$JAVA_HOME/bin/java" 146 | fi 147 | else 148 | JAVACMD="`which java`" 149 | fi 150 | fi 151 | 152 | if [ ! -x "$JAVACMD" ] ; then 153 | echo "Error: JAVA_HOME is not defined correctly." >&2 154 | echo " We cannot execute $JAVACMD" >&2 155 | exit 1 156 | fi 157 | 158 | if [ -z "$JAVA_HOME" ] ; then 159 | echo "Warning: JAVA_HOME environment variable is not set." 160 | fi 161 | 162 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 163 | 164 | # traverses directory structure from process work directory to filesystem root 165 | # first directory with .mvn subdirectory is considered project base directory 166 | find_maven_basedir() { 167 | 168 | if [ -z "$1" ] 169 | then 170 | echo "Path not specified to find_maven_basedir" 171 | return 1 172 | fi 173 | 174 | basedir="$1" 175 | wdir="$1" 176 | while [ "$wdir" != '/' ] ; do 177 | if [ -d "$wdir"/.mvn ] ; then 178 | basedir=$wdir 179 | break 180 | fi 181 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 182 | if [ -d "${wdir}" ]; then 183 | wdir=`cd "$wdir/.."; pwd` 184 | fi 185 | # end of workaround 186 | done 187 | echo "${basedir}" 188 | } 189 | 190 | # concatenates all lines of a file 191 | concat_lines() { 192 | if [ -f "$1" ]; then 193 | echo "$(tr -s '\n' ' ' < "$1")" 194 | fi 195 | } 196 | 197 | BASE_DIR=`find_maven_basedir "$(pwd)"` 198 | if [ -z "$BASE_DIR" ]; then 199 | exit 1; 200 | fi 201 | 202 | ########################################################################################## 203 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 204 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 205 | ########################################################################################## 206 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 207 | if [ "$MVNW_VERBOSE" = true ]; then 208 | echo "Found .mvn/wrapper/maven-wrapper.jar" 209 | fi 210 | else 211 | if [ "$MVNW_VERBOSE" = true ]; then 212 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 213 | fi 214 | if [ -n "$MVNW_REPOURL" ]; then 215 | jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar" 216 | else 217 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar" 218 | fi 219 | while IFS="=" read key value; do 220 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 221 | esac 222 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 223 | if [ "$MVNW_VERBOSE" = true ]; then 224 | echo "Downloading from: $jarUrl" 225 | fi 226 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 227 | if $cygwin; then 228 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` 229 | fi 230 | 231 | if command -v wget > /dev/null; then 232 | if [ "$MVNW_VERBOSE" = true ]; then 233 | echo "Found wget ... using wget" 234 | fi 235 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 236 | wget "$jarUrl" -O "$wrapperJarPath" 237 | else 238 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" 239 | fi 240 | elif command -v curl > /dev/null; then 241 | if [ "$MVNW_VERBOSE" = true ]; then 242 | echo "Found curl ... using curl" 243 | fi 244 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 245 | curl -o "$wrapperJarPath" "$jarUrl" -f 246 | else 247 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f 248 | fi 249 | 250 | else 251 | if [ "$MVNW_VERBOSE" = true ]; then 252 | echo "Falling back to using Java to download" 253 | fi 254 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 255 | # For Cygwin, switch paths to Windows format before running javac 256 | if $cygwin; then 257 | javaClass=`cygpath --path --windows "$javaClass"` 258 | fi 259 | if [ -e "$javaClass" ]; then 260 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 261 | if [ "$MVNW_VERBOSE" = true ]; then 262 | echo " - Compiling MavenWrapperDownloader.java ..." 263 | fi 264 | # Compiling the Java class 265 | ("$JAVA_HOME/bin/javac" "$javaClass") 266 | fi 267 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 268 | # Running the downloader 269 | if [ "$MVNW_VERBOSE" = true ]; then 270 | echo " - Running MavenWrapperDownloader.java ..." 271 | fi 272 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 273 | fi 274 | fi 275 | fi 276 | fi 277 | ########################################################################################## 278 | # End of extension 279 | ########################################################################################## 280 | 281 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 282 | if [ "$MVNW_VERBOSE" = true ]; then 283 | echo $MAVEN_PROJECTBASEDIR 284 | fi 285 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 286 | 287 | # For Cygwin, switch paths to Windows format before running java 288 | if $cygwin; then 289 | [ -n "$M2_HOME" ] && 290 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 291 | [ -n "$JAVA_HOME" ] && 292 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 293 | [ -n "$CLASSPATH" ] && 294 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 295 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 296 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 297 | fi 298 | 299 | # Provide a "standardized" way to retrieve the CLI args that will 300 | # work with both Windows and non-Windows executions. 301 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 302 | export MAVEN_CMD_LINE_ARGS 303 | 304 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 305 | 306 | exec "$JAVACMD" \ 307 | $MAVEN_OPTS \ 308 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 309 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 310 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 311 | -------------------------------------------------------------------------------- /admin/keycloak-grpc-admin-services.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------