diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java index b4908aceda610..86b6f48d5b80b 100644 --- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java +++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java @@ -17,8 +17,8 @@ import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.oidc.runtime.OidcConfig; -import io.quarkus.oidc.runtime.OidcTenantConfig; import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.runtime.QuarkusSecurityIdentity; import io.quarkus.vertx.http.runtime.HttpConfiguration; diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java index 5abaa65481d4a..13481c193a622 100644 --- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java +++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java @@ -2,8 +2,8 @@ import io.quarkus.arc.runtime.BeanContainer; import io.quarkus.oidc.OIDCException; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.oidc.runtime.OidcConfig; -import io.quarkus.oidc.runtime.OidcTenantConfig; import io.quarkus.runtime.annotations.Recorder; import io.quarkus.vertx.http.runtime.HttpConfiguration; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java similarity index 93% rename from extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcTenantConfig.java rename to extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java index 1fd24d8d4dff8..d94ac01fb431f 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcTenantConfig.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java @@ -1,4 +1,4 @@ -package io.quarkus.oidc.runtime; +package io.quarkus.oidc; import java.time.Duration; import java.util.Arrays; @@ -17,7 +17,7 @@ public class OidcTenantConfig { * resolve the tenant configuration dynamically and is optional in all other cases. */ @ConfigItem - Optional tenantId = Optional.empty(); + public Optional tenantId = Optional.empty(); /** * If this tenant configuration is enabled. @@ -45,57 +45,67 @@ public class OidcTenantConfig { * 'https://host:port/auth/realms/{realm}' where '{realm}' has to be replaced by the name of the Keycloak realm. */ @ConfigItem - Optional authServerUrl = Optional.empty(); + public Optional authServerUrl = Optional.empty(); + /** * Relative path of the RFC7662 introspection service. */ + @ConfigItem - Optional introspectionPath = Optional.empty(); + public Optional introspectionPath = Optional.empty(); + /** * Relative path of the OIDC service returning a JWK set. */ @ConfigItem - Optional jwksPath = Optional.empty(); + public Optional jwksPath = Optional.empty(); + /** * Public key for the local JWT token verification. */ @ConfigItem - Optional publicKey = Optional.empty(); + public Optional publicKey = Optional.empty(); + /** * The client-id of the application. Each application has a client-id that is used to identify the application */ @ConfigItem - Optional clientId = Optional.empty(); + public Optional clientId = Optional.empty(); + /** * Configuration to find and parse a custom claim containing the roles information. */ @ConfigItem - Roles roles = new Roles(); + public Roles roles = new Roles(); + /** * Configuration how to validate the token claims. */ @ConfigItem - Token token = new Token(); + public Token token = new Token(); + /** * Credentials which the OIDC adapter will use to authenticate to the OIDC server. */ @ConfigItem - Credentials credentials = new Credentials(); + public Credentials credentials = new Credentials(); + /** * Options to configure a proxy that OIDC adapter will use for talking with OIDC server. */ @ConfigItem - Proxy proxy = new Proxy(); + public Proxy proxy = new Proxy(); + /** * Different options to configure authorization requests */ - Authentication authentication = new Authentication(); + public Authentication authentication = new Authentication(); /** * TLS configurations */ @ConfigItem - Tls tls = new Tls(); + public Tls tls = new Tls(); @ConfigGroup public static class Tls { @@ -115,7 +125,7 @@ public enum Verification { * {@link Verification}. Default is required. */ @ConfigItem(defaultValue = "REQUIRED") - Verification verification; + public Verification verification; public Verification getVerification() { return verification; @@ -231,7 +241,7 @@ public static class Credentials { * Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive. */ @ConfigItem - Optional secret = Optional.empty(); + public Optional secret = Optional.empty(); /** * Client secret which can be used for the 'client_secret_basic' (default) and 'client_secret_post' @@ -240,13 +250,13 @@ public static class Credentials { * but both properties are mutually exclusive. */ @ConfigItem - Secret clientSecret = new Secret(); + public Secret clientSecret = new Secret(); /** * Client JWT authentication methods */ @ConfigItem - Jwt jwt = new Jwt(); + public Jwt jwt = new Jwt(); public Optional getSecret() { return secret; @@ -290,13 +300,13 @@ public static enum Method { * The client secret */ @ConfigItem - Optional value = Optional.empty(); + public Optional value = Optional.empty(); /** * Authentication method. */ @ConfigItem - Optional method = Optional.empty(); + public Optional method = Optional.empty(); public Optional getValue() { return value; @@ -330,13 +340,13 @@ public static class Jwt { * "urn:ietf:params:oauth:client-assertion-type:jwt-bearer". */ @ConfigItem - Optional secret = Optional.empty(); + public Optional secret = Optional.empty(); /** * JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time. */ @ConfigItem(defaultValue = "10") - int lifespan = 10; + public int lifespan = 10; public Optional getSecret() { return secret; @@ -377,14 +387,14 @@ public static Roles fromClaimPathAndSeparator(String path, String sep) { * This property can be used if a token has no 'groups' claim but has the groups set in a different claim. */ @ConfigItem - Optional roleClaimPath = Optional.empty(); + public Optional roleClaimPath = Optional.empty(); /** * Separator for splitting a string which may contain multiple group values. * It will only be used if the "role-claim-path" property points to a custom claim whose value is a string. * A single space will be used by default because the standard 'scope' claim may contain a space separated sequence. */ @ConfigItem - Optional roleClaimSeparator = Optional.empty(); + public Optional roleClaimSeparator = Optional.empty(); public Optional getRoleClaimPath() { return roleClaimPath; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/TenantConfigResolver.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/TenantConfigResolver.java index 214d59e7898a0..06d81b2106fcf 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/TenantConfigResolver.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/TenantConfigResolver.java @@ -1,6 +1,5 @@ package io.quarkus.oidc; -import io.quarkus.oidc.runtime.OidcTenantConfig; import io.vertx.ext.web.RoutingContext; /** diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java index fb626deff4252..5049667be722e 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java @@ -19,10 +19,11 @@ import io.netty.handler.codec.http.HttpResponseStatus; import io.quarkus.oidc.AccessTokenCredential; import io.quarkus.oidc.IdTokenCredential; +import io.quarkus.oidc.OidcTenantConfig; +import io.quarkus.oidc.OidcTenantConfig.Authentication; +import io.quarkus.oidc.OidcTenantConfig.Credentials; +import io.quarkus.oidc.OidcTenantConfig.Credentials.Secret; import io.quarkus.oidc.RefreshToken; -import io.quarkus.oidc.runtime.OidcTenantConfig.Authentication; -import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials; -import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials.Secret; import io.quarkus.security.identity.IdentityProviderManager; import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.runtime.QuarkusSecurityIdentity; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java index f70c4e23571b3..e4489ccb4cf36 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java @@ -10,6 +10,7 @@ import org.jboss.logging.Logger; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.oidc.TenantConfigResolver; import io.quarkus.oidc.TenantResolver; import io.vertx.ext.web.RoutingContext; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java index 4026f344325d9..1ce79a9ada905 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java @@ -7,6 +7,7 @@ import javax.inject.Inject; import io.quarkus.oidc.OIDCException; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.security.identity.IdentityProviderManager; import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.request.AuthenticationRequest; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfig.java index 79e22cc1171bd..828c6393804d3 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfig.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfig.java @@ -2,6 +2,7 @@ import java.util.Map; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.runtime.annotations.ConfigDocMapKey; import io.quarkus.runtime.annotations.ConfigDocSection; import io.quarkus.runtime.annotations.ConfigItem; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java index cdee228b43e5b..31d2df3b4ce3d 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java @@ -12,6 +12,7 @@ import org.jose4j.jwt.consumer.InvalidJwtException; import io.quarkus.oidc.OIDCException; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.security.AuthenticationFailedException; import io.quarkus.security.ForbiddenException; import io.quarkus.security.identity.AuthenticationRequestContext; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java index a1d0b69e2be44..e1513576c88b2 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java @@ -11,10 +11,11 @@ import org.jboss.logging.Logger; import io.quarkus.oidc.OIDCException; -import io.quarkus.oidc.runtime.OidcTenantConfig.ApplicationType; -import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials; -import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials.Secret; -import io.quarkus.oidc.runtime.OidcTenantConfig.Tls.Verification; +import io.quarkus.oidc.OidcTenantConfig; +import io.quarkus.oidc.OidcTenantConfig.ApplicationType; +import io.quarkus.oidc.OidcTenantConfig.Credentials; +import io.quarkus.oidc.OidcTenantConfig.Credentials.Secret; +import io.quarkus.oidc.OidcTenantConfig.Tls.Verification; import io.quarkus.runtime.annotations.Recorder; import io.quarkus.runtime.configuration.ConfigurationException; import io.vertx.core.AsyncResult; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java index b30ad12852eba..8343dffc73b83 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java @@ -10,6 +10,7 @@ import org.eclipse.microprofile.jwt.Claims; import io.quarkus.oidc.OIDCException; +import io.quarkus.oidc.OidcTenantConfig; import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigBean.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigBean.java index 2936241fd3823..aab5ca8e46009 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigBean.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigBean.java @@ -3,6 +3,8 @@ import java.util.Map; import java.util.function.Function; +import io.quarkus.oidc.OidcTenantConfig; + public class TenantConfigBean { private final Map staticTenantsConfig; diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java index dc329453e1816..488f3d6f4e131 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java @@ -1,5 +1,6 @@ package io.quarkus.oidc.runtime; +import io.quarkus.oidc.OidcTenantConfig; import io.vertx.ext.auth.oauth2.OAuth2Auth; class TenantConfigContext { diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcRecorderTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcRecorderTest.java index 308a7423ebdc9..7c7c2c3a79c03 100644 --- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcRecorderTest.java +++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcRecorderTest.java @@ -6,6 +6,8 @@ import org.junit.jupiter.api.Test; +import io.quarkus.oidc.OidcTenantConfig; + public class OidcRecorderTest { @Test diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java index 3c994fd460089..6822d09b953f8 100644 --- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java +++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java @@ -15,6 +15,7 @@ import org.junit.jupiter.api.Test; import io.quarkus.oidc.OIDCException; +import io.quarkus.oidc.OidcTenantConfig; import io.vertx.core.json.JsonObject; public class OidcUtilsTest { diff --git a/integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java b/integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java index 8790f849aad4b..19de759b304dc 100644 --- a/integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java +++ b/integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java @@ -2,8 +2,8 @@ import javax.enterprise.context.ApplicationScoped; +import io.quarkus.oidc.OidcTenantConfig; import io.quarkus.oidc.TenantConfigResolver; -import io.quarkus.oidc.runtime.OidcTenantConfig; import io.vertx.ext.web.RoutingContext; @ApplicationScoped