Merge branch 'feature/dev_oauth2_client' into 2.8

Author: atsushi0804

docker/dev/common/oauth2/keycloak/Dockerfile

@@ -6,3 +6,6 @@ RUN microdnf update -y && microdnf install -y jq && microdnf clean all
 
 ADD oauth2/keycloak/setup.sh /setup.sh
 ADD functions.sh /functions.sh
+
+ENTRYPOINT []
+CMD ["/sbin/init"]

docker/dev/common/oauth2/keycloak/setup.sh

@@ -63,6 +63,8 @@ KCADM=${BINDIR}/kcadm.sh
 REALM=${KEYCLOAK_REALM}
 ADMIN_REALM=${KEYCLOAK_ADMIN_REALM}
 
+/opt/jboss/tools/docker-entrypoint.sh -b 0.0.0.0 &
+
 wait_for_keycloak_to_become_ready ${MY_KEYCLOAK_SERVER}
 
 ### login

docker/dev/common/oauth2/keycloak/standalone-ha.xml

@@ -34,6 +34,8 @@ CREATE TABLE IF NOT EXISTS `issues` (
   `date` timestamp NULL,
   `ip_addr` varchar(256) DEFAULT NULL,
   `hostname` varchar(256) DEFAULT NULL,
+  `type` int DEFAULT '0',
   PRIMARY KEY (`id`),
   KEY `id` (`id`)
 );
+

docker/dev/common/oauth2/mariadb/initdb.d/001-create-tables.sql

@@ -1,12 +1,12 @@
-FROM maven:3.6.3-jdk-11-slim as BUILD
+FROM jelastic/maven:3.9.5-openjdk-21 as BUILD
 WORKDIR /build
 COPY jwt-server/pom.xml /build
 COPY jwt-server/src /build/src
 COPY docker/dev/common/oauth2/tomcat/application.properties /build/src/main/resources
 ARG MAVEN_OPTS
 RUN mvn package
 
-FROM tomcat:9.0.71-jdk11
+FROM tomcat:10.1.30-jdk21
 ADD docker/dev/common/oauth2/tomcat/conf/server.xml /usr/local/tomcat/conf/server.xml
 COPY --from=0 /build/target/jwt-server.war /usr/local/tomcat/
 

docker/dev/common/oauth2/tomcat/Dockerfile

@@ -1,12 +1,12 @@
-server.port=9000
-
 # change keycloak settings
-keycloak.enabled=true
-keycloak.auth-server-url=https://jwt-keycloak:8443/auth
-keycloak.realm=hpci
-keycloak.resource=hpci-jwt-server
-keycloak.public-client=false
-keycloak.credentials.secret=${GFDOCKER_SASL_HPCI_SECET:K0WSOlQTizF7hJ7xOvGRDsD57ME0Vdxz}
+spring.security.oauth2.client.registration.keycloak.client-id=hpci-jwt-server
+spring.security.oauth2.client.registration.keycloak.client-secret=${GFDOCKER_SASL_HPCI_SECET:K0WSOlQTizF7hJ7xOvGRDsD57ME0Vdxz}
+spring.security.oauth2.client.registration.keycloak.provider=keycloak
+spring.security.oauth2.client.registration.keycloak.scope=openid
+spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+spring.security.oauth2.client.provider.keycloak.issuer-uri=https://jwt-keycloak:8443/auth/realms/hpci
+#spring.security.oauth2.client.provider.keycloak.issuer-uri=http://jwt-keycloak:8080/auth/realms/hpci
+
 user-claim=hpci.id
 
 jwt-server.passphrase=${GFDOCKER_SASL_PASSPHRASE:gdmyzb3n6bevxjikfo99y5piegtxmwi7}

docker/dev/common/oauth2/tomcat/application.properties

@@ -24,8 +24,10 @@
   <!-- Security listener. Documentation at /docs/config/listeners.html
   <Listener className="org.apache.catalina.security.SecurityListener" />
   -->
-  <!-- APR library loader. Documentation at /docs/apr.html -->
-  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- OpenSSL support using Tomcat Native -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" />
+  <!-- OpenSSL support using FFM API from Java 22 -->
+  <!-- <Listener className="org.apache.catalina.core.OpenSSLLifecycleListener" /> -->
   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
@@ -61,22 +63,27 @@
 
     <!-- A "Connector" represents an endpoint by which requests are received
          and responses are returned. Documentation at :
-         Java HTTP Connector: /docs/config/http.html
-         Java AJP  Connector: /docs/config/ajp.html
-         APR (HTTP/AJP) Connector: /docs/apr.html
+         HTTP Connector: /docs/config/http.html
+         AJP  Connector: /docs/config/ajp.html
          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
     -->
+
     <Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
+
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
                port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
     -->
-    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
          This connector uses the NIO implementation. The default
          SSLImplementation will depend on the presence of the APR/native
          library and the useOpenSSL attribute of the AprLifecycleListener.
@@ -85,39 +92,25 @@
     -->
     <!--
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" SSLEnabled="true">
-        <SSLHostConfig>
-            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
-                         type="RSA" />
-        </SSLHostConfig>
-    </Connector>
-    -->
-    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
-         This connector uses the APR/native implementation which always uses
-         OpenSSL for TLS.
-         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
-         configuration is used below.
-    -->
-    <!--
-    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-               maxThreads="150" SSLEnabled="true" >
+               maxThreads="150" SSLEnabled="true"
+               maxParameterCount="1000"
+               >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
-            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
-                         certificateFile="conf/localhost-rsa-cert.pem"
-                         certificateChainFile="conf/localhost-rsa-chain.pem"
-                         type="RSA" />
+            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+                         certificateKeystorePassword="changeit" type="RSA" />
         </SSLHostConfig>
     </Connector>
     -->
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
-
     <Connector protocol="AJP/1.3"
                address="0.0.0.0"
                port="8009"
-	       secretRequired="false"
-               redirectPort="8443" />
+               enableLookups="true"
+               redirectPort="8443"
+               secretRequired="false"
+               />
 
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone