initializer demo to set fixed issuer

initializer/pom.xml

@@ -42,11 +42,56 @@
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>net.bytebuddy</groupId>
+			<artifactId>byte-buddy</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>net.bytebuddy</groupId>
+			<artifactId>byte-buddy-agent</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.cronutils</groupId>
 			<artifactId>cron-utils</artifactId>
 			<version>9.2.1</version>
 		</dependency>
+
+		<dependency>
+			<groupId>dasniko.keycloak</groupId>
+			<artifactId>keycloak-utils</artifactId>
+			<version>${project.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter-params</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>junit-jupiter</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.github.dasniko</groupId>
+			<artifactId>testcontainers-keycloak</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>io.rest-assured</groupId>
+			<artifactId>rest-assured</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-log4j12</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.jboss.shrinkwrap.resolver</groupId>
+			<artifactId>shrinkwrap-resolver-impl-maven-archive</artifactId>
+			<version>3.3.0</version>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<build>

initializer/src/main/java/dasniko/keycloak/initializer/issuer/IssuerInitializerProvider.java

@@ -0,0 +1,78 @@
+package dasniko.keycloak.initializer.issuer;
+
+import com.google.auto.service.AutoService;
+import dasniko.keycloak.initializer.InitializerProviderFactory;
+import lombok.extern.slf4j.Slf4j;
+import net.bytebuddy.ByteBuddy;
+import net.bytebuddy.agent.ByteBuddyAgent;
+import net.bytebuddy.dynamic.loading.ClassReloadingStrategy;
+import net.bytebuddy.implementation.MethodDelegation;
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.provider.ProviderConfigurationBuilder;
+import org.keycloak.services.Urls;
+import org.keycloak.services.validation.Validation;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.List;
+
+import static net.bytebuddy.matcher.ElementMatchers.isDeclaredBy;
+import static net.bytebuddy.matcher.ElementMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+
+@Slf4j
+@AutoService(InitializerProviderFactory.class)
+public class IssuerInitializerProvider implements InitializerProviderFactory {
+
+	public static final String PROVIDER_ID = "issuer";
+
+	private static final String CONFIG_ATTR_BASE_URI = "base-uri";
+
+	private static String issuerBaseUri;
+
+	@Override
+	public String getId() {
+		return PROVIDER_ID;
+	}
+
+	@Override
+	public void init(Config.Scope config) {
+		issuerBaseUri = config.get(CONFIG_ATTR_BASE_URI);
+		if (!Validation.isBlank(issuerBaseUri)) {
+			log.info("Issuer BaseURI fixed value: {}", issuerBaseUri);
+		}
+	}
+
+	@Override
+	public void postInit(KeycloakSessionFactory factory) {
+		ByteBuddyAgent.install();
+		new ByteBuddy()
+			.redefine(Urls.class)
+			.method(named("realmIssuer").and(isDeclaredBy(Urls.class).and(returns(String.class))))
+			.intercept(MethodDelegation.to(this.getClass()))
+			.make()
+			.load(Urls.class.getClassLoader(), ClassReloadingStrategy.fromInstalledAgent());
+	}
+
+	@SuppressWarnings("unused")
+	public static String realmIssuer(URI baseUri, String realmName) {
+		try {
+			baseUri = new URI(issuerBaseUri);
+		} catch (URISyntaxException | NullPointerException ignored) {
+		}
+		return Urls.realmBase(baseUri).path("{realm}").build(realmName).toString();
+	}
+
+	@Override
+	public List<ProviderConfigProperty> getConfigMetadata() {
+		return ProviderConfigurationBuilder.create()
+			.property()
+			.name(CONFIG_ATTR_BASE_URI)
+			.type(ProviderConfigProperty.STRING_TYPE)
+			.helpText("The baseUri to use for the issuer of this server. Keep empty, if the regular hostname settings should be used.")
+			.add()
+			.build();
+	}
+}

initializer/src/test/java/dasniko/keycloak/initializer/InitiailizerTest.java

@@ -0,0 +1,47 @@
+package dasniko.keycloak.initializer;
+
+import dasniko.testcontainers.keycloak.KeycloakContainer;
+import de.keycloak.test.TestBase;
+import org.jboss.shrinkwrap.resolver.api.maven.Maven;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import java.io.File;
+import java.util.List;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.startsWith;
+
+@Testcontainers
+public class InitiailizerTest extends TestBase {
+
+	public static final String ISSUER = "https://auth.keycloak.de";
+
+	private static final List<File> dependencies = Maven.resolver()
+			.loadPomFromFile("./pom.xml")
+			.resolve("net.bytebuddy:byte-buddy-agent")
+			.withoutTransitivity().asList(File.class);
+
+	@ParameterizedTest
+	@ValueSource(strings = { ISSUER, "" })
+	public void testIssuer(String issuerValue) {
+		final KeycloakContainer keycloak = new KeycloakContainer()
+			.withProviderClassesFrom("target/classes")
+			.withProviderLibsFrom(dependencies)
+			.withEnv("KC_SPI_INITIALIZER_ISSUER_BASE_URI", issuerValue)
+//			.withDebugFixedPort(8787, true)
+			;
+		keycloak.start();
+
+		String issuer = getOpenIDConfiguration(keycloak, "master").extract().path("issuer");
+		if (issuerValue.isEmpty()) {
+			assertThat(issuer, startsWith(keycloak.getAuthServerUrl()));
+		} else {
+			assertThat(issuer, startsWith(issuerValue));
+		}
+
+		keycloak.stop();
+	}
+
+}

pom.xml

@@ -32,6 +32,7 @@
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<aws.version>2.17.209</aws.version>
+		<bytebuddy.version>1.14.7</bytebuddy.version>
 		<keycloak.version>23.0.0</keycloak.version>
 		<maven.compiler.version>3.11.0</maven.compiler.version>
 		<maven.compiler.release>17</maven.compiler.release>
@@ -77,6 +78,17 @@
 					</exclusion>
 				</exclusions>
 			</dependency>
+			<dependency>
+				<groupId>net.bytebuddy</groupId>
+				<artifactId>byte-buddy</artifactId>
+				<version>${bytebuddy.version}</version>
+				<scope>provided</scope>
+			</dependency>
+			<dependency>
+				<groupId>net.bytebuddy</groupId>
+				<artifactId>byte-buddy-agent</artifactId>
+				<version>${bytebuddy.version}</version>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>