@Override protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { final RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext(); final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); final OidcKeycloakAccount account = new SimpleKeycloakAccount(principal, roles, securityContext); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); this.tokenStore.saveAccountInfo(account); }
/** * Checks that access token is still valid. Will attempt refresh of token if it is not. * * @param request */ protected void checkKeycloakSession(Request request, HttpFacade facade) { KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.checkCurrentToken(); }
public void logoutCurrent(Request request) { AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) request.getAttribute(AdapterDeploymentContext.class.getName()); KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { JettyHttpFacade facade = new OIDCJettyHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } }
tokenStore.refreshCallback(this);
if (tokenStore.isCached(this)) { if (verifySSL()) return AuthOutcome.FAILED; log.debug("AUTHENTICATED: was cached");
@Override protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> skp) { final RefreshableKeycloakSecurityContext securityContext = skp.getKeycloakSecurityContext(); final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); OidcKeycloakAccount account = new OidcKeycloakAccount() { @Override public Principal getPrincipal() { return skp; } @Override public Set<String> getRoles() { return roles; } @Override public KeycloakSecurityContext getKeycloakSecurityContext() { return securityContext; } }; request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); this.tokenStore.saveAccountInfo(account); }
/** * Checks that access token is still valid. Will attempt refresh of token if it is not. * * @param request */ protected void checkKeycloakSession(Request request, HttpFacade facade) { KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.checkCurrentToken(); }
public void logoutCurrent(Request request) { AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) request.getAttribute(AdapterDeploymentContext.class.getName()); KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { JettyHttpFacade facade = new OIDCJettyHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } }
@Override protected void completeOAuthAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { KeycloakUndertowAccount account = createAccount(principal); securityContext.authenticationComplete(account, "KEYCLOAK", false); propagateKeycloakContext(account); tokenStore.saveAccountInfo(account); }
nodesRegistrationManagement.tryRegister(deployment); tokenStore.checkCurrentToken(); JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore); AuthOutcome outcome = authenticator.authenticate();
protected void logoutInternal(Request request) { KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } request.setUserPrincipal(null); }
@Override protected void completeOAuthAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { KeycloakUndertowAccount account = createAccount(principal); securityContext.authenticationComplete(account, "KEYCLOAK", false); propagateKeycloakContext(account); tokenStore.saveAccountInfo(account); }
protected void logoutInternal(Request request) { KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } request.setUserPrincipal(null); }
@Override protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> skp) { principal = skp; final RefreshableKeycloakSecurityContext securityContext = skp.getKeycloakSecurityContext(); final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); OidcKeycloakAccount account = new OidcKeycloakAccount() { @Override public Principal getPrincipal() { return skp; } @Override public Set<String> getRoles() { return roles; } @Override public KeycloakSecurityContext getKeycloakSecurityContext() { return securityContext; } }; request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); this.tokenStore.saveAccountInfo(account); }
nodesRegistrationManagement.tryRegister(deployment); tokenStore.checkCurrentToken(); JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore); AuthOutcome outcome = authenticator.authenticate();
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; HttpServerExchange exchange = notification.getExchange(); UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } };
@Override protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> skp) { final RefreshableKeycloakSecurityContext securityContext = skp.getKeycloakSecurityContext(); final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); OidcKeycloakAccount account = new OidcKeycloakAccount() { @Override public Principal getPrincipal() { return skp; } @Override public Set<String> getRoles() { return roles; } @Override public KeycloakSecurityContext getKeycloakSecurityContext() { return securityContext; } }; request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); this.tokenStore.saveAccountInfo(account); }
public void validateRequest(final ContainerRequestContext requestContext) { if (requestContext.getSecurityContext().getUserPrincipal() != null) { // the user is already authenticated, further processing is not necessary return; } Request request = Request.getBaseRequest((ServletRequest) requestContext.getProperty(HttpServletRequest.class.getName())); JaxrsHttpFacade facade = new JaxrsHttpFacade(requestContext, requestContext.getSecurityContext()); request.setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { return; } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.checkCurrentToken(); JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore); AuthOutcome outcome = authenticator.authenticate(); if (outcome == AuthOutcome.AUTHENTICATED) { return; } AuthChallenge challenge = authenticator.getChallenge(); if (challenge != null) { challenge.challenge(facade); if (!adapterConfig.isBearerOnly()) { // create session and set cookie for client facade.getResponse().setCookie("JSESSIONID", request.getSession().getId(), "/", null, -1, false, false); } facade.getResponse().end(); } }
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; HttpServerExchange exchange = notification.getExchange(); UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } };