protected void propagateKeycloakContext(KeycloakUndertowAccount account) { exchange.putAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY, account.getKeycloakSecurityContext()); }
@Override protected KeycloakUndertowAccount createAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { return new KeycloakUndertowAccount(principal); } }
public KeycloakUndertowAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { this.principal = principal; setRoles(principal.getKeycloakSecurityContext()); }
if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; account.setCurrentRequestInfo(deployment, this); if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false);
@Override public boolean isCached(RequestAuthenticator authenticator) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid, returning null"); return false; } KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, removing cookie and returning false"); CookieTokenStore.removeCookie(deployment, facade); return false; } }
public boolean checkActive() { // this object may have been serialized, so we need to reset realm config/metadata RefreshableKeycloakSecurityContext session = getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) { log.debug("session is active"); return true; } log.debug("session is not active or refresh is enforced. Try refresh"); boolean success = session.refreshExpiredToken(false); if (!success || !session.isActive()) { log.debug("session is not active return with failure"); return false; } log.debug("refresh succeeded"); setRoles(session); return true; }
if (authenticatedAccount instanceof KeycloakUndertowAccount) { final KeycloakUndertowAccount kua = (KeycloakUndertowAccount) authenticatedAccount; httpExchange.putAttachment(KEYCLOAK_PRINCIPAL_KEY, (KeycloakPrincipal) kua.getPrincipal());
} else { for (String role : match.getRequiredRoles()) { if (account.getRoles().contains(role)) { authenticatedRequest(account, exchange); return;
if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; account.setCurrentRequestInfo(deployment, this); if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false);
@Override public boolean isCached(RequestAuthenticator authenticator) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid, returning null"); return false; } KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, removing cookie and returning false"); CookieTokenStore.removeCookie(deployment, facade); return false; } }
public boolean checkActive() { // this object may have been serialized, so we need to reset realm config/metadata RefreshableKeycloakSecurityContext session = getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) { log.debug("session is active"); return true; } log.debug("session is not active or refresh is enforced. Try refresh"); boolean success = session.refreshExpiredToken(false); if (!success || !session.isActive()) { log.debug("session is not active return with failure"); return false; } log.debug("refresh succeeded"); setRoles(session); return true; }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = Sessions.getSession(exchange); if (session == null) { log.debug("session was null, returning null"); return false; } KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); if (account == null) { log.debug("Account was not in session, returning null"); return false; } if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } account.setCurrentRequestInfo(deployment, this); if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, returning false"); session.removeAttribute(KeycloakUndertowAccount.class.getName()); session.removeAttribute(KeycloakSecurityContext.class.getName()); session.invalidate(exchange); return false; } }
protected void propagateKeycloakContext(KeycloakUndertowAccount account) { exchange.putAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY, account.getKeycloakSecurityContext()); }
@Override protected KeycloakUndertowAccount createAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { return new KeycloakUndertowAccount(principal); } }
public KeycloakUndertowAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { this.principal = principal; setRoles(principal.getKeycloakSecurityContext()); }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = Sessions.getSession(exchange); if (session == null) { log.debug("session was null, returning null"); return false; } KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); if (account == null) { log.debug("Account was not in session, returning null"); return false; } if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } account.setCurrentRequestInfo(deployment, this); if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, returning false"); session.removeAttribute(KeycloakUndertowAccount.class.getName()); session.removeAttribute(KeycloakSecurityContext.class.getName()); session.invalidate(exchange); return false; } }
@Override protected void propagateKeycloakContext(KeycloakUndertowAccount account) { super.propagateKeycloakContext(account); final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); req.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); }
@Override protected KeycloakUndertowAccount createAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { return new KeycloakUndertowAccount(principal); }
@Override protected void propagateKeycloakContext(KeycloakUndertowAccount account) { super.propagateKeycloakContext(account); final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest(); req.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); }
@Override protected KeycloakUndertowAccount createAccount(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) { return new KeycloakUndertowAccount(principal); }