protected RealmModel getRealm() { return session.getContext().getRealm(); }
@GET @Path("{clientId}") @Produces(MediaType.APPLICATION_JSON) public Response getOIDC(@PathParam("clientId") String clientId) { ClientRepresentation client = get(clientId); OIDCClientRepresentation clientOIDC = DescriptionConverterExt.toExternalResponse(session, client, session.getContext().getUri().getRequestUri()); return Response.ok(clientOIDC).build(); }
private void setupEvents() { adminEvent = new AdminEventBuilder(session.getContext().getRealm(), auth, session, session.getContext().getConnection()) .realm(session.getContext().getRealm()); }
private void checkClient(String service) { if (service == null) { return; } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client != null) { redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); session.getContext().setClient(client); } } }
@PUT @Path("{clientId}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public Response updateOIDC(@PathParam("clientId") String clientId, OIDCClientRepresentationExtended clientOIDC) { try { ClientRepresentation client = DescriptionConverterExt.toInternal(session, clientOIDC); OIDCClientRegistrationContext oidcContext = new OIDCClientRegistrationContext(session, client, this, clientOIDC); client = update(clientId, oidcContext); ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId()); updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri()); updateClientRepWithProtocolMappers(clientModel, client); URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build(); OIDCClientRepresentationExtended clientOIDCResponse = DescriptionConverterExt.toExternalResponse(session, client, uri); return Response.ok(clientOIDCResponse).build(); } catch (ClientRegistrationException cre) { ServicesLogger.LOGGER.clientRegistrationException(cre.getMessage()); throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST); } }
throw new NotAuthorizedException("Unknown realm in token"); session.getContext().setRealm(realm); AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, session.getContext().getUri(), clientConnection, headers); if (authResult == null) { throw new NotAuthorizedException("Bearer");
private void send(String subjectKey, List<Object> subjectAttributes, String template, Map<String, Object> attributes) throws EmailException { try { ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending"); Theme theme = themeProvider.getTheme(realm.getEmailTheme(), Theme.Type.EMAIL); Locale locale = session.getContext().resolveLocale(user); attributes.put("locale", locale); Properties rb = theme.getMessages(locale); attributes.put("msg", new MessageFormatterMethod(locale, rb)); String subject = new MessageFormat(rb.getProperty(subjectKey,subjectKey),locale).format(subjectAttributes.toArray()); String textTemplate = String.format("text/%s", template); String textBody; try { textBody = freeMarker.processTemplate(attributes, textTemplate, theme); } catch (final FreeMarkerException e ) { textBody = null; } String htmlTemplate = String.format("html/%s", template); String htmlBody; try { htmlBody = freeMarker.processTemplate(attributes, htmlTemplate, theme); } catch (final FreeMarkerException e ) { htmlBody = null; } send(subject, textBody, htmlBody); } catch (Exception e) { throw new EmailException("Failed to template email", e); } }
RealmImporter realmManager = session.getContext().getRealmManager(); realm = realmManager.importRealm(rep);
client = create(oidcContext); ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId()); updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri()); updateClientRepWithProtocolMappers(clientModel, client); URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build(); OIDCClientRepresentationExtended clientOIDCResponse = DescriptionConverterExt.toExternalResponse(session, client, uri); clientOIDCResponse.setClientIdIssuedAt(Time.currentTime());
protected void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "Missing parameter: " + CASLoginProtocol.SERVICE_PARAM, Response.Status.BAD_REQUEST); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client not found", Response.Status.BAD_REQUEST); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client disabled", Response.Status.BAD_REQUEST); } event.client(client.getClientId()); session.getContext().setClient(client); }
Locale locale = session.getContext().resolveLocale(user); Properties messagesBundle; try {
private static List<String> userRoles(String userName, KeycloakSession keycloakSession) { List<String> userRoles = new ArrayList<>(); for (RoleModel roleMapping : keycloakSession.users() .getUserByUsername(userName, keycloakSession.getContext().getRealm()) .getRoleMappings()) userRoles.add(roleMapping.getName()); return userRoles; }
@POST @Path("") @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response createCompany(CompanyRepresentation rep) { session.getProvider(ExampleService.class).addCompany(rep); return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(rep.getId()).build()).build(); }
private void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED); } redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); event.client(client.getClientId()); event.detail(Details.REDIRECT_URI, redirectUri); session.getContext().setClient(client); }
public ExampleRestResource(KeycloakSession session) { this.session = session; this.auth = new AppAuthManager().authenticateBearerToken(session, session.getContext().getRealm()); }
protected void checkSsl() { if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "HTTPS required", Response.Status.FORBIDDEN); } }
public BeerManager(KeycloakSession session) { this.session = session; this.em = session.getProvider(JpaConnectionProvider.class).getEntityManager(); realm = session.getContext().getRealm(); }
private Response prepare(Response.Status status, CASServiceResponse serviceResponse) { MediaType responseMediaType = new ContentTypeHelper(request, restRequest, session.getContext().getUri()).selectResponseType(); return ServiceResponseHelper.createResponse(status, responseMediaType, serviceResponse); } }
private static List<String> userRoles(String userName, KeycloakSession keycloakSession) { List<String> userRoles = new ArrayList<>(); for (RoleModel roleMapping : keycloakSession.users() .getUserByUsername(userName, keycloakSession.getContext().getRealm()) .getRoleMappings()) userRoles.add(roleMapping.getName()); return userRoles; }
@GET @NoCache public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) { checkClient(service); AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false); if (authResult != null) { UserSessionModel userSession = authResult.getSession(); userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL); if (redirectUri != null) userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri); logger.debug("Initiating CAS browser logout"); Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers, null); logger.debug("finishing CAS browser logout"); return response; } return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT); }