public void setAuthType(String type) { httpRequest.setAuthType(type); }
@Override protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) { RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext(); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); if (log.isLoggable(Level.FINE)) { log.fine("Completing bearer authentication. Bearer roles: " + roles); } Principal generalPrincipal = principalFactory.createPrincipal(request.getContext().getRealm(), principal, roles); request.setUserPrincipal(generalPrincipal); request.setAuthType(method); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
@Override protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) { RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext(); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); if (log.isLoggable(Level.FINE)) { log.fine("Completing bearer authentication. Bearer roles: " + roles); } Principal generalPrincipal = principalFactory.createPrincipal(request.getContext().getRealm(), principal, roles); request.setUserPrincipal(generalPrincipal); request.setAuthType(method); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.fine("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); return true; } else { return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.fine("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); return true; } else { return false; } }
private void handleMatch(Request request, Principal principal) { TomcatLoginHolder.setLogin(new TomcatLoginImpl(this, request)); // Copy over user principal and auth type values, just like in AuthenticatorBase.invoke() if (principal != null) return; Session session = getSession(request, false); if (session == null) return; principal = session.getPrincipal(); if (principal != null) { request.setAuthType(session.getAuthType()); request.setUserPrincipal(principal); } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = request.getSessionInternal(false); if (session == null) return false; SerializableKeycloakAccount account = (SerializableKeycloakAccount) session.getSession().getAttribute(SerializableKeycloakAccount.class.getName()); if (account == null) { return false; } log.fine("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = account.getKeycloakSecurityContext(); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); cleanSession(session); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); restoreRequest(); return true; }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = request.getSessionInternal(false); if (session == null) return false; SerializableKeycloakAccount account = (SerializableKeycloakAccount) session.getSession().getAttribute(SerializableKeycloakAccount.class.getName()); if (account == null) { return false; } log.fine("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = account.getKeycloakSecurityContext(); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); cleanSession(session); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); restoreRequest(); return true; }
private void handleMatch(Request request, Principal principal) { TomcatLoginHolder.setLogin(new TomcatLoginImpl(getContainer(), request)); // Copy over user principal and auth type values, just like in AuthenticatorBase.invoke() if (principal != null) return; Session session = getSession(request, false); if (session == null) return; principal = session.getPrincipal(); if (principal != null) { request.setAuthType(session.getAuthType()); request.setUserPrincipal(principal); } }
protected boolean checkLoggedIn(Request request, HttpServletResponse response) { if (request.getSessionInternal() == null || request.getSessionInternal().getPrincipal() == null) return false; LogMessages.LOGGER.debug(Messages.MESSAGES.remoteLoggedInAlready()); GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal(); request.setUserPrincipal(principal); request.setAuthType("OAUTH"); Session session = request.getSessionInternal(); if (session != null && !remoteSkeletonKeyConfig.isCancelPropagation()) { SkeletonKeySession skSession = (SkeletonKeySession) session.getNote(SkeletonKeySession.class.getName()); if (skSession != null) { request.setAttribute(SkeletonKeySession.class.getName(), skSession); ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession); } } return true; }
@Override public void saveAccount(SamlSession account) { Session session = request.getSessionInternal(true); session.getSession().setAttribute(SamlSession.class.getName(), account); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK-SAML"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK-SAML"); String newId = changeSessionId(session); idMapperUpdater.map(idMapper, account.getSessionIndex(), account.getPrincipal().getSamlSubject(), newId); }
request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal);
/** * Log the user out * @param request */ protected void unregister(Request request) { request.setAuthType(null); request.setUserPrincipal(null); // Cache the authentication principal in the session. Session session = request.getSessionInternal(false); if (session != null) { session.setAuthType(null); session.setPrincipal(null); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); } // Unregister the SSOID. SingleSignOn sso = this.getSingleSignOn(request); if (sso != null) { String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); sso.deregister(ssoId); } }
protected void logoutCurrentUser(Request request, HttpServletResponse response) throws IOException { if (request.getSessionInternal() == null || request.getSessionInternal().getPrincipal() == null) { redirectToWelcomePage(request, response); return; } GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal(); String username = principal.getName(); String admin = username; userSessionManagement.logout(username); request.setUserPrincipal(null); request.setAuthType(null); // logout user on all declared authenticated resources logoutResources(username, admin); redirectToWelcomePage(request, response); }
public Principal login(String username, String password, HttpServletRequest servletRequest) { Realm realm = container.getRealm(); if (realm == null) return null; Principal principal = realm.authenticate(username, password); if (principal == null) return null; if (servletRequestMatches(servletRequest)) { request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = getSession(request, true); // Cache the authentication information in our session. if (session != null) { session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username); else session.removeNote(Constants.SESS_USERNAME_NOTE); if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password); else session.removeNote(Constants.SESS_PASSWORD_NOTE); } } return principal; }
public Principal login(Object credentials, String charset) throws SecurityServiceException { String[] decoded = decodeBase64Credentials(credentials, charset); HttpGraniteContext context = (HttpGraniteContext)GraniteContext.getCurrentInstance(); HttpServletRequest httpRequest = context.getRequest(); Realm realm = getRealm(httpRequest); Principal principal = realm.authenticate(decoded[0], decoded[1]); if (principal == null) throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password"); Request request = getRequest(httpRequest); request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = request.getSessionInternal(true); session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]); session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]); endLogin(credentials, charset); return principal; }
public Principal login(String username, String password, HttpServletRequest servletRequest) { Realm realm = valve.getContainer().getRealm(); if (realm == null) return null; Principal principal = realm.authenticate(username, password); if (principal == null) return null; if (servletRequestMatches(servletRequest)) { request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = getSession(request, true); // Cache the authentication information in our session. if (session != null) { session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username); else session.removeNote(Constants.SESS_USERNAME_NOTE); if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password); else session.removeNote(Constants.SESS_PASSWORD_NOTE); } } return principal; }
request.setAuthType(authtype);