/** * Checks that access token is still valid. Will attempt refresh of token if it is not. * * @param request */ protected void checkKeycloakSession(Request request, HttpFacade facade) { KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.checkCurrentToken(); }
/** * Checks that access token is still valid. Will attempt refresh of token if it is not. * * @param request */ protected void checkKeycloakSession(Request request, HttpFacade facade) { KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.checkCurrentToken(); }
private KeycloakDeployment resolveDeployment(KeycloakDeployment baseDeployment, HttpServletRequest request) { ServletFacade facade = new ServletFacade(request); return new AdapterDeploymentContext(baseDeployment).resolveDeployment(facade); }
protected boolean resolveDeployment() { deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { log.warn("can't take request, adapter not configured"); facade.getResponse().sendError(403, "adapter not configured"); return false; } return true; }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpFacade facade = new SimpleHttpFacade((HttpServletRequest)request, (HttpServletResponse)response); nodesRegistrationManagement.tryRegister(deploymentContext.resolveDeployment(facade)); PreAuthActionsHandler handler = preAuthActionsHandlerFactory.createPreAuthActionsHandler(facade); if (handler.handleRequest()) { log.debug("Pre-auth filter handled request: {}", ((HttpServletRequest) request).getRequestURI()); } else { chain.doFilter(request, response); } }
protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response, KeycloakAuthenticationToken authenticationToken) { HttpFacade facade = new SimpleHttpFacade(request, response); KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade); RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authenticationToken.getAccount().getKeycloakSecurityContext(); session.logout(deployment); } }
protected void logoutInternal(Request request) { KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } request.setUserPrincipal(null); }
protected void logoutInternal(Request request) { KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } request.setUserPrincipal(null); }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); RequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public void filter(ContainerRequestContext containerRequestContext) throws IOException { SecurityContext securityContext = containerRequestContext.getSecurityContext(); JaxrsHttpFacade facade = new JaxrsHttpFacade(containerRequestContext, securityContext); if (handlePreauth(facade)) { return; } KeycloakDeployment resolvedDeployment = deploymentContext.resolveDeployment(facade); nodesRegistrationManagement.tryRegister(resolvedDeployment); bearerAuthentication(facade, containerRequestContext, resolvedDeployment); }
@Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { HttpFacade facade = new SimpleHttpFacade(request, response); if (apiRequestMatcher.matches(request) || adapterDeploymentContext.resolveDeployment(facade).isBearerOnly()) { commenceUnauthorizedResponse(request, response); } else { commenceLoginRedirect(request, response); } }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, facade); if (handler.handledRequest()) return; } next.handleRequest(exchange); } }
@Override public void filter(ContainerRequestContext request) throws IOException { SecurityContext securityContext = getRequestSecurityContext(request); JaxrsHttpFacade facade = new JaxrsHttpFacade(request, securityContext); if (handlePreauth(facade)) { return; } KeycloakDeployment resolvedDeployment = deploymentContext.resolveDeployment(facade); nodesRegistrationManagement.tryRegister(resolvedDeployment); bearerAuthentication(facade, request, resolvedDeployment); }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, facade); if (handler.handledRequest()) return; } next.handleRequest(exchange); } }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); RequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; HttpServerExchange exchange = notification.getExchange(); UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } };
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; HttpServerExchange exchange = notification.getExchange(); UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } };
@Override public void invoke(Request request, Response response) throws IOException, ServletException { log.debugv("AuthenticatedActionsValve.invoke {0}", request.getRequestURI()); CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, new OIDCCatalinaHttpFacade(request, response)); if (handler.handledRequest()) { return; } } getNext().invoke(request, response); } }