@Override public void logout() { CookieTokenStore.removeCookie(deployment, facade); }
@Override public void logout() { CookieTokenStore.removeCookie(deployment, facade); }
@Override public void logout() { CookieTokenStore.removeCookie(deployment, facade); }
@Override public void logout() { CookieTokenStore.removeCookie(deployment, facade); }
@Override public void logout() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) return; CookieTokenStore.removeCookie(deployment, facade); }
@Override public void logout() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) return; CookieTokenStore.removeCookie(deployment, facade); }
@Override public boolean isCached(RequestAuthenticator authenticator) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid, returning null"); return false; } KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, removing cookie and returning false"); CookieTokenStore.removeCookie(deployment, facade); return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid, returning null"); return false; } KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, removing cookie and returning false"); CookieTokenStore.removeCookie(deployment, facade); return false; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.debugf("Cleanup and expire cookie for user %s after failed refresh", principal.getName()); CookieTokenStore.removeCookie(deployment, facade); return null; }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.debugf("Cleanup and expire cookie for user %s after failed refresh", principal.getName()); CookieTokenStore.removeCookie(deployment, facade); return null; }