@Override public boolean isBearerOnly() { return delegate.isBearerOnly(); }
private boolean isBearerAuthorization(OIDCHttpFacade httpFacade) { List<String> authHeaders = httpFacade.getRequest().getHeaders("Authorization"); if (authHeaders != null) { for (String authHeader : authHeaders) { String[] split = authHeader.trim().split("\\s+"); if (split == null || split.length != 2) continue; if (!split[0].equalsIgnoreCase("Bearer")) continue; return true; } } return getPolicyEnforcer().getDeployment().isBearerOnly(); } }
public boolean isConfigured() { return getRealm() != null && getPublicKeyLocator() != null && (isBearerOnly() || getAuthServerBaseUrl() != null); }
@Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { HttpFacade facade = new SimpleHttpFacade(request, response); if (apiRequestMatcher.matches(request) || adapterDeploymentContext.resolveDeployment(facade).isBearerOnly()) { commenceUnauthorizedResponse(request, response); } else { commenceLoginRedirect(request, response); } }
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; HttpServerExchange exchange = notification.getExchange(); UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } };
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; HttpServerExchange exchange = notification.getExchange(); UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } };
if (deployment.isBearerOnly()) { challenge = bearer.getChallenge(); log.debug("NOT_ATTEMPTED: bearer only");
challenge.challenge(facade); if (deployment.isBearerOnly()) {
return new AuthResults(authn); case NOT_ATTEMPTED: if (deployment.isBearerOnly()) {
throw new IllegalArgumentException("For bearer auth, you must set the realm-public-key or auth-server-url"); if (realmKeyPem == null || !deployment.isBearerOnly() || deployment.isEnableBasicAuth() || deployment.isRegisterNodeAtStartup() || deployment.getRegisterNodePeriod() != -1) { deployment.setClient(new HttpClientBuilder().build(adapterConfig)); if (adapterConfig.getAuthServerUrl() == null && (!deployment.isBearerOnly() || realmKeyPem == null)) { throw new RuntimeException("You must specify auth-server-url");