protected boolean resolveDeployment() { deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { log.warn("can't take request, adapter not configured"); facade.getResponse().sendError(403, "adapter not configured"); return false; } return true; }
public KeycloakGuard(String realm, String resource, SecurityManager securityManager) { this.securityManager = securityManager; KeycloakRealm kRealm = null; for (KeycloakRealm keycloakRealm : securityManager.getRealms(KeycloakRealm.class)) { if (Strings.isNullOrEmpty(realm) && Strings.isNullOrEmpty(resource)) { // take first KeycloakRealm hit kRealm = keycloakRealm; break; } else if (realm.equals(keycloakRealm.getKeycloakConfig().getRealm()) && resource.equals(keycloakRealm.getKeycloakConfig().getResource())) { // match the realm & resource to the KeycloakRealm kRealm = keycloakRealm; break; } } this.keycloakRealm = kRealm; Preconditions.checkArgument(keycloakRealm != null, "Please specify a KeycloakRealm in realms.conf!"); Preconditions.checkArgument(keycloakRealm.getKeycloakDeployment().isConfigured(), "Keycloak is not properly configured!"); this.deploymentContext = new AdapterDeploymentContext(keycloakRealm.getKeycloakDeployment()); }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); RequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, facade); if (handler.handledRequest()) return; } next.handleRequest(exchange); } }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); RequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, facade); if (handler.handledRequest()) return; } next.handleRequest(exchange); } }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore); return keycloakAuthenticate(exchange, securityContext, authenticator); }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (!deployment.isConfigured()) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } nodesRegistrationManagement.tryRegister(deployment); AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore); return keycloakAuthenticate(exchange, securityContext, authenticator); }
if (deployment == null || !deployment.isConfigured()) { response.sendError(403); log.fine("deployment not configured");
@Override public void invoke(Request request, Response response) throws IOException, ServletException { log.debugv("AuthenticatedActionsValve.invoke {0}", request.getRequestURI()); CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, new OIDCCatalinaHttpFacade(request, response)); if (handler.handledRequest()) { return; } } getNext().invoke(request, response); } }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { log.debugv("AuthenticatedActionsValve.invoke {0}", request.getRequestURI()); CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment != null && deployment.isConfigured()) { AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, new OIDCCatalinaHttpFacade(request, response)); if (handler.handledRequest()) { return; } } getNext().invoke(request, response); } }
OIDCJettyHttpFacade facade = new OIDCJettyHttpFacade(request, (HttpServletResponse) res); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { log.debug("*** deployment isn't configured return false"); return Authentication.UNAUTHENTICATED;
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { httpExchange.setStatusCode(StatusCodes.FORBIDDEN); LOG.fine("deployment not configured");
OIDCJettyHttpFacade facade = new OIDCJettyHttpFacade(request, (HttpServletResponse) res); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { log.debug("*** deployment isn't configured return false"); return Authentication.UNAUTHENTICATED;
public void validateRequest(final ContainerRequestContext requestContext) { if (requestContext.getSecurityContext().getUserPrincipal() != null) { // the user is already authenticated, further processing is not necessary return; } Request request = Request.getBaseRequest((ServletRequest) requestContext.getProperty(HttpServletRequest.class.getName())); JaxrsHttpFacade facade = new JaxrsHttpFacade(requestContext, requestContext.getSecurityContext()); request.setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { return; } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.checkCurrentToken(); JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore); AuthOutcome outcome = authenticator.authenticate(); if (outcome == AuthOutcome.AUTHENTICATED) { return; } AuthChallenge challenge = authenticator.getChallenge(); if (challenge != null) { challenge.challenge(facade); if (!adapterConfig.isBearerOnly()) { // create session and set cookie for client facade.getResponse().setCookie("JSESSIONID", request.getSession().getId(), "/", null, -1, false, false); } facade.getResponse().end(); } }
protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { //needed for the EAP6/AS7 adapter relying on the tomcat core adapter facade.getResponse().sendError(401); return false; } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); nodesRegistrationManagement.tryRegister(deployment); CatalinaRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore); AuthOutcome outcome = authenticator.authenticate(); if (outcome == AuthOutcome.AUTHENTICATED) { if (facade.isEnded()) { return false; } return true; } AuthChallenge challenge = authenticator.getChallenge(); if (challenge != null) { challenge.challenge(facade); } return false; }
protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { //needed for the EAP6/AS7 adapter relying on the tomcat core adapter facade.getResponse().sendError(401); return false; } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); nodesRegistrationManagement.tryRegister(deployment); CatalinaRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore); AuthOutcome outcome = authenticator.authenticate(); if (outcome == AuthOutcome.AUTHENTICATED) { if (facade.isEnded()) { return false; } return true; } AuthChallenge challenge = authenticator.getChallenge(); if (challenge != null) { challenge.challenge(facade); } return false; }
if (deployment == null || !deployment.isConfigured()) { context.getResponse().forbidden(); log.warn("Keycloak is not properly configured");