@GET @Path("{clientId}") @Produces(MediaType.APPLICATION_JSON) public Response getOIDC(@PathParam("clientId") String clientId) { ClientRepresentation client = get(clientId); OIDCClientRepresentation clientOIDC = DescriptionConverterExt.toExternalResponse(session, client, session.getContext().getUri().getRequestUri()); return Response.ok(clientOIDC).build(); }
@POST @Path("") @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response createCompany(CompanyRepresentation rep) { session.getProvider(ExampleService.class).addCompany(rep); return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(rep.getId()).build()).build(); }
private void checkClient(String service) { if (service == null) { return; } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client != null) { redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); session.getContext().setClient(client); } } }
protected void checkSsl() { if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "HTTPS required", Response.Status.FORBIDDEN); } }
private Response prepare(Response.Status status, CASServiceResponse serviceResponse) { MediaType responseMediaType = new ContentTypeHelper(request, restRequest, session.getContext().getUri()).selectResponseType(); return ServiceResponseHelper.createResponse(status, responseMediaType, serviceResponse); } }
@GET @NoCache public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) { checkClient(service); AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false); if (authResult != null) { UserSessionModel userSession = authResult.getSession(); userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL); if (redirectUri != null) userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri); logger.debug("Initiating CAS browser logout"); Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers, null); logger.debug("finishing CAS browser logout"); return response; } return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT); }
@PUT @Path("{clientId}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public Response updateOIDC(@PathParam("clientId") String clientId, OIDCClientRepresentationExtended clientOIDC) { try { ClientRepresentation client = DescriptionConverterExt.toInternal(session, clientOIDC); OIDCClientRegistrationContext oidcContext = new OIDCClientRegistrationContext(session, client, this, clientOIDC); client = update(clientId, oidcContext); ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId()); updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri()); updateClientRepWithProtocolMappers(clientModel, client); URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build(); OIDCClientRepresentationExtended clientOIDCResponse = DescriptionConverterExt.toExternalResponse(session, client, uri); return Response.ok(clientOIDCResponse).build(); } catch (ClientRegistrationException cre) { ServicesLogger.LOGGER.clientRegistrationException(cre.getMessage()); throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST); } }
protected void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "Missing parameter: " + CASLoginProtocol.SERVICE_PARAM, Response.Status.BAD_REQUEST); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client not found", Response.Status.BAD_REQUEST); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client disabled", Response.Status.BAD_REQUEST); } event.client(client.getClientId()); session.getContext().setClient(client); }
private void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED); } redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); event.client(client.getClientId()); event.detail(Details.REDIRECT_URI, redirectUri); session.getContext().setClient(client); }
@GET @NoCache public Response build() { MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM); boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); event.event(EventType.CODE_TO_TOKEN); try { checkSsl(); checkRealm(); checkClient(service); checkTicket(ticket, renew); event.success(); return successResponse(); } catch (CASValidationException e) { return errorResponse(e); } }
@GET public Response build() { MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM); checkSsl(); checkRealm(); checkClient(service); authenticationSession = createAuthenticationSession(client, null); updateAuthenticationSession(); // So back button doesn't work CacheControlUtil.noBackButtonCacheControlHeader(); if (renew) { authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true"); } this.event.event(EventType.LOGIN); return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false); }
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, session.getContext().getUri(), clientConnection, headers); if (authResult == null) { throw new NotAuthorizedException("Bearer");
updateClientRepWithProtocolMappers(clientModel, client); URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build(); OIDCClientRepresentationExtended clientOIDCResponse = DescriptionConverterExt.toExternalResponse(session, client, uri); clientOIDCResponse.setClientIdIssuedAt(Time.currentTime());