Search in sources :

Example 1 with AdapterDeploymentContext

use of org.keycloak.adapters.AdapterDeploymentContext in project openremote by openremote.

the class SimpleKeycloakServletExtension method handleDeployment.

@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
    AdapterDeploymentContext deploymentContext = new AdapterDeploymentContext(configResolver);
    servletContext.setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext);
    UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement();
    final ServletKeycloakAuthMech mech = createAuthenticationMechanism(deploymentInfo, deploymentContext, userSessionManagement, nodesRegistrationManagement);
    UndertowAuthenticatedActionsHandler.Wrapper actions = new UndertowAuthenticatedActionsHandler.Wrapper(deploymentContext);
    // setup handlers
    deploymentInfo.addOuterHandlerChainWrapper(new ServletPreAuthActionsHandler.Wrapper(deploymentContext, userSessionManagement));
    deploymentInfo.addAuthenticationMechanism(AUTH_MECHANISM, new AuthenticationMechanismFactory() {

        @Override
        public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
            return mech;
        }
    });
    // authentication
    // handles authenticated actions and cors.
    deploymentInfo.addInnerHandlerChainWrapper(actions);
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return account;
        }

        @Override
        public Account verify(String id, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        @Override
        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    });
    log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
    ServletSessionConfig cookieConfig = new ServletSessionConfig();
    cookieConfig.setPath(deploymentInfo.getContextPath());
    deploymentInfo.setServletSessionConfig(cookieConfig);
    ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
    deploymentInfo.addListener(new ListenerInfo(UndertowNodesRegistrationManagementWrapper.class, new InstanceFactory<UndertowNodesRegistrationManagementWrapper>() {

        @Override
        public InstanceHandle<UndertowNodesRegistrationManagementWrapper> createInstance() throws InstantiationException {
            UndertowNodesRegistrationManagementWrapper listener = new UndertowNodesRegistrationManagementWrapper(nodesRegistrationManagement);
            return new ImmediateInstanceHandle<UndertowNodesRegistrationManagementWrapper>(listener);
        }
    }));
}
Also used : Account(io.undertow.security.idm.Account) IdentityManager(io.undertow.security.idm.IdentityManager) Credential(io.undertow.security.idm.Credential) NodesRegistrationManagement(org.keycloak.adapters.NodesRegistrationManagement) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) FormParserFactory(io.undertow.server.handlers.form.FormParserFactory) ImmediateInstanceHandle(io.undertow.servlet.util.ImmediateInstanceHandle) AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory)

Example 2 with AdapterDeploymentContext

use of org.keycloak.adapters.AdapterDeploymentContext in project vboard by voyages-sncf-technologies.

the class WebSecurityConfig method configureKeycloakSecurity.

protected void configureKeycloakSecurity(HttpSecurity http) throws Exception {
    // Not @Autowiring those beans as they may not be available because of the @Conditional
    final AdapterDeploymentContext adc = applicationContext.getBean(AdapterDeploymentContext.class);
    final KeycloakPreAuthActionsFilter keycloakPreAuthActionsFilter = applicationContext.getBean(KeycloakPreAuthActionsFilter.class);
    http.addFilterBefore(keycloakPreAuthActionsFilter, LogoutFilter.class).addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class).exceptionHandling().authenticationEntryPoint(new KeycloakAuthenticationEntryPoint(adc));
    http.logout().addLogoutHandler(new KeycloakLogoutHandler(adc)).logoutUrl("/sso/logout").permitAll().logoutSuccessUrl("/");
}
Also used : AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) KeycloakLogoutHandler(org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) KeycloakPreAuthActionsFilter(org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter) KeycloakAuthenticationEntryPoint(org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint)

Aggregations

AdapterDeploymentContext (org.keycloak.adapters.AdapterDeploymentContext)2 AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1 AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1 Account (io.undertow.security.idm.Account)1 Credential (io.undertow.security.idm.Credential)1 IdentityManager (io.undertow.security.idm.IdentityManager)1 FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1 ImmediateInstanceHandle (io.undertow.servlet.util.ImmediateInstanceHandle)1 NodesRegistrationManagement (org.keycloak.adapters.NodesRegistrationManagement)1 KeycloakAuthenticationEntryPoint (org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint)1 KeycloakLogoutHandler (org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler)1 KeycloakPreAuthActionsFilter (org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter)1 LogoutFilter (org.springframework.security.web.authentication.logout.LogoutFilter)1