Search in sources :

Example 1 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractKeycloakJettyAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
    if (log.isTraceEnabled()) {
        log.trace("*** authenticate");
    }
    Request request = resolveRequest(req);
    OIDCJettyHttpFacade facade = new OIDCJettyHttpFacade(request, (HttpServletResponse) res);
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
        log.debug("*** deployment isn't configured return false");
        return Authentication.UNAUTHENTICATED;
    }
    PreAuthActionsHandler handler = new PreAuthActionsHandler(createSessionManagement(request), deploymentContext, facade);
    if (handler.handleRequest()) {
        return Authentication.SEND_SUCCESS;
    }
    if (!mandatory)
        return new DeferredAuthentication(this);
    AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
    nodesRegistrationManagement.tryRegister(deployment);
    tokenStore.checkCurrentToken();
    JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
    AuthOutcome outcome = authenticator.authenticate();
    if (outcome == AuthOutcome.AUTHENTICATED) {
        if (facade.isEnded()) {
            return Authentication.SEND_SUCCESS;
        }
        Authentication authentication = register(request, authenticator.principal);
        AuthenticatedActionsHandler authenticatedActionsHandler = new AuthenticatedActionsHandler(deployment, facade);
        if (authenticatedActionsHandler.handledRequest()) {
            return Authentication.SEND_SUCCESS;
        }
        return authentication;
    }
    AuthChallenge challenge = authenticator.getChallenge();
    if (challenge != null) {
        challenge.challenge(facade);
    }
    return Authentication.SEND_CONTINUE;
}
Also used : AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler) AuthChallenge(org.keycloak.adapters.spi.AuthChallenge) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) Request(org.eclipse.jetty.server.Request) ServletRequest(javax.servlet.ServletRequest) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) AuthOutcome(org.keycloak.adapters.spi.AuthOutcome) PreAuthActionsHandler(org.keycloak.adapters.PreAuthActionsHandler) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 2 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractKeycloakJettyAuthenticator method logoutCurrent.

public void logoutCurrent(Request request) {
    AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) request.getAttribute(AdapterDeploymentContext.class.getName());
    KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
    if (ksc != null) {
        JettyHttpFacade facade = new OIDCJettyHttpFacade(request, null);
        KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
        if (ksc instanceof RefreshableKeycloakSecurityContext) {
            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
        }
        AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
        tokenStore.logout();
        request.removeAttribute(KeycloakSecurityContext.class.getName());
    }
}
Also used : KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) JettyHttpFacade(org.keycloak.adapters.jetty.spi.JettyHttpFacade) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 3 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class UndertowAuthenticationMechanism method authenticate.

@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    UndertowHttpFacade facade = createFacade(exchange);
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (!deployment.isConfigured()) {
        return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }
    nodesRegistrationManagement.tryRegister(deployment);
    AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
    RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore);
    return keycloakAuthenticate(exchange, securityContext, authenticator);
}
Also used : RequestAuthenticator(org.keycloak.adapters.RequestAuthenticator) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 4 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class WildflyAuthenticationMechanism method createRequestAuthenticator.

@Override
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
    int confidentialPort = getConfidentilPort(exchange);
    AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
    return new WildflyRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore);
}
Also used : AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 5 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractKeycloakAuthenticatorValve method getTokenStore.

protected AdapterTokenStore getTokenStore(Request request, HttpFacade facade, KeycloakDeployment resolvedDeployment) {
    AdapterTokenStore store = (AdapterTokenStore) request.getNote(TOKEN_STORE_NOTE);
    if (store != null) {
        return store;
    }
    if (resolvedDeployment.getTokenStore() == TokenStore.SESSION) {
        store = createSessionTokenStore(request, resolvedDeployment);
    } else {
        store = new CatalinaCookieTokenStore(request, facade, resolvedDeployment, createPrincipalFactory());
    }
    request.setNote(TOKEN_STORE_NOTE, store);
    return store;
}
Also used : AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Aggregations

AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)15 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)10 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)4 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)4 AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)4 AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)4 RequestAuthenticator (org.keycloak.adapters.RequestAuthenticator)3 AuthenticatedActionsHandler (org.keycloak.adapters.AuthenticatedActionsHandler)2 PreAuthActionsHandler (org.keycloak.adapters.PreAuthActionsHandler)2 NotificationReceiver (io.undertow.security.api.NotificationReceiver)1 SecurityContext (io.undertow.security.api.SecurityContext)1 SecurityNotification (io.undertow.security.api.SecurityNotification)1 Account (io.undertow.security.idm.Account)1 SecurityContextImpl (io.undertow.security.impl.SecurityContextImpl)1 HttpServerExchange (io.undertow.server.HttpServerExchange)1 ServletRequest (javax.servlet.ServletRequest)1 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)1 DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)1 Authentication (org.eclipse.jetty.server.Authentication)1 Request (org.eclipse.jetty.server.Request)1