Search in sources :

Example 11 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractKeycloakAuthenticatorValve method checkKeycloakSession.

/**
 * Checks that access token is still valid.  Will attempt refresh of token if it is not.
 *
 * @param request
 */
protected void checkKeycloakSession(Request request, HttpFacade facade) {
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
    AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
    tokenStore.checkCurrentToken();
}
Also used : KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 12 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractKeycloakAuthenticatorValve method authenticateInternal.

protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
    CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, response);
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
        // needed for the EAP6/AS7 adapter relying on the tomcat core adapter
        facade.getResponse().sendError(401);
        return false;
    }
    AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
    nodesRegistrationManagement.tryRegister(deployment);
    CatalinaRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
    AuthOutcome outcome = authenticator.authenticate();
    if (outcome == AuthOutcome.AUTHENTICATED) {
        if (facade.isEnded()) {
            return false;
        }
        return true;
    }
    AuthChallenge challenge = authenticator.getChallenge();
    if (challenge != null) {
        challenge.challenge(facade);
    }
    return false;
}
Also used : AuthChallenge(org.keycloak.adapters.spi.AuthChallenge) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AuthOutcome(org.keycloak.adapters.spi.AuthOutcome) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 13 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractKeycloakAuthenticatorValve method logoutInternal.

protected void logoutInternal(Request request) {
    KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
    if (ksc != null) {
        CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null);
        KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
        if (ksc instanceof RefreshableKeycloakSecurityContext) {
            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
        }
        AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
        tokenStore.logout();
        request.removeAttribute(KeycloakSecurityContext.class.getName());
    }
    request.setUserPrincipal(null);
}
Also used : KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 14 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class ServletKeycloakAuthMech method createRequestAuthenticator.

protected RequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
    int confidentialPort = getConfidentilPort(exchange);
    AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
    return new ServletRequestAuthenticator(facade, deployment, confidentialPort, securityContext, exchange, tokenStore);
}
Also used : AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 15 with AdapterTokenStore

use of org.keycloak.adapters.AdapterTokenStore in project keycloak by keycloak.

the class AbstractUndertowKeycloakAuthMech method registerNotifications.

protected void registerNotifications(final SecurityContext securityContext) {
    final NotificationReceiver logoutReceiver = new NotificationReceiver() {

        @Override
        public void handleNotification(SecurityNotification notification) {
            if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT)
                return;
            HttpServerExchange exchange = notification.getExchange();
            UndertowHttpFacade facade = createFacade(exchange);
            KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
            KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
            if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
            }
            AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
            tokenStore.logout();
        }
    };
    securityContext.registerNotificationReceiver(logoutReceiver);
}
Also used : HttpServerExchange(io.undertow.server.HttpServerExchange) NotificationReceiver(io.undertow.security.api.NotificationReceiver) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore) SecurityNotification(io.undertow.security.api.SecurityNotification)

Aggregations

AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)15 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)10 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)4 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)4 AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)4 AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)4 RequestAuthenticator (org.keycloak.adapters.RequestAuthenticator)3 AuthenticatedActionsHandler (org.keycloak.adapters.AuthenticatedActionsHandler)2 PreAuthActionsHandler (org.keycloak.adapters.PreAuthActionsHandler)2 NotificationReceiver (io.undertow.security.api.NotificationReceiver)1 SecurityContext (io.undertow.security.api.SecurityContext)1 SecurityNotification (io.undertow.security.api.SecurityNotification)1 Account (io.undertow.security.idm.Account)1 SecurityContextImpl (io.undertow.security.impl.SecurityContextImpl)1 HttpServerExchange (io.undertow.server.HttpServerExchange)1 ServletRequest (javax.servlet.ServletRequest)1 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)1 DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)1 Authentication (org.eclipse.jetty.server.Authentication)1 Request (org.eclipse.jetty.server.Request)1