Example 1 with AuthenticatedActionsHandler
use of org.keycloak.adapters.AuthenticatedActionsHandler in project keycloak by keycloak.
the class AbstractKeycloakJettyAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (log.isTraceEnabled()) {
log.trace("*** authenticate");
}
Request request = resolveRequest(req);
OIDCJettyHttpFacade facade = new OIDCJettyHttpFacade(request, (HttpServletResponse) res);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
log.debug("*** deployment isn't configured return false");
return Authentication.UNAUTHENTICATED;
}
PreAuthActionsHandler handler = new PreAuthActionsHandler(createSessionManagement(request), deploymentContext, facade);
if (handler.handleRequest()) {
return Authentication.SEND_SUCCESS;
}
if (!mandatory)
return new DeferredAuthentication(this);
AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
nodesRegistrationManagement.tryRegister(deployment);
tokenStore.checkCurrentToken();
JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
if (facade.isEnded()) {
return Authentication.SEND_SUCCESS;
}
Authentication authentication = register(request, authenticator.principal);
AuthenticatedActionsHandler authenticatedActionsHandler = new AuthenticatedActionsHandler(deployment, facade);
if (authenticatedActionsHandler.handledRequest()) {
return Authentication.SEND_SUCCESS;
}
return authentication;
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
challenge.challenge(facade);
}
return Authentication.SEND_CONTINUE;
}
Also used :
AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler)
AuthChallenge(org.keycloak.adapters.spi.AuthChallenge)
DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Request(org.eclipse.jetty.server.Request)
ServletRequest(javax.servlet.ServletRequest)
DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication)
AuthOutcome(org.keycloak.adapters.spi.AuthOutcome)
PreAuthActionsHandler(org.keycloak.adapters.PreAuthActionsHandler)
AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)
Example 2 with AuthenticatedActionsHandler
use of org.keycloak.adapters.AuthenticatedActionsHandler in project keycloak by keycloak.
the class PolicyEnforcerTest method testDefaultWWWAuthenticateCorsHeader.
@Test
public void testDefaultWWWAuthenticateCorsHeader() {
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-disabled-enforce-mode-path.json"));
deployment.setCors(true);
Map<String, List<String>> headers = new HashMap<>();
headers.put(CorsHeaders.ORIGIN, Arrays.asList("http://localhost:8180"));
oauth.realm(REALM_NAME);
oauth.clientId("public-client-test");
oauth.doLogin("marta", "password");
String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), null).getAccessToken();
OIDCHttpFacade httpFacade = createHttpFacade("http://server/api/resource/public", HttpMethod.OPTIONS, token, headers, Collections.emptyMap(), null, deployment);
new AuthenticatedActionsHandler(deployment, httpFacade).handledRequest();
assertEquals(HttpHeaders.WWW_AUTHENTICATE, headers.get(CorsHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).get(0));
}
Also used :
AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler)
HashMap(java.util.HashMap)
OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
List(java.util.List)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 3 with AuthenticatedActionsHandler
use of org.keycloak.adapters.AuthenticatedActionsHandler in project keycloak by keycloak.
the class UndertowAuthenticatedActionsHandler method handleRequest.
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(exchange);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment != null && deployment.isConfigured()) {
AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, facade);
if (handler.handledRequest())
return;
}
next.handleRequest(exchange);
}
Also used :
AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Example 4 with AuthenticatedActionsHandler
use of org.keycloak.adapters.AuthenticatedActionsHandler in project keycloak by keycloak.
the class KeycloakOIDCFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
log.fine("Keycloak OIDC Filter");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (shouldSkip(request)) {
chain.doFilter(req, res);
return;
}
OIDCServletHttpFacade facade = new OIDCServletHttpFacade(request, response);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
response.sendError(403);
log.fine("deployment not configured");
return;
}
PreAuthActionsHandler preActions = new PreAuthActionsHandler(new IdMapperUserSessionManagement(), deploymentContext, facade);
if (preActions.handleRequest()) {
// System.err.println("**************** preActions.handleRequest happened!");
return;
}
nodesRegistrationManagement.tryRegister(deployment);
OIDCFilterSessionStore tokenStore = new OIDCFilterSessionStore(request, facade, 100000, deployment, idMapper);
tokenStore.checkCurrentToken();
FilterRequestAuthenticator authenticator = new FilterRequestAuthenticator(deployment, tokenStore, facade, request, 8443);
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
log.fine("AUTHENTICATED");
if (facade.isEnded()) {
return;
}
AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, facade);
if (actions.handledRequest()) {
return;
} else {
HttpServletRequestWrapper wrapper = tokenStore.buildWrapper();
chain.doFilter(wrapper, res);
return;
}
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
log.fine("challenge");
challenge.challenge(facade);
return;
}
response.sendError(403);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler)
AuthChallenge(org.keycloak.adapters.spi.AuthChallenge)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthOutcome(org.keycloak.adapters.spi.AuthOutcome)
PreAuthActionsHandler(org.keycloak.adapters.PreAuthActionsHandler)
Example 5 with AuthenticatedActionsHandler
use of org.keycloak.adapters.AuthenticatedActionsHandler in project keycloak by keycloak.
the class UndertowKeycloakConsumer method handleRequest.
@Override
public void handleRequest(HttpServerExchange httpExchange) throws Exception {
if (shouldSkip(httpExchange.getRequestPath())) {
super.handleRequest(httpExchange);
return;
}
// perform only non-blocking operation on exchange
if (httpExchange.isInIoThread()) {
httpExchange.dispatch(this);
return;
}
OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(httpExchange);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
LOG.fine("deployment not configured");
return;
}
LOG.fine("executing PreAuthActionsHandler");
SessionManagementBridge bridge = new SessionManagementBridge(userSessionManagement, sessionManager);
PreAuthActionsHandler preAuth = new PreAuthActionsHandler(bridge, deploymentContext, facade);
if (preAuth.handleRequest())
return;
SecurityContext securityContext = httpExchange.getSecurityContext();
if (securityContext == null) {
securityContext = new SecurityContextImpl(httpExchange, IDENTITY_MANAGER);
}
AdapterTokenStore tokenStore = getTokenStore(httpExchange, facade, deployment, securityContext);
tokenStore.checkCurrentToken();
LOG.fine("executing AuthenticatedActionsHandler");
RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, httpExchange, tokenStore);
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
LOG.fine("AUTHENTICATED");
if (httpExchange.isResponseComplete()) {
return;
}
AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, facade);
if (actions.handledRequest()) {
return;
} else {
final Account authenticatedAccount = securityContext.getAuthenticatedAccount();
if (authenticatedAccount instanceof KeycloakUndertowAccount) {
final KeycloakUndertowAccount kua = (KeycloakUndertowAccount) authenticatedAccount;
httpExchange.putAttachment(KEYCLOAK_PRINCIPAL_KEY, (KeycloakPrincipal) kua.getPrincipal());
}
Set<String> roles = authenticatedAccount.getRoles();
if (roles == null) {
roles = Collections.EMPTY_SET;
}
LOG.log(Level.FINE, "Allowed roles: {0}, current roles: {1}", new Object[] { allowedRoles, roles });
if (isRoleAllowed(roles, httpExchange)) {
super.handleRequest(httpExchange);
} else {
httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
}
return;
}
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
LOG.fine("challenge");
challenge.challenge(facade);
return;
}
httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
}
Also used :
AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler)
Account(io.undertow.security.idm.Account)
KeycloakUndertowAccount(org.keycloak.adapters.undertow.KeycloakUndertowAccount)
SecurityContextImpl(io.undertow.security.impl.SecurityContextImpl)
AuthChallenge(org.keycloak.adapters.spi.AuthChallenge)
UndertowRequestAuthenticator(org.keycloak.adapters.undertow.UndertowRequestAuthenticator)
RequestAuthenticator(org.keycloak.adapters.RequestAuthenticator)
AuthOutcome(org.keycloak.adapters.spi.AuthOutcome)
PreAuthActionsHandler(org.keycloak.adapters.PreAuthActionsHandler)
KeycloakUndertowAccount(org.keycloak.adapters.undertow.KeycloakUndertowAccount)
OIDCUndertowHttpFacade(org.keycloak.adapters.undertow.OIDCUndertowHttpFacade)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
SecurityContext(io.undertow.security.api.SecurityContext)
SessionManagementBridge(org.keycloak.adapters.undertow.SessionManagementBridge)
UndertowRequestAuthenticator(org.keycloak.adapters.undertow.UndertowRequestAuthenticator)
AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)
Aggregations
AuthenticatedActionsHandler (org.keycloak.adapters.AuthenticatedActionsHandler)9
KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)9
AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)4
AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)4
OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)3
PreAuthActionsHandler (org.keycloak.adapters.PreAuthActionsHandler)3
Test (org.junit.Test)2
AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)2
RequestAuthenticator (org.keycloak.adapters.RequestAuthenticator)2
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)2
SecurityContext (io.undertow.security.api.SecurityContext)1
Account (io.undertow.security.idm.Account)1
SecurityContextImpl (io.undertow.security.impl.SecurityContextImpl)1
HashMap (java.util.HashMap)1
List (java.util.List)1
ServletRequest (javax.servlet.ServletRequest)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
UserAuthentication (org.eclipse.jetty.security.UserAuthentication)1
