Search in sources :

Example 46 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class AbstractKeycloakAuthenticatorValve method logoutInternal.

protected void logoutInternal(Request request) {
    KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
    if (ksc != null) {
        CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null);
        KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
        if (ksc instanceof RefreshableKeycloakSecurityContext) {
            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
        }
        AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
        tokenStore.logout();
        request.removeAttribute(KeycloakSecurityContext.class.getName());
    }
    request.setUserPrincipal(null);
}
Also used : KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 47 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class AbstractKeycloakAuthenticatorValve method keycloakInit.

@SuppressWarnings("UseSpecificCatch")
public void keycloakInit() {
    // Possible scenarios:
    // 1) The deployment has a keycloak.config.resolver specified and it exists:
    // Outcome: adapter uses the resolver
    // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
    // Outcome: adapter is left unconfigured
    // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
    // Outcome: adapter uses it
    // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
    // Outcome: adapter is left unconfigured
    String configResolverClass = context.getServletContext().getInitParameter("keycloak.config.resolver");
    if (configResolverClass != null) {
        try {
            KeycloakConfigResolver configResolver = (KeycloakConfigResolver) context.getLoader().getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new AdapterDeploymentContext(configResolver);
            log.debugv("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", configResolverClass, ex.getMessage());
            deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
        }
    } else {
        InputStream configInputStream = getConfigInputStream(context);
        KeycloakDeployment kd;
        if (configInputStream == null) {
            log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
            kd = new KeycloakDeployment();
        } else {
            kd = KeycloakDeploymentBuilder.build(configInputStream);
        }
        deploymentContext = new AdapterDeploymentContext(kd);
        log.debug("Keycloak is using a per-deployment configuration.");
    }
    context.getServletContext().setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext);
    AbstractAuthenticatedActionsValve actions = createAuthenticatedActionsValve(deploymentContext, getNext(), getContainer());
    setNext(actions);
    nodesRegistrationManagement = new NodesRegistrationManagement();
}
Also used : NodesRegistrationManagement(org.keycloak.adapters.NodesRegistrationManagement) KeycloakConfigResolver(org.keycloak.adapters.KeycloakConfigResolver) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException)

Example 48 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class ElytronSessionTokenStore method logout.

@Override
public void logout(boolean glo) {
    HttpScope session = this.httpFacade.getScope(Scope.SESSION);
    if (!session.exists()) {
        return;
    }
    KeycloakSecurityContext ksc = (KeycloakSecurityContext) session.getAttachment(KeycloakSecurityContext.class.getName());
    try {
        if (glo && ksc != null) {
            KeycloakDeployment deployment = httpFacade.getDeployment();
            session.invalidate();
            if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
            }
        } else {
            session.setAttachment(ElytronAccount.class.getName(), null);
            session.setAttachment(KeycloakSecurityContext.class.getName(), null);
        }
    } catch (IllegalStateException ise) {
        // Session may be already logged-out in case that app has adminUrl
        log.debugf("Session %s logged-out already", session.getID());
    }
}
Also used : HttpScope(org.wildfly.security.http.HttpScope) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)

Example 49 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class ElytronSessionTokenStore method isCached.

@Override
public boolean isCached(RequestAuthenticator authenticator) {
    HttpScope session = this.httpFacade.getScope(Scope.SESSION);
    if (session == null || !session.supportsAttachments()) {
        log.debug("session was null, returning null");
        return false;
    }
    ElytronAccount account;
    try {
        account = (ElytronAccount) session.getAttachment(ElytronAccount.class.getName());
    } catch (IllegalStateException e) {
        log.debug("session was invalidated.  Return false.");
        return false;
    }
    if (account == null) {
        log.debug("Account was not in session, returning null");
        return false;
    }
    KeycloakDeployment deployment = httpFacade.getDeployment();
    if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) {
        log.debug("Account in session belongs to a different realm than for this request.");
        return false;
    }
    boolean active = account.checkActive();
    if (!active) {
        active = account.tryRefresh();
    }
    if (active) {
        log.debug("Cached account found");
        restoreRequest();
        httpFacade.authenticationComplete(account, true);
        return true;
    } else {
        log.debug("Refresh failed. Account was not active. Returning null and invalidating Http session");
        try {
            session.setAttachment(KeycloakSecurityContext.class.getName(), null);
            session.setAttachment(ElytronAccount.class.getName(), null);
            session.invalidate();
        } catch (Exception e) {
            log.debug("Failed to invalidate session, might already be invalidated");
        }
        return false;
    }
}
Also used : HttpScope(org.wildfly.security.http.HttpScope) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)

Example 50 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class KeycloakConfigurationServletListener method contextInitialized.

@Override
public void contextInitialized(ServletContextEvent sce) {
    ServletContext servletContext = sce.getServletContext();
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    KeycloakConfigResolver configResolver;
    AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) servletContext.getAttribute(AdapterDeploymentContext.class.getName());
    if (deploymentContext == null) {
        if (configResolverClass != null) {
            try {
                configResolver = (KeycloakConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
                deploymentContext = new AdapterDeploymentContext(configResolver);
            } catch (Exception ex) {
                deploymentContext = new AdapterDeploymentContext(new KeycloakDeployment());
            }
        } else {
            InputStream is = getConfigInputStream(servletContext);
            KeycloakDeployment deployment;
            if (is == null) {
                deployment = new KeycloakDeployment();
            } else {
                deployment = KeycloakDeploymentBuilder.build(is);
            }
            deploymentContext = new AdapterDeploymentContext(deployment);
        }
    }
    servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
    servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
}
Also used : KeycloakConfigResolver(org.keycloak.adapters.KeycloakConfigResolver) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ServletContext(javax.servlet.ServletContext) FileNotFoundException(java.io.FileNotFoundException)

Aggregations

KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)69 Test (org.junit.Test)21 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)21 PolicyEnforcer (org.keycloak.adapters.authorization.PolicyEnforcer)20 AuthorizationContext (org.keycloak.AuthorizationContext)16 OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)14 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)12 AdapterDeploymentContext (org.keycloak.adapters.AdapterDeploymentContext)11 OAuthClient (org.keycloak.testsuite.util.OAuthClient)11 AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)10 InputStream (java.io.InputStream)9 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)9 AuthenticatedActionsHandler (org.keycloak.adapters.AuthenticatedActionsHandler)9 FileInputStream (java.io.FileInputStream)7 FileNotFoundException (java.io.FileNotFoundException)7 HashMap (java.util.HashMap)7 KeycloakConfigResolver (org.keycloak.adapters.KeycloakConfigResolver)6 AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)6 AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)6 List (java.util.List)5