Examples with KeycloakDeployment org.keycloak.adapters.KeycloakDeployment used on opensource projects

Example 36 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class UndertowKeycloakConsumer method handleRequest.

@Override
public void handleRequest(HttpServerExchange httpExchange) throws Exception {
    if (shouldSkip(httpExchange.getRequestPath())) {
        super.handleRequest(httpExchange);
        return;
    }
    // perform only non-blocking operation on exchange
    if (httpExchange.isInIoThread()) {
        httpExchange.dispatch(this);
        return;
    }
    OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(httpExchange);
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
        httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
        LOG.fine("deployment not configured");
        return;
    }
    LOG.fine("executing PreAuthActionsHandler");
    SessionManagementBridge bridge = new SessionManagementBridge(userSessionManagement, sessionManager);
    PreAuthActionsHandler preAuth = new PreAuthActionsHandler(bridge, deploymentContext, facade);
    if (preAuth.handleRequest())
        return;
    SecurityContext securityContext = httpExchange.getSecurityContext();
    if (securityContext == null) {
        securityContext = new SecurityContextImpl(httpExchange, IDENTITY_MANAGER);
    }
    AdapterTokenStore tokenStore = getTokenStore(httpExchange, facade, deployment, securityContext);
    tokenStore.checkCurrentToken();
    LOG.fine("executing AuthenticatedActionsHandler");
    RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, httpExchange, tokenStore);
    AuthOutcome outcome = authenticator.authenticate();
    if (outcome == AuthOutcome.AUTHENTICATED) {
        LOG.fine("AUTHENTICATED");
        if (httpExchange.isResponseComplete()) {
            return;
        }
        AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, facade);
        if (actions.handledRequest()) {
            return;
        } else {
            final Account authenticatedAccount = securityContext.getAuthenticatedAccount();
            if (authenticatedAccount instanceof KeycloakUndertowAccount) {
                final KeycloakUndertowAccount kua = (KeycloakUndertowAccount) authenticatedAccount;
                httpExchange.putAttachment(KEYCLOAK_PRINCIPAL_KEY, (KeycloakPrincipal) kua.getPrincipal());
            }
            Set<String> roles = authenticatedAccount.getRoles();
            if (roles == null) {
                roles = Collections.EMPTY_SET;
            }
            LOG.log(Level.FINE, "Allowed roles: {0}, current roles: {1}", new Object[] { allowedRoles, roles });
            if (isRoleAllowed(roles, httpExchange)) {
                super.handleRequest(httpExchange);
            } else {
                httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
            }
            return;
        }
    }
    AuthChallenge challenge = authenticator.getChallenge();
    if (challenge != null) {
        LOG.fine("challenge");
        challenge.challenge(facade);
        return;
    }
    httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
}

Example 37 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class KeycloakSecurityContextRequestFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    if (request.getAttribute(FILTER_APPLIED) != null) {
        filterChain.doFilter(request, response);
        return;
    }
    request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
    KeycloakSecurityContext keycloakSecurityContext = getKeycloakSecurityContext();
    if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
        RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext;
        KeycloakDeployment deployment = resolveDeployment(request, response);
        // just in case session got serialized
        if (refreshableSecurityContext.getDeployment() == null) {
            log.trace("Recreating missing deployment and related fields in deserialized context");
            AdapterTokenStore adapterTokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, (HttpServletRequest) request, (HttpServletResponse) response);
            refreshableSecurityContext.setCurrentRequestInfo(deployment, adapterTokenStore);
        }
        if (!refreshableSecurityContext.isActive() || deployment.isAlwaysRefreshToken()) {
            if (refreshableSecurityContext.refreshExpiredToken(false)) {
                request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext);
            } else {
                clearAuthenticationContext();
            }
        }
        request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
    }
    filterChain.doFilter(request, response);
}

Example 38 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class KeycloakAuthenticatedActionsFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    if (request.getAttribute(FILTER_APPLIED) != null) {
        filterChain.doFilter(request, response);
        return;
    }
    request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
    KeycloakSecurityContext keycloakSecurityContext = getKeycloakPrincipal();
    if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
        HttpFacade facade = new SimpleHttpFacade((HttpServletRequest) request, (HttpServletResponse) response);
        KeycloakDeployment deployment = resolveDeployment(request, response);
        AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, OIDCHttpFacade.class.cast(facade));
        if (actions.handledRequest()) {
            return;
        }
    }
    filterChain.doFilter(request, response);
}

Example 39 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class PathBasedKeycloakConfigResolverTest method populate.

@SuppressWarnings("unchecked")
private PathBasedKeycloakConfigResolver populate(PathBasedKeycloakConfigResolver resolver, String context) throws Exception {
    Field f = PathBasedKeycloakConfigResolver.class.getDeclaredField("cache");
    f.setAccessible(true);
    Map<String, KeycloakDeployment> cache = (Map<String, KeycloakDeployment>) f.get(resolver);
    cache.clear();
    cache.put(context, new KeycloakDeployment());
    return resolver;
}

Example 40 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class KeycloakLogoutHandler method handleSingleSignOut.

protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response, KeycloakAuthenticationToken authenticationToken) {
    HttpFacade facade = new SimpleHttpFacade(request, response);
    KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
    adapterTokenStoreFactory.createAdapterTokenStore(deployment, request, response).logout();
    RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authenticationToken.getAccount().getKeycloakSecurityContext();
    session.logout(deployment);
}