Example 1 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class AbstractKeycloakLoginModule method postTokenVerification.
/**
* Called after accessToken was verified (including signature, expiration etc)
*/
protected Auth postTokenVerification(String tokenString, AccessToken token) {
boolean verifyCaller;
if (deployment.isUseResourceRoleMappings()) {
verifyCaller = token.isVerifyCaller(deployment.getResourceName());
} else {
verifyCaller = token.isVerifyCaller();
}
if (verifyCaller) {
throw new IllegalStateException("VerifyCaller not supported yet in login module");
}
RefreshableKeycloakSecurityContext skSession = new RefreshableKeycloakSecurityContext(deployment, null, tokenString, token, null, null, null);
String principalName = AdapterUtils.getPrincipalName(deployment, token);
final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(principalName, skSession);
final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(skSession);
return new Auth(principal, roles, tokenString);
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakPrincipal(org.keycloak.KeycloakPrincipal)
Example 2 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class SerializationServlet method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
PrintWriter pw = resp.getWriter();
// Serialize
ByteArrayOutputStream bso = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bso);
oos.writeObject(req.getUserPrincipal());
oos.close();
// Deserialize
byte[] bytes = bso.toByteArray();
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bis) {
@Override
public Class resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
try {
return Class.forName(desc.getName(), true, SerializationServlet.class.getClassLoader());
} catch (Exception e) {
}
// Fall back (e.g. for primClasses)
return super.resolveClass(desc);
}
};
KeycloakPrincipal principal;
try {
principal = (KeycloakPrincipal) ois.readObject();
} catch (ClassNotFoundException e) {
e.printStackTrace();
pw.write("Deserialization failed");
return;
}
KeycloakSecurityContext ctx = principal.getKeycloakSecurityContext();
if (!(ctx instanceof RefreshableKeycloakSecurityContext)) {
pw.write("Context was not instance of RefreshableKeycloakSecurityContext");
}
pw.write("Serialization/Deserialization was successful");
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ObjectOutputStream(java.io.ObjectOutputStream)
IOException(java.io.IOException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
ObjectStreamClass(java.io.ObjectStreamClass)
PrintWriter(java.io.PrintWriter)
ObjectInputStream(java.io.ObjectInputStream)
KeycloakPrincipal(org.keycloak.KeycloakPrincipal)
Example 3 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class AbstractShowTokensServlet method renderTokens.
protected String renderTokens(HttpServletRequest req) throws ServletException, IOException {
RefreshableKeycloakSecurityContext ctx = (RefreshableKeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(ctx.getToken());
RefreshToken refreshToken;
try {
refreshToken = new JWSInput(ctx.getRefreshToken()).readJsonContent(RefreshToken.class);
} catch (JWSInputException e) {
throw new IOException(e);
}
String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);
return new StringBuilder("<span id=\"accessToken\">" + accessTokenPretty + "</span>").append("<span id=\"refreshToken\">" + refreshTokenPretty + "</span>").append("<span id=\"accessTokenString\">" + ctx.getTokenString() + "</span>").append("<span id=\"refreshTokenString\">" + ctx.getRefreshToken() + "</span>").toString();
}
Also used :
RefreshToken(org.keycloak.representations.RefreshToken)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
JWSInput(org.keycloak.jose.jws.JWSInput)
IOException(java.io.IOException)
Example 4 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class AbstractKeycloakJettyAuthenticator method logoutCurrent.
public void logoutCurrent(Request request) {
AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) request.getAttribute(AdapterDeploymentContext.class.getName());
KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
if (ksc != null) {
JettyHttpFacade facade = new OIDCJettyHttpFacade(request, null);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (ksc instanceof RefreshableKeycloakSecurityContext) {
((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
}
AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
tokenStore.logout();
request.removeAttribute(KeycloakSecurityContext.class.getName());
}
}
Also used :
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
JettyHttpFacade(org.keycloak.adapters.jetty.spi.JettyHttpFacade)
AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)
Example 5 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class JettyCookieTokenStore method isCached.
@Override
public boolean isCached(RequestAuthenticator authenticator) {
// Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request
if (authenticatedPrincipal != null) {
log.debug("remote logged in already. Establish state from cookie");
RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext();
if (!securityContext.getRealm().equals(deployment.getRealm())) {
log.debug("Account from cookie is from a different realm than for the request.");
return false;
}
securityContext.setCurrentRequestInfo(deployment, this);
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
JettyRequestAuthenticator jettyAuthenticator = (JettyRequestAuthenticator) authenticator;
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = AdapterUtils.createPrincipal(deployment, securityContext);
jettyAuthenticator.principal = principal;
return true;
} else {
return false;
}
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
Aggregations
RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)52
KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)30
KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)10
OidcKeycloakAccount (org.keycloak.adapters.OidcKeycloakAccount)8
KeycloakAccount (org.keycloak.adapters.spi.KeycloakAccount)5
SimpleKeycloakAccount (org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount)5
KeycloakPrincipal (org.keycloak.KeycloakPrincipal)4
AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)4
HttpScope (org.wildfly.security.http.HttpScope)4
IOException (java.io.IOException)3
Principal (java.security.Principal)3
HttpSession (javax.servlet.http.HttpSession)3
Session (org.apache.catalina.Session)3
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)3
KeycloakAuthenticationToken (org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken)3
Before (org.junit.Before)2
OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)2
HttpFacade (org.keycloak.adapters.spi.HttpFacade)2
SimpleHttpFacade (org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)2
JWSInput (org.keycloak.jose.jws.JWSInput)2
