Example 46 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronHttpFacade method authenticationComplete.
void authenticationComplete(ElytronAccount account, boolean storeToken) {
this.securityIdentity = SecurityIdentityUtil.authorize(this.callbackHandler, account.getPrincipal());
if (securityIdentity != null) {
this.account = account;
RefreshableKeycloakSecurityContext keycloakSecurityContext = account.getKeycloakSecurityContext();
account.setCurrentRequestInfo(keycloakSecurityContext.getDeployment(), this.tokenStore);
if (storeToken) {
this.tokenStore.saveAccountInfo(account);
}
}
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
Example 47 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronHttpFacade method authenticationComplete.
void authenticationComplete() {
if (securityIdentity != null) {
HttpScope requestScope = request.getScope(Scope.EXCHANGE);
RefreshableKeycloakSecurityContext keycloakSecurityContext = account.getKeycloakSecurityContext();
requestScope.setAttachment(KeycloakSecurityContext.class.getName(), keycloakSecurityContext);
this.request.authenticationComplete(response -> {
if (!restored) {
responseConsumer.accept(response);
}
}, () -> ((ElytronTokeStore) tokenStore).logout(true));
}
}
Also used :
HttpScope(org.wildfly.security.http.HttpScope)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
Example 48 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronSessionTokenStore method logout.
@Override
public void logout(boolean glo) {
HttpScope session = this.httpFacade.getScope(Scope.SESSION);
if (!session.exists()) {
return;
}
KeycloakSecurityContext ksc = (KeycloakSecurityContext) session.getAttachment(KeycloakSecurityContext.class.getName());
try {
if (glo && ksc != null) {
KeycloakDeployment deployment = httpFacade.getDeployment();
session.invalidate();
if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
}
} else {
session.setAttachment(ElytronAccount.class.getName(), null);
session.setAttachment(KeycloakSecurityContext.class.getName(), null);
}
} catch (IllegalStateException ise) {
// Session may be already logged-out in case that app has adminUrl
log.debugf("Session %s logged-out already", session.getID());
}
}
Also used :
HttpScope(org.wildfly.security.http.HttpScope)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Example 49 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronCookieTokenStore method saveAccountInfo.
@Override
public void saveAccountInfo(OidcKeycloakAccount account) {
RefreshableKeycloakSecurityContext secContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext();
CookieTokenStore.setTokenCookie(this.httpFacade.getDeployment(), this.httpFacade, secContext);
HttpScope exchange = this.httpFacade.getScope(Scope.EXCHANGE);
exchange.registerForNotification(httpServerScopes -> logout());
exchange.setAttachment(ElytronAccount.class.getName(), account);
exchange.setAttachment(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext());
restoreRequest();
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
HttpScope(org.wildfly.security.http.HttpScope)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
Example 50 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class KeycloakSecurityRealm method createRealmIdentity.
private RealmIdentity createRealmIdentity(KeycloakPrincipal principal) {
return new RealmIdentity() {
@Override
public Principal getRealmIdentityPrincipal() {
return principal;
}
@Override
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
return SupportLevel.UNSUPPORTED;
}
@Override
public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException {
return null;
}
@Override
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException {
return SupportLevel.SUPPORTED;
}
@Override
public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
return principal != null;
}
@Override
public boolean exists() throws RealmUnavailableException {
return principal != null;
}
@Override
public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) principal.getKeycloakSecurityContext();
Attributes attributes = new MapAttributes();
Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
attributes.addAll(RoleDecoder.KEY_ROLES, roles);
return AuthorizationIdentity.basicIdentity(attributes);
}
};
}
Also used :
Credential(org.wildfly.security.credential.Credential)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
MapAttributes(org.wildfly.security.authz.MapAttributes)
MapAttributes(org.wildfly.security.authz.MapAttributes)
Attributes(org.wildfly.security.authz.Attributes)
Evidence(org.wildfly.security.evidence.Evidence)
RealmIdentity(org.wildfly.security.auth.server.RealmIdentity)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Aggregations
RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)52
KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)30
KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)10
OidcKeycloakAccount (org.keycloak.adapters.OidcKeycloakAccount)8
KeycloakAccount (org.keycloak.adapters.spi.KeycloakAccount)5
SimpleKeycloakAccount (org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount)5
KeycloakPrincipal (org.keycloak.KeycloakPrincipal)4
AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)4
HttpScope (org.wildfly.security.http.HttpScope)4
IOException (java.io.IOException)3
Principal (java.security.Principal)3
HttpSession (javax.servlet.http.HttpSession)3
Session (org.apache.catalina.Session)3
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)3
KeycloakAuthenticationToken (org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken)3
Before (org.junit.Before)2
OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)2
HttpFacade (org.keycloak.adapters.spi.HttpFacade)2
SimpleHttpFacade (org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)2
JWSInput (org.keycloak.jose.jws.JWSInput)2
