Example 11 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class UndertowCookieTokenStore method saveAccountInfo.
@Override
public void saveAccountInfo(OidcKeycloakAccount account) {
RefreshableKeycloakSecurityContext secContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext();
CookieTokenStore.setTokenCookie(deployment, facade, secContext);
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
Example 12 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronCookieTokenStore method isCached.
@Override
public boolean isCached(RequestAuthenticator authenticator) {
KeycloakDeployment deployment = httpFacade.getDeployment();
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, httpFacade, this);
if (principal == null) {
log.debug("Account was not in cookie or was invalid, returning null");
return false;
}
ElytronAccount account = new ElytronAccount(principal);
if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) {
log.debug("Account in session belongs to a different realm than for this request.");
return false;
}
boolean active = account.checkActive();
if (!active) {
active = account.tryRefresh();
}
if (active) {
log.debug("Cached account found");
restoreRequest();
httpFacade.authenticationComplete(account, true);
return true;
} else {
log.debug("Account was not active, removing cookie and returning false");
CookieTokenStore.removeCookie(deployment, httpFacade);
return false;
}
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Example 13 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronCookieTokenStore method checkCurrentToken.
@Override
public void checkCurrentToken() {
KeycloakDeployment deployment = httpFacade.getDeployment();
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, httpFacade, this);
if (principal == null) {
return;
}
RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
if (securityContext.isActive() && !securityContext.getDeployment().isAlwaysRefreshToken())
return;
// FYI: A refresh requires same scope, so same roles will be set. Otherwise, refresh will fail and token will
// not be updated
boolean success = securityContext.refreshExpiredToken(false);
if (success && securityContext.isActive())
return;
saveAccountInfo(new ElytronAccount(principal));
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Example 14 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class ElytronCookieTokenStore method logout.
@Override
public void logout(boolean glo) {
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(this.httpFacade.getDeployment(), this.httpFacade, this);
if (principal == null) {
return;
}
CookieTokenStore.removeCookie(this.httpFacade.getDeployment(), this.httpFacade);
if (glo) {
KeycloakSecurityContext ksc = (KeycloakSecurityContext) principal.getKeycloakSecurityContext();
if (ksc == null) {
return;
}
KeycloakDeployment deployment = httpFacade.getDeployment();
if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
}
}
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Example 15 with RefreshableKeycloakSecurityContext
use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.
the class KeycloakUndertowAccount method checkActive.
// Check if accessToken is active and try to refresh if it's not
public boolean checkActive() {
// this object may have been serialized, so we need to reset realm config/metadata
RefreshableKeycloakSecurityContext session = getKeycloakSecurityContext();
if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) {
log.debug("session is active");
return true;
}
log.debug("session is not active or refresh is enforced. Try refresh");
boolean success = session.refreshExpiredToken(false);
if (!success || !session.isActive()) {
log.debug("session is not active return with failure");
return false;
}
log.debug("refresh succeeded");
setRoles(session);
return true;
}
Also used :
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
Aggregations
RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)52
KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)30
KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)10
OidcKeycloakAccount (org.keycloak.adapters.OidcKeycloakAccount)8
KeycloakAccount (org.keycloak.adapters.spi.KeycloakAccount)5
SimpleKeycloakAccount (org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount)5
KeycloakPrincipal (org.keycloak.KeycloakPrincipal)4
AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)4
HttpScope (org.wildfly.security.http.HttpScope)4
IOException (java.io.IOException)3
Principal (java.security.Principal)3
HttpSession (javax.servlet.http.HttpSession)3
Session (org.apache.catalina.Session)3
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)3
KeycloakAuthenticationToken (org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken)3
Before (org.junit.Before)2
OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)2
HttpFacade (org.keycloak.adapters.spi.HttpFacade)2
SimpleHttpFacade (org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)2
JWSInput (org.keycloak.jose.jws.JWSInput)2
