Search in sources :

Example 41 with RefreshableKeycloakSecurityContext

use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.

the class CatalinaCookieTokenStore method isCached.

@Override
public boolean isCached(RequestAuthenticator authenticator) {
    // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request
    if (authenticatedPrincipal != null) {
        log.fine("remote logged in already. Establish state from cookie");
        RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext();
        if (!securityContext.getRealm().equals(deployment.getRealm())) {
            log.fine("Account from cookie is from a different realm than for the request.");
            return false;
        }
        securityContext.setCurrentRequestInfo(deployment, this);
        Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
        GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles);
        request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
        request.setUserPrincipal(principal);
        request.setAuthType("KEYCLOAK");
        return true;
    } else {
        return false;
    }
}
Also used : GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)

Example 42 with RefreshableKeycloakSecurityContext

use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.

the class CatalinaCookieTokenStore method saveAccountInfo.

@Override
public void saveAccountInfo(OidcKeycloakAccount account) {
    RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext();
    CookieTokenStore.setTokenCookie(deployment, facade, securityContext);
}
Also used : RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)

Example 43 with RefreshableKeycloakSecurityContext

use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.

the class CatalinaSessionTokenStore method saveAccountInfo.

@Override
public void saveAccountInfo(OidcKeycloakAccount account) {
    RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext();
    Set<String> roles = account.getRoles();
    GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles);
    SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext);
    Session session = request.getSessionInternal(true);
    session.setPrincipal(principal);
    session.setAuthType("KEYCLOAK");
    session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount);
    session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext());
    String username = securityContext.getToken().getSubject();
    log.fine("userSessionManagement.login: " + username);
    this.sessionManagement.login(session);
}
Also used : GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) Session(org.apache.catalina.Session)

Example 44 with RefreshableKeycloakSecurityContext

use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.

the class CatalinaSessionTokenStore method checkCurrentToken.

@Override
public void checkCurrentToken() {
    Session catalinaSession = request.getSessionInternal(false);
    if (catalinaSession == null)
        return;
    SerializableKeycloakAccount account = (SerializableKeycloakAccount) catalinaSession.getSession().getAttribute(SerializableKeycloakAccount.class.getName());
    if (account == null) {
        return;
    }
    RefreshableKeycloakSecurityContext session = account.getKeycloakSecurityContext();
    if (session == null)
        return;
    // just in case session got serialized
    if (session.getDeployment() == null)
        session.setCurrentRequestInfo(deployment, this);
    if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) {
        request.setAttribute(KeycloakSecurityContext.class.getName(), session);
        request.setUserPrincipal(account.getPrincipal());
        request.setAuthType("KEYCLOAK");
        return;
    }
    // FYI: A refresh requires same scope, so same roles will be set.  Otherwise, refresh will fail and token will
    // not be updated
    boolean success = session.refreshExpiredToken(false);
    if (success && session.isActive()) {
        request.setAttribute(KeycloakSecurityContext.class.getName(), session);
        request.setUserPrincipal(account.getPrincipal());
        request.setAuthType("KEYCLOAK");
        return;
    }
    // Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
    log.fine("Cleanup and expire session " + catalinaSession.getId() + " after failed refresh");
    request.setUserPrincipal(null);
    request.setAuthType(null);
    cleanSession(catalinaSession);
    catalinaSession.expire();
}
Also used : RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) Session(org.apache.catalina.Session)

Example 45 with RefreshableKeycloakSecurityContext

use of org.keycloak.adapters.RefreshableKeycloakSecurityContext in project keycloak by keycloak.

the class ElytronAccount method checkActive.

public boolean checkActive() {
    RefreshableKeycloakSecurityContext session = getKeycloakSecurityContext();
    if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) {
        log.debug("session is active");
        return true;
    }
    log.debug("session not active");
    return false;
}
Also used : RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)

Aggregations

RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)52 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)30 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)10 OidcKeycloakAccount (org.keycloak.adapters.OidcKeycloakAccount)8 KeycloakAccount (org.keycloak.adapters.spi.KeycloakAccount)5 SimpleKeycloakAccount (org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount)5 KeycloakPrincipal (org.keycloak.KeycloakPrincipal)4 AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)4 HttpScope (org.wildfly.security.http.HttpScope)4 IOException (java.io.IOException)3 Principal (java.security.Principal)3 HttpSession (javax.servlet.http.HttpSession)3 Session (org.apache.catalina.Session)3 GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)3 KeycloakAuthenticationToken (org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken)3 Before (org.junit.Before)2 OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)2 HttpFacade (org.keycloak.adapters.spi.HttpFacade)2 SimpleHttpFacade (org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)2 JWSInput (org.keycloak.jose.jws.JWSInput)2