use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class ClaimInformationPointProviderTest method testHttpClaimInformationPointProviderWithoutClaims.
@Test
public void testHttpClaimInformationPointProviderWithoutClaims() {
HttpFacade httpFacade = createHttpFacade();
Map<String, List<String>> claims = getClaimInformationProviderForPath("/http-get-claim-provider", "http").resolve(httpFacade);
assertEquals("a-value1", claims.get("a").get(0));
assertEquals("b-value1", claims.get("b").get(0));
assertEquals("d-value1", claims.get("d").get(0));
assertEquals("d-value2", claims.get("d").get(1));
assertNull(claims.get("claim-a"));
assertNull(claims.get("claim-d"));
assertNull(claims.get("claim-d0"));
assertNull(claims.get("claim-d-all"));
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class SpringSecurityRequestAuthenticatorTest method setUp.
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
request = spy(new MockHttpServletRequest());
response = new MockHttpServletResponse();
HttpFacade facade = new SimpleHttpFacade(request, response);
authenticator = new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, 443);
// mocks
when(principal.getKeycloakSecurityContext()).thenReturn(refreshableKeycloakSecurityContext);
when(refreshableKeycloakSecurityContext.getDeployment()).thenReturn(deployment);
when(refreshableKeycloakSecurityContext.getToken()).thenReturn(accessToken);
when(accessToken.getRealmAccess()).thenReturn(access);
when(access.getRoles()).thenReturn(Sets.newSet("user", "admin"));
when(deployment.isUseResourceRoleMappings()).thenReturn(false);
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class KeycloakAuthenticationProcessingFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
log.debug("Attempting Keycloak authentication");
HttpFacade facade = new SimpleHttpFacade(request, response);
KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
// using Spring authenticationFailureHandler
deployment.setDelegateBearerErrorResponseSending(true);
AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request, response);
RequestAuthenticator authenticator = requestAuthenticatorFactory.createRequestAuthenticator(facade, request, deployment, tokenStore, -1);
AuthOutcome result = authenticator.authenticate();
log.debug("Auth outcome: {}", result);
if (AuthOutcome.FAILED.equals(result)) {
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
challenge.challenge(facade);
}
throw new KeycloakAuthenticationException("Invalid authorization header, see WWW-Authenticate header for details");
}
if (AuthOutcome.NOT_ATTEMPTED.equals(result)) {
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
challenge.challenge(facade);
}
if (deployment.isBearerOnly()) {
// no redirection in this mode, throwing exception for the spring handler
throw new KeycloakAuthenticationException("Authorization header not found, see WWW-Authenticate header");
} else {
// let continue if challenged, it may redirect
return null;
}
} else if (AuthOutcome.AUTHENTICATED.equals(result)) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Assert.notNull(authentication, "Authentication SecurityContextHolder was null");
return authenticationManager.authenticate(authentication);
} else {
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
challenge.challenge(facade);
}
return null;
}
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class KeycloakAuthenticatedActionsFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (request.getAttribute(FILTER_APPLIED) != null) {
filterChain.doFilter(request, response);
return;
}
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
KeycloakSecurityContext keycloakSecurityContext = getKeycloakPrincipal();
if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
HttpFacade facade = new SimpleHttpFacade((HttpServletRequest) request, (HttpServletResponse) response);
KeycloakDeployment deployment = resolveDeployment(request, response);
AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, OIDCHttpFacade.class.cast(facade));
if (actions.handledRequest()) {
return;
}
}
filterChain.doFilter(request, response);
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class KeycloakLogoutHandler method handleSingleSignOut.
protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response, KeycloakAuthenticationToken authenticationToken) {
HttpFacade facade = new SimpleHttpFacade(request, response);
KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
adapterTokenStoreFactory.createAdapterTokenStore(deployment, request, response).logout();
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authenticationToken.getAccount().getKeycloakSecurityContext();
session.logout(deployment);
}
Aggregations