Search in sources :

Example 6 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class ClaimInformationPointProviderTest method testHttpClaimInformationPointProviderWithoutClaims.

@Test
public void testHttpClaimInformationPointProviderWithoutClaims() {
    HttpFacade httpFacade = createHttpFacade();
    Map<String, List<String>> claims = getClaimInformationProviderForPath("/http-get-claim-provider", "http").resolve(httpFacade);
    assertEquals("a-value1", claims.get("a").get(0));
    assertEquals("b-value1", claims.get("b").get(0));
    assertEquals("d-value1", claims.get("d").get(0));
    assertEquals("d-value2", claims.get("d").get(1));
    assertNull(claims.get("claim-a"));
    assertNull(claims.get("claim-d"));
    assertNull(claims.get("claim-d0"));
    assertNull(claims.get("claim-d-all"));
}
Also used : OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) HttpFacade(org.keycloak.adapters.spi.HttpFacade) List(java.util.List) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 7 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class SpringSecurityRequestAuthenticatorTest method setUp.

@Before
public void setUp() throws Exception {
    MockitoAnnotations.initMocks(this);
    request = spy(new MockHttpServletRequest());
    response = new MockHttpServletResponse();
    HttpFacade facade = new SimpleHttpFacade(request, response);
    authenticator = new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, 443);
    // mocks
    when(principal.getKeycloakSecurityContext()).thenReturn(refreshableKeycloakSecurityContext);
    when(refreshableKeycloakSecurityContext.getDeployment()).thenReturn(deployment);
    when(refreshableKeycloakSecurityContext.getToken()).thenReturn(accessToken);
    when(accessToken.getRealmAccess()).thenReturn(access);
    when(access.getRoles()).thenReturn(Sets.newSet("user", "admin"));
    when(deployment.isUseResourceRoleMappings()).thenReturn(false);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) HttpFacade(org.keycloak.adapters.spi.HttpFacade) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Before(org.junit.Before)

Example 8 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class KeycloakAuthenticationProcessingFilter method attemptAuthentication.

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
    log.debug("Attempting Keycloak authentication");
    HttpFacade facade = new SimpleHttpFacade(request, response);
    KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
    // using Spring authenticationFailureHandler
    deployment.setDelegateBearerErrorResponseSending(true);
    AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request, response);
    RequestAuthenticator authenticator = requestAuthenticatorFactory.createRequestAuthenticator(facade, request, deployment, tokenStore, -1);
    AuthOutcome result = authenticator.authenticate();
    log.debug("Auth outcome: {}", result);
    if (AuthOutcome.FAILED.equals(result)) {
        AuthChallenge challenge = authenticator.getChallenge();
        if (challenge != null) {
            challenge.challenge(facade);
        }
        throw new KeycloakAuthenticationException("Invalid authorization header, see WWW-Authenticate header for details");
    }
    if (AuthOutcome.NOT_ATTEMPTED.equals(result)) {
        AuthChallenge challenge = authenticator.getChallenge();
        if (challenge != null) {
            challenge.challenge(facade);
        }
        if (deployment.isBearerOnly()) {
            // no redirection in this mode, throwing exception for the spring handler
            throw new KeycloakAuthenticationException("Authorization header not found,  see WWW-Authenticate header");
        } else {
            // let continue if challenged, it may redirect
            return null;
        }
    } else if (AuthOutcome.AUTHENTICATED.equals(result)) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.notNull(authentication, "Authentication SecurityContextHolder was null");
        return authenticationManager.authenticate(authentication);
    } else {
        AuthChallenge challenge = authenticator.getChallenge();
        if (challenge != null) {
            challenge.challenge(facade);
        }
        return null;
    }
}
Also used : AuthChallenge(org.keycloak.adapters.spi.AuthChallenge) RequestAuthenticator(org.keycloak.adapters.RequestAuthenticator) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) HttpFacade(org.keycloak.adapters.spi.HttpFacade) Authentication(org.springframework.security.core.Authentication) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) AuthOutcome(org.keycloak.adapters.spi.AuthOutcome) KeycloakAuthenticationException(org.keycloak.adapters.springsecurity.KeycloakAuthenticationException) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Example 9 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class KeycloakAuthenticatedActionsFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    if (request.getAttribute(FILTER_APPLIED) != null) {
        filterChain.doFilter(request, response);
        return;
    }
    request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
    KeycloakSecurityContext keycloakSecurityContext = getKeycloakPrincipal();
    if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
        HttpFacade facade = new SimpleHttpFacade((HttpServletRequest) request, (HttpServletResponse) response);
        KeycloakDeployment deployment = resolveDeployment(request, response);
        AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, OIDCHttpFacade.class.cast(facade));
        if (actions.handledRequest()) {
            return;
        }
    }
    filterChain.doFilter(request, response);
}
Also used : AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) HttpFacade(org.keycloak.adapters.spi.HttpFacade) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)

Example 10 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class KeycloakLogoutHandler method handleSingleSignOut.

protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response, KeycloakAuthenticationToken authenticationToken) {
    HttpFacade facade = new SimpleHttpFacade(request, response);
    KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
    adapterTokenStoreFactory.createAdapterTokenStore(deployment, request, response).logout();
    RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authenticationToken.getAccount().getKeycloakSecurityContext();
    session.logout(deployment);
}
Also used : RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) HttpFacade(org.keycloak.adapters.spi.HttpFacade) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)

Aggregations

HttpFacade (org.keycloak.adapters.spi.HttpFacade)16 OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)8 List (java.util.List)6 Test (org.junit.Test)6 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)6 SimpleHttpFacade (org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)5 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)3 AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)3 AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)3 JsonParser (com.fasterxml.jackson.core.JsonParser)2 TreeNode (com.fasterxml.jackson.core.TreeNode)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 HashMap (java.util.HashMap)2 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)2 AbstractInitiateLogin (org.keycloak.adapters.saml.AbstractInitiateLogin)2 SamlAuthenticator (org.keycloak.adapters.saml.SamlAuthenticator)2 SamlSession (org.keycloak.adapters.saml.SamlSession)2 SamlSessionStore (org.keycloak.adapters.saml.SamlSessionStore)2