Examples with HttpFacade org.keycloak.adapters.spi.HttpFacade used on opensource projects

Example 11 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class KeycloakPreAuthActionsFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpFacade facade = new SimpleHttpFacade((HttpServletRequest) request, (HttpServletResponse) response);
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null) {
        return;
    }
    if (deployment.isConfigured()) {
        nodesRegistrationManagement.tryRegister(deploymentContext.resolveDeployment(facade));
    }
    PreAuthActionsHandler handler = preAuthActionsHandlerFactory.createPreAuthActionsHandler(facade);
    if (handler.handleRequest()) {
        log.debug("Pre-auth filter handled request: {}", ((HttpServletRequest) request).getRequestURI());
    } else {
        chain.doFilter(request, response);
    }
}

Example 12 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class AbstractSamlAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
    if (log.isTraceEnabled()) {
        log.trace("*** authenticate");
    }
    Request request = resolveRequest(req);
    JettyHttpFacade facade = new JettyHttpFacade(request, (HttpServletResponse) res);
    SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
        log.debug("*** deployment isn't configured return false");
        return Authentication.UNAUTHENTICATED;
    }
    boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
    if (!mandatory && !isEndpoint)
        return new DeferredAuthentication(this);
    JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment);
    SamlAuthenticator authenticator = null;
    if (isEndpoint) {
        authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {

            @Override
            protected void completeAuthentication(SamlSession account) {
            }

            @Override
            protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
                return new SamlEndpoint(facade, deployment, sessionStore);
            }
        };
    } else {
        authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {

            @Override
            protected void completeAuthentication(SamlSession account) {
            }

            @Override
            protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
                return new BrowserHandler(facade, deployment, sessionStore);
            }
        };
    }
    AuthOutcome outcome = authenticator.authenticate();
    if (outcome == AuthOutcome.AUTHENTICATED) {
        if (facade.isEnded()) {
            return Authentication.SEND_SUCCESS;
        }
        SamlSession samlSession = tokenStore.getAccount();
        Authentication authentication = register(request, samlSession);
        return authentication;
    }
    if (outcome == AuthOutcome.LOGGED_OUT) {
        logoutCurrent(request);
        if (deployment.getLogoutPage() != null) {
            forwardToLogoutPage(request, (HttpServletResponse) res, deployment);
        }
        return Authentication.SEND_CONTINUE;
    }
    AuthChallenge challenge = authenticator.getChallenge();
    if (challenge != null) {
        challenge.challenge(facade);
    }
    return Authentication.SEND_CONTINUE;
}

Example 13 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class SamlFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    ServletHttpFacade facade = new ServletHttpFacade(request, response);
    SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
        response.sendError(403);
        log.fine("deployment not configured");
        return;
    }
    FilterSamlSessionStore tokenStore = new FilterSamlSessionStore(request, facade, 100000, idMapper, deployment);
    boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
    SamlAuthenticator authenticator;
    if (isEndpoint) {
        authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {

            @Override
            protected void completeAuthentication(SamlSession account) {
            }

            @Override
            protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
                return new SamlEndpoint(facade, deployment, sessionStore);
            }
        };
    } else {
        authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {

            @Override
            protected void completeAuthentication(SamlSession account) {
            }

            @Override
            protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
                return new BrowserHandler(facade, deployment, sessionStore);
            }
        };
    }
    AuthOutcome outcome = authenticator.authenticate();
    if (outcome == AuthOutcome.AUTHENTICATED) {
        log.fine("AUTHENTICATED");
        if (facade.isEnded()) {
            return;
        }
        HttpServletRequestWrapper wrapper = tokenStore.getWrap();
        chain.doFilter(wrapper, res);
        return;
    }
    if (outcome == AuthOutcome.LOGGED_OUT) {
        tokenStore.logoutAccount();
        String logoutPage = deployment.getLogoutPage();
        if (logoutPage != null) {
            if (PROTOCOL_PATTERN.matcher(logoutPage).find()) {
                response.sendRedirect(logoutPage);
                log.log(Level.FINE, "Redirected to logout page {0}", logoutPage);
            } else {
                RequestDispatcher disp = req.getRequestDispatcher(logoutPage);
                disp.forward(req, res);
            }
            return;
        }
        chain.doFilter(req, res);
        return;
    }
    AuthChallenge challenge = authenticator.getChallenge();
    if (challenge != null) {
        log.fine("challenge");
        challenge.challenge(facade);
        return;
    }
    if (deployment.isIsPassive() && outcome == AuthOutcome.NOT_AUTHENTICATED) {
        log.fine("PASSIVE_NOT_AUTHENTICATED");
        if (facade.isEnded()) {
            return;
        }
        chain.doFilter(req, res);
        return;
    }
    if (!facade.isEnded()) {
        response.sendError(403);
    }
}

Example 14 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class ClaimInformationPointProviderTest method testBasicClaimsInformationPoint.

@Test
public void testBasicClaimsInformationPoint() {
    HttpFacade httpFacade = createHttpFacade();
    Map<String, List<String>> claims = getClaimInformationProviderForPath("/claims-provider", "claims").resolve(httpFacade);
    assertEquals("parameter-a", claims.get("claim-from-request-parameter").get(0));
    assertEquals("header-b", claims.get("claim-from-header").get(0));
    assertEquals("cookie-c", claims.get("claim-from-cookie").get(0));
    assertEquals("user-remote-addr", claims.get("claim-from-remoteAddr").get(0));
    assertEquals("GET", claims.get("claim-from-method").get(0));
    assertEquals("/app/request-uri", claims.get("claim-from-uri").get(0));
    assertEquals("/request-relative-path", claims.get("claim-from-relativePath").get(0));
    assertEquals("true", claims.get("claim-from-secure").get(0));
    assertEquals("static value", claims.get("claim-from-static-value").get(0));
    assertEquals("static", claims.get("claim-from-multiple-static-value").get(0));
    assertEquals("value", claims.get("claim-from-multiple-static-value").get(1));
    assertEquals("Test param-other-claims-value1 and parameter-a", claims.get("param-replace-multiple-placeholder").get(0));
}

Example 15 with HttpFacade

use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.

the class ClaimInformationPointProviderTest method testBodyJsonClaimsInformationPoint.

@Test
public void testBodyJsonClaimsInformationPoint() throws Exception {
    Map<String, List<String>> headers = new HashMap<>();
    headers.put("Content-Type", Arrays.asList("application/json"));
    ObjectMapper mapper = JsonSerialization.mapper;
    JsonParser parser = mapper.getFactory().createParser("{\"a\": {\"b\": {\"c\": \"c-value\"}}, \"d\": [\"d-value1\", \"d-value2\"], \"e\": {\"number\": 123}}");
    TreeNode treeNode = mapper.readTree(parser);
    HttpFacade httpFacade = createHttpFacade(headers, new ByteArrayInputStream(treeNode.toString().getBytes()));
    Map<String, List<String>> claims = getClaimInformationProviderForPath("/claims-provider", "claims").resolve(httpFacade);
    assertEquals("c-value", claims.get("claim-from-json-body-object").get(0));
    assertEquals("d-value2", claims.get("claim-from-json-body-array").get(0));
    assertEquals("123", claims.get("claim-from-json-body-number").get(0));
}