Search in sources :

Example 1 with KeycloakAuthenticationException

use of org.keycloak.adapters.springsecurity.KeycloakAuthenticationException in project keycloak by keycloak.

the class KeycloakAuthenticationProcessingFilter method attemptAuthentication.

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
    log.debug("Attempting Keycloak authentication");
    HttpFacade facade = new SimpleHttpFacade(request, response);
    KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
    // using Spring authenticationFailureHandler
    deployment.setDelegateBearerErrorResponseSending(true);
    AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request, response);
    RequestAuthenticator authenticator = requestAuthenticatorFactory.createRequestAuthenticator(facade, request, deployment, tokenStore, -1);
    AuthOutcome result = authenticator.authenticate();
    log.debug("Auth outcome: {}", result);
    if (AuthOutcome.FAILED.equals(result)) {
        AuthChallenge challenge = authenticator.getChallenge();
        if (challenge != null) {
            challenge.challenge(facade);
        }
        throw new KeycloakAuthenticationException("Invalid authorization header, see WWW-Authenticate header for details");
    }
    if (AuthOutcome.NOT_ATTEMPTED.equals(result)) {
        AuthChallenge challenge = authenticator.getChallenge();
        if (challenge != null) {
            challenge.challenge(facade);
        }
        if (deployment.isBearerOnly()) {
            // no redirection in this mode, throwing exception for the spring handler
            throw new KeycloakAuthenticationException("Authorization header not found,  see WWW-Authenticate header");
        } else {
            // let continue if challenged, it may redirect
            return null;
        }
    } else if (AuthOutcome.AUTHENTICATED.equals(result)) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.notNull(authentication, "Authentication SecurityContextHolder was null");
        return authenticationManager.authenticate(authentication);
    } else {
        AuthChallenge challenge = authenticator.getChallenge();
        if (challenge != null) {
            challenge.challenge(facade);
        }
        return null;
    }
}
Also used : AuthChallenge(org.keycloak.adapters.spi.AuthChallenge) RequestAuthenticator(org.keycloak.adapters.RequestAuthenticator) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) HttpFacade(org.keycloak.adapters.spi.HttpFacade) Authentication(org.springframework.security.core.Authentication) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) SimpleHttpFacade(org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade) AuthOutcome(org.keycloak.adapters.spi.AuthOutcome) KeycloakAuthenticationException(org.keycloak.adapters.springsecurity.KeycloakAuthenticationException) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)

Aggregations

AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)1 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)1 RequestAuthenticator (org.keycloak.adapters.RequestAuthenticator)1 AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)1 AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)1 HttpFacade (org.keycloak.adapters.spi.HttpFacade)1 KeycloakAuthenticationException (org.keycloak.adapters.springsecurity.KeycloakAuthenticationException)1 SimpleHttpFacade (org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade)1 Authentication (org.springframework.security.core.Authentication)1