Examples with UndertowUserSessionManagement org.keycloak.adapters.undertow.UndertowUserSessionManagement used on opensource projects

Example 1 with UndertowUserSessionManagement

use of org.keycloak.adapters.undertow.UndertowUserSessionManagement in project keycloak by keycloak.

the class SamlServletExtension method handleDeployment.

@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) {
    if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) {
        log.debug("auth-method is not keycloak saml!");
        return;
    }
    log.debug("SamlServletException initialization");
    // Possible scenarios:
    // 1) The deployment has a keycloak.config.resolver specified and it exists:
    // Outcome: adapter uses the resolver
    // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
    // Outcome: adapter is left unconfigured
    // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
    // Outcome: adapter uses it
    // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
    // Outcome: adapter is left unconfigured
    SamlConfigResolver configResolver;
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    SamlDeploymentContext deploymentContext = null;
    if (configResolverClass != null) {
        try {
            configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        InputStream is = getConfigInputStream(servletContext);
        final SamlDeployment deployment;
        if (is == null) {
            log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return servletContext.getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.debug("Keycloak is using a per-deployment configuration.");
    }
    servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement);
    mech.addTokenStoreUpdaters(deploymentInfo);
    // setup handlers
    deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() {

        @Override
        public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
            return mech;
        }
    });
    // authentication
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return account;
        }

        @Override
        public Account verify(String id, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        @Override
        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    });
    ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
    if (cookieConfig == null) {
        cookieConfig = new ServletSessionConfig();
    }
    if (cookieConfig.getPath() == null) {
        log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
        cookieConfig.setPath(deploymentInfo.getContextPath());
        deploymentInfo.setServletSessionConfig(cookieConfig);
    }
    addEndpointConstraint(deploymentInfo);
    ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}