use of org.keycloak.models.KeycloakSession in project keycloak by keycloak.
the class ApplicationsBean method getApplications.
private Stream<ClientModel> getApplications(KeycloakSession session, RealmModel realm, UserModel user) {
Predicate<ClientModel> bearerOnly = ClientModel::isBearerOnly;
Stream<ClientModel> clients = realm.getClientsStream().filter(bearerOnly.negate());
Predicate<ClientModel> isLocal = client -> new StorageId(client.getId()).isLocal();
return Stream.concat(clients, session.users().getConsentsStream(realm, user.getId()).map(UserConsentModel::getClient).filter(isLocal.negate())).distinct();
}
use of org.keycloak.models.KeycloakSession in project keycloak by keycloak.
the class SingleFileImportProvider method importModel.
@Override
public void importModel(KeycloakSessionFactory factory, final Strategy strategy) throws IOException {
logger.infof("Full importing from file %s", this.file.getAbsolutePath());
checkRealmReps();
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
@Override
protected void runExportImportTask(KeycloakSession session) throws IOException {
ImportUtils.importRealms(session, realmReps.values(), strategy);
}
});
}
use of org.keycloak.models.KeycloakSession in project keycloak by keycloak.
the class LoginFormsUtil method filterIdentityProviders.
public static List<IdentityProviderModel> filterIdentityProviders(Stream<IdentityProviderModel> providers, KeycloakSession session, AuthenticationFlowContext context) {
if (context != null) {
AuthenticationSessionModel authSession = context.getAuthenticationSession();
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
final IdentityProviderModel existingIdp = (serializedCtx == null) ? null : serializedCtx.deserialize(session, authSession).getIdpConfig();
final Set<String> federatedIdentities;
if (context.getUser() != null) {
federatedIdentities = session.users().getFederatedIdentitiesStream(session.getContext().getRealm(), context.getUser()).map(federatedIdentityModel -> federatedIdentityModel.getIdentityProvider()).collect(Collectors.toSet());
} else {
federatedIdentities = null;
}
return providers.filter(p -> {
// Filter current IDP during first-broker-login flow. Re-authentication with the "linked" broker should not be possible
if (existingIdp == null)
return true;
return !Objects.equals(p.getAlias(), existingIdp.getAlias());
}).filter(idp -> {
// In case that we already have user established in authentication session, we show just providers already linked to this user
if (federatedIdentities == null)
return true;
return federatedIdentities.contains(idp.getAlias());
}).collect(Collectors.toList());
}
return providers.collect(Collectors.toList());
}
use of org.keycloak.models.KeycloakSession in project keycloak by keycloak.
the class AuthenticationManager method browserLogoutAllClients.
private static Response browserLogoutAllClients(UserSessionModel userSession, KeycloakSession session, RealmModel realm, HttpHeaders headers, UriInfo uriInfo, AuthenticationSessionModel logoutAuthSession) {
Map<Boolean, List<AuthenticatedClientSessionModel>> acss = userSession.getAuthenticatedClientSessions().values().stream().filter(clientSession -> !Objects.equals(AuthenticationSessionModel.Action.LOGGED_OUT.name(), clientSession.getAction()) && !Objects.equals(AuthenticationSessionModel.Action.LOGGING_OUT.name(), clientSession.getAction())).filter(clientSession -> clientSession.getProtocol() != null).collect(Collectors.partitioningBy(clientSession -> clientSession.getClient().isFrontchannelLogout()));
final List<AuthenticatedClientSessionModel> backendLogoutSessions = acss.get(false) == null ? Collections.emptyList() : acss.get(false);
backendLogoutSessions.forEach(acs -> backchannelLogoutClientSession(session, realm, acs, logoutAuthSession, uriInfo, headers));
final List<AuthenticatedClientSessionModel> redirectClients = acss.get(true) == null ? Collections.emptyList() : acss.get(true);
for (AuthenticatedClientSessionModel nextRedirectClient : redirectClients) {
Response response = frontchannelLogoutClientSession(session, realm, nextRedirectClient, logoutAuthSession, uriInfo, headers);
if (response != null) {
return response;
}
}
return null;
}
use of org.keycloak.models.KeycloakSession in project keycloak by keycloak.
the class KeycloakSecurityHeadersFilter method filter.
@Override
public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
KeycloakSession session = Resteasy.getContextData(KeycloakSession.class);
SecurityHeadersProvider securityHeadersProvider = session.getProvider(SecurityHeadersProvider.class);
securityHeadersProvider.addHeaders(containerRequestContext, containerResponseContext);
}
Aggregations