Example 11 with UserSessionManager
use of org.keycloak.services.managers.UserSessionManager in project keycloak by keycloak.
the class UserSessionProviderOfflineModelTest method testLoadUserSessionsWithNotDeletedOfflineClientSessions.
@Test
public void testLoadUserSessionsWithNotDeletedOfflineClientSessions() {
// Suspend periodic tasks to avoid race-conditions, which may cause missing updates of lastSessionRefresh times to UserSessionPersisterProvider
TimerProvider timer = kcSession.getProvider(TimerProvider.class);
TimerProvider.TimerTaskContext timerTaskCtx = null;
if (timer != null) {
timerTaskCtx = timer.cancelTask(PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
log.info("Cancelled periodic task " + PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
}
InfinispanTestUtil.setTestingTimeService(kcSession);
try {
UserSessionModel[] origSessions = inComittedTransaction(session -> {
// Create some online sessions in infinispan
return UserSessionPersisterProviderTest.createSessions(session, realmId);
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
sessionManager = new UserSessionManager(session);
persister = session.getProvider(UserSessionPersisterProvider.class);
session.sessions().getUserSessionsStream(realm, realm.getClientByClientId("test-app")).collect(Collectors.toList()).forEach(userSession -> createOfflineSessionIncludeClientSessions(session, userSession));
});
log.info("Persisted 3 sessions to UserSessionPersisterProvider");
inComittedTransaction(session -> {
persister = session.getProvider(UserSessionPersisterProvider.class);
Assert.assertEquals(3, persister.getUserSessionsCount(true));
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
persister = session.getProvider(UserSessionPersisterProvider.class);
// Expire everything except offline client sessions
Time.setOffset(7000000);
persister.removeExpired(realm);
});
inComittedTransaction(session -> {
RealmModel realm = session.realms().getRealm(realmId);
sessionManager = new UserSessionManager(session);
persister = session.getProvider(UserSessionPersisterProvider.class);
Assert.assertEquals(0, persister.getUserSessionsCount(true));
// create two offline user sessions
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "ip1", null, false, null, null);
session.sessions().createOfflineUserSession(userSession);
session.sessions().createOfflineUserSession(origSessions[0]);
// try to load user session from persister
Assert.assertEquals(2, persister.loadUserSessionsStream(0, 10, true, "00000000-0000-0000-0000-000000000000").count());
});
} finally {
Time.setOffset(0);
kcSession.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
if (timer != null) {
timer.schedule(timerTaskCtx.getRunnable(), timerTaskCtx.getIntervalMillis(), PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
}
InfinispanTestUtil.revertTimeService();
}
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserSessionManager(org.keycloak.services.managers.UserSessionManager)
UserSessionModel(org.keycloak.models.UserSessionModel)
UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider)
ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent)
TimerProvider(org.keycloak.timer.TimerProvider)
Test(org.junit.Test)
KeycloakModelTest(org.keycloak.testsuite.model.KeycloakModelTest)
Example 12 with UserSessionManager
use of org.keycloak.services.managers.UserSessionManager in project keycloak by keycloak.
the class LogoutEndpoint method logoutToken.
/**
* Logout a session via a non-browser invocation. Similar signature to refresh token except there is no grant_type.
* You must pass in the refresh token and
* authenticate the client if it is not public.
*
* If the client is a confidential client
* you must include the client-id and secret in an Basic Auth Authorization header.
*
* If the client is a public client, then you must include a "client_id" form parameter.
*
* returns 204 if successful, 400 if not with a json error response.
*
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response logoutToken() {
cors = Cors.add(request).auth().allowedMethods("POST").auth().exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS);
MultivaluedMap<String, String> form = request.getDecodedFormParameters();
checkSsl();
event.event(EventType.LOGOUT);
ClientModel client = authorizeClient();
String refreshToken = form.getFirst(OAuth2Constants.REFRESH_TOKEN);
if (refreshToken == null) {
event.error(Errors.INVALID_TOKEN);
throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_REQUEST, "No refresh token", Response.Status.BAD_REQUEST);
}
try {
session.clientPolicy().triggerOnEvent(new LogoutRequestContext(form));
} catch (ClientPolicyException cpe) {
throw new CorsErrorResponseException(cors, cpe.getError(), cpe.getErrorDetail(), cpe.getErrorStatus());
}
RefreshToken token = null;
try {
// KEYCLOAK-6771 Certificate Bound Token
token = tokenManager.verifyRefreshToken(session, realm, client, request, refreshToken, false);
boolean offline = TokenUtil.TOKEN_TYPE_OFFLINE.equals(token.getType());
UserSessionModel userSessionModel;
if (offline) {
UserSessionManager sessionManager = new UserSessionManager(session);
userSessionModel = sessionManager.findOfflineUserSession(realm, token.getSessionState());
} else {
userSessionModel = session.sessions().getUserSession(realm, token.getSessionState());
}
if (userSessionModel != null) {
checkTokenIssuedAt(token, userSessionModel);
logout(userSessionModel, offline);
}
} catch (OAuthErrorException e) {
// KEYCLOAK-6771 Certificate Bound Token
if (MtlsHoKTokenUtil.CERT_VERIFY_ERROR_DESC.equals(e.getDescription())) {
event.error(Errors.NOT_ALLOWED);
throw new CorsErrorResponseException(cors, e.getError(), e.getDescription(), Response.Status.UNAUTHORIZED);
} else {
event.error(Errors.INVALID_TOKEN);
throw new CorsErrorResponseException(cors, e.getError(), e.getDescription(), Response.Status.BAD_REQUEST);
}
}
return cors.builder(Response.noContent()).build();
}
Also used :
UserSessionManager(org.keycloak.services.managers.UserSessionManager)
ClientModel(org.keycloak.models.ClientModel)
UserSessionModel(org.keycloak.models.UserSessionModel)
RefreshToken(org.keycloak.representations.RefreshToken)
OAuthErrorException(org.keycloak.OAuthErrorException)
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
LogoutRequestContext(org.keycloak.services.clientpolicy.context.LogoutRequestContext)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 13 with UserSessionManager
use of org.keycloak.services.managers.UserSessionManager in project keycloak by keycloak.
the class LogoutEndpoint method logoutOfflineUserSessions.
private void logoutOfflineUserSessions(String brokerUserId) {
UserSessionManager userSessionManager = new UserSessionManager(session);
session.sessions().getOfflineUserSessionByBrokerUserIdStream(realm, brokerUserId).collect(Collectors.toList()).forEach(userSessionManager::revokeOfflineUserSession);
}
Also used :
UserSessionManager(org.keycloak.services.managers.UserSessionManager)
Example 14 with UserSessionManager
use of org.keycloak.services.managers.UserSessionManager in project keycloak by keycloak.
the class UserResource method getConsents.
/**
* Get consents granted by the user
*
* @return
*/
@Path("consents")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Stream<Map<String, Object>> getConsents() {
auth.users().requireView(user);
Set<ClientModel> offlineClients = new UserSessionManager(session).findClientsWithOfflineToken(realm, user);
Set<ClientModel> clientsWithUserConsents = new HashSet<>();
List<UserConsentModel> userConsents = session.users().getConsentsStream(realm, user.getId()).peek(ucm -> clientsWithUserConsents.add(ucm.getClient())).collect(Collectors.toList());
return Stream.concat(userConsents.stream().map(consent -> toConsent(consent, offlineClients)), offlineClients.stream().filter(c -> !clientsWithUserConsents.contains(c)).map(this::toConsent));
}
Also used :
UserSessionManager(org.keycloak.services.managers.UserSessionManager)
EmailTemplateProvider(org.keycloak.email.EmailTemplateProvider)
RedirectUtils(org.keycloak.protocol.oidc.utils.RedirectUtils)
Produces(javax.ws.rs.Produces)
USER_API(org.keycloak.userprofile.UserProfileContext.USER_API)
MediaType(javax.ws.rs.core.MediaType)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Validation(org.keycloak.services.validation.Validation)
Map(java.util.Map)
ClientConnection(org.keycloak.common.ClientConnection)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
UriBuilder(javax.ws.rs.core.UriBuilder)
Time(org.keycloak.common.util.Time)
UserCredentialModel(org.keycloak.models.UserCredentialModel)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
Set(java.util.Set)
IdentityProviderModel(org.keycloak.models.IdentityProviderModel)
ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation)
Stream(java.util.stream.Stream)
LoginActionsService(org.keycloak.services.resources.LoginActionsService)
BruteForceProtector(org.keycloak.services.managers.BruteForceProtector)
WebApplicationException(javax.ws.rs.WebApplicationException)
GET(javax.ws.rs.GET)
Constants(org.keycloak.models.Constants)
ArrayList(java.util.ArrayList)
ResteasyProviderFactory(org.jboss.resteasy.spi.ResteasyProviderFactory)
UserModel(org.keycloak.models.UserModel)
UserProfileProvider(org.keycloak.userprofile.UserProfileProvider)
UserConsentManager(org.keycloak.services.managers.UserConsentManager)
ProviderFactory(org.keycloak.provider.ProviderFactory)
UserManager(org.keycloak.models.UserManager)
Properties(java.util.Properties)
CredentialModel(org.keycloak.credential.CredentialModel)
ExecuteActionsActionToken(org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken)
AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator)
KeycloakSession(org.keycloak.models.KeycloakSession)
EventType(org.keycloak.events.EventType)
RequiredActionProvider(org.keycloak.authentication.RequiredActionProvider)
IMPERSONATOR_USERNAME(org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
ValidationException(org.keycloak.userprofile.ValidationException)
ResourceType(org.keycloak.events.admin.ResourceType)
Path(javax.ws.rs.Path)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
RepresentationToModel(org.keycloak.models.utils.RepresentationToModel)
QueryParam(javax.ws.rs.QueryParam)
AuthenticationManager(org.keycloak.services.managers.AuthenticationManager)
Consumes(javax.ws.rs.Consumes)
ReadOnlyException(org.keycloak.storage.ReadOnlyException)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
DefaultValue(javax.ws.rs.DefaultValue)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
BadRequestException(javax.ws.rs.BadRequestException)
URI(java.net.URI)
AccountFormService(org.keycloak.services.resources.account.AccountFormService)
DELETE(javax.ws.rs.DELETE)
RealmModel(org.keycloak.models.RealmModel)
Context(javax.ws.rs.core.Context)
Collectors(java.util.stream.Collectors)
NotFoundException(javax.ws.rs.NotFoundException)
IMPERSONATOR_ID(org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID)
Objects(java.util.Objects)
List(java.util.List)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Response(javax.ws.rs.core.Response)
Details(org.keycloak.events.Details)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
ForbiddenException(org.keycloak.services.ForbiddenException)
ClientModel(org.keycloak.models.ClientModel)
OperationType(org.keycloak.events.admin.OperationType)
UserProfile(org.keycloak.userprofile.UserProfile)
PathParam(javax.ws.rs.PathParam)
UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation)
Profile(org.keycloak.common.Profile)
Logger(org.jboss.logging.Logger)
HashMap(java.util.HashMap)
ServicesLogger(org.keycloak.services.ServicesLogger)
ErrorRepresentation(org.keycloak.representations.idm.ErrorRepresentation)
MessageFormat(java.text.MessageFormat)
HashSet(java.util.HashSet)
EventBuilder(org.keycloak.events.EventBuilder)
UserConsentModel(org.keycloak.models.UserConsentModel)
EmailException(org.keycloak.email.EmailException)
GroupModel(org.keycloak.models.GroupModel)
LinkedList(java.util.LinkedList)
ProfileHelper(org.keycloak.utils.ProfileHelper)
Status(javax.ws.rs.core.Response.Status)
FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
POST(javax.ws.rs.POST)
UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel)
UserSessionModel(org.keycloak.models.UserSessionModel)
TimeUnit(java.util.concurrent.TimeUnit)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
UserSessionManager(org.keycloak.services.managers.UserSessionManager)
ModelException(org.keycloak.models.ModelException)
PUT(javax.ws.rs.PUT)
Collections(java.util.Collections)
ErrorResponse(org.keycloak.services.ErrorResponse)
ClientModel(org.keycloak.models.ClientModel)
UserConsentModel(org.keycloak.models.UserConsentModel)
HashSet(java.util.HashSet)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
Example 15 with UserSessionManager
use of org.keycloak.services.managers.UserSessionManager in project keycloak by keycloak.
the class UserSessionProviderOfflineTest method createOfflineSessionIncludeClientSessions.
private static Set<String> createOfflineSessionIncludeClientSessions(KeycloakSession session, UserSessionModel userSession) {
Set<String> offlineSessions = new HashSet<>();
UserSessionManager localManager = new UserSessionManager(session);
for (AuthenticatedClientSessionModel clientSession : userSession.getAuthenticatedClientSessions().values()) {
localManager.createOrUpdateOfflineSession(clientSession, userSession);
offlineSessions.add(clientSession.getClient().getId());
}
return offlineSessions;
}
Also used :
UserSessionManager(org.keycloak.services.managers.UserSessionManager)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
HashSet(java.util.HashSet)
Aggregations
UserSessionManager (org.keycloak.services.managers.UserSessionManager)15
UserSessionModel (org.keycloak.models.UserSessionModel)11
ClientModel (org.keycloak.models.ClientModel)9
AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)8
HashSet (java.util.HashSet)6
KeycloakSession (org.keycloak.models.KeycloakSession)6
RealmModel (org.keycloak.models.RealmModel)6
UserModel (org.keycloak.models.UserModel)6
Test (org.junit.Test)5
HashMap (java.util.HashMap)4
Map (java.util.Map)4
Set (java.util.Set)4
Collectors (java.util.stream.Collectors)4
Consumes (javax.ws.rs.Consumes)4
POST (javax.ws.rs.POST)4
LinkedList (java.util.LinkedList)3
List (java.util.List)3
Objects (java.util.Objects)3
AtomicReference (java.util.concurrent.atomic.AtomicReference)3
Context (javax.ws.rs.core.Context)3
