Example 1 with HttpScope
use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.
the class ElytronHttpFacade method getResponse.
@Override
public Response getResponse() {
return new Response() {
@Override
public void setStatus(final int status) {
if (status < 200 || status > 300) {
responseConsumer = responseConsumer.andThen(response -> response.setStatusCode(status));
}
}
@Override
public void addHeader(final String name, final String value) {
headers.put(name, value);
responseConsumer = responseConsumer.andThen(new Consumer<HttpServerResponse>() {
@Override
public void accept(HttpServerResponse response) {
String latestValue = headers.get(name);
if (latestValue.equals(value)) {
response.addResponseHeader(name, latestValue);
}
}
});
}
@Override
public void setHeader(String name, String value) {
addHeader(name, value);
}
@Override
public void resetCookie(final String name, final String path) {
responseConsumer = responseConsumer.andThen(response -> setCookie(name, "", path, null, 0, false, false, response));
HttpScope exchangeScope = getScope(Scope.EXCHANGE);
ProtectedHttpServerExchange undertowExchange = ProtectedHttpServerExchange.class.cast(exchangeScope.getAttachment(UNDERTOW_EXCHANGE));
if (undertowExchange != null) {
CookieImpl cookie = new CookieImpl(name, "");
cookie.setMaxAge(0);
cookie.setPath(path);
undertowExchange.getExchange().setResponseCookie(cookie);
}
}
@Override
public void setCookie(final String name, final String value, final String path, final String domain, final int maxAge, final boolean secure, final boolean httpOnly) {
responseConsumer = responseConsumer.andThen(response -> setCookie(name, value, path, domain, maxAge, secure, httpOnly, response));
}
private void setCookie(final String name, final String value, final String path, final String domain, final int maxAge, final boolean secure, final boolean httpOnly, HttpServerResponse response) {
response.setResponseCookie(new HttpServerCookie() {
@Override
public String getName() {
return name;
}
@Override
public String getValue() {
return value;
}
@Override
public String getDomain() {
return domain;
}
@Override
public int getMaxAge() {
return maxAge;
}
@Override
public String getPath() {
return path;
}
@Override
public boolean isSecure() {
return secure;
}
@Override
public int getVersion() {
return 0;
}
@Override
public boolean isHttpOnly() {
return httpOnly;
}
});
}
@Override
public OutputStream getOutputStream() {
ByteArrayOutputStream stream = new ByteArrayOutputStream();
responseConsumer = responseConsumer.andThen(new Consumer<HttpServerResponse>() {
@Override
public void accept(HttpServerResponse httpServerResponse) {
try {
httpServerResponse.getOutputStream().write(stream.toByteArray());
} catch (IOException e) {
throw new RuntimeException("Failed to write to response output stream", e);
}
}
});
return stream;
}
@Override
public void sendError(int code) {
setStatus(code);
}
@Override
public void sendError(final int code, final String message) {
responseConsumer = responseConsumer.andThen(response -> {
response.setStatusCode(code);
response.addResponseHeader("Content-Type", "text/html");
try {
response.getOutputStream().write(message.getBytes());
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Override
public void end() {
}
};
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
URLDecoder(java.net.URLDecoder)
CookieImpl(io.undertow.server.handlers.CookieImpl)
ServletInputStream(javax.servlet.ServletInputStream)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
HttpServerExchange(io.undertow.server.HttpServerExchange)
HashMap(java.util.HashMap)
InetAddress(java.net.InetAddress)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
AuthChallenge(org.keycloak.adapters.spi.AuthChallenge)
Map(java.util.Map)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade)
URI(java.net.URI)
HttpServerCookie(org.wildfly.security.http.HttpServerCookie)
LogoutError(org.keycloak.adapters.spi.LogoutError)
OutputStream(java.io.OutputStream)
Scope(org.wildfly.security.http.Scope)
ServletRequest(javax.servlet.ServletRequest)
AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext)
TokenStore(org.keycloak.enums.TokenStore)
HttpServerResponse(org.wildfly.security.http.HttpServerResponse)
Collection(java.util.Collection)
IOException(java.io.IOException)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
X509Certificate(javax.security.cert.X509Certificate)
AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore)
InetSocketAddress(java.net.InetSocketAddress)
Consumer(java.util.function.Consumer)
List(java.util.List)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
AuthenticationError(org.keycloak.adapters.spi.AuthenticationError)
HttpServerRequest(org.wildfly.security.http.HttpServerRequest)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
HttpScope(org.wildfly.security.http.HttpScope)
InputStream(java.io.InputStream)
CookieImpl(io.undertow.server.handlers.CookieImpl)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
HttpServerResponse(org.wildfly.security.http.HttpServerResponse)
Consumer(java.util.function.Consumer)
HttpScope(org.wildfly.security.http.HttpScope)
HttpServerCookie(org.wildfly.security.http.HttpServerCookie)
HttpServerResponse(org.wildfly.security.http.HttpServerResponse)
Example 2 with HttpScope
use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.
the class ElytronSessionTokenStore method checkCurrentToken.
@Override
public void checkCurrentToken() {
HttpScope session = httpFacade.getScope(Scope.SESSION);
if (session == null || !session.exists())
return;
RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) session.getAttachment(KeycloakSecurityContext.class.getName());
if (securityContext == null)
return;
// just in case session got serialized
if (securityContext.getDeployment() == null)
securityContext.setCurrentRequestInfo(httpFacade.getDeployment(), this);
if (securityContext.isActive() && !securityContext.getDeployment().isAlwaysRefreshToken())
return;
// FYI: A refresh requires same scope, so same roles will be set. Otherwise, refresh will fail and token will
// not be updated
boolean success = securityContext.refreshExpiredToken(false);
if (success && securityContext.isActive())
return;
// Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
session.setAttachment(KeycloakSecurityContext.class.getName(), null);
session.invalidate();
}
Also used :
HttpScope(org.wildfly.security.http.HttpScope)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)
Example 3 with HttpScope
use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.
the class KeycloakHttpServerAuthenticationMechanism method getSessionIdMapper.
private SessionIdMapper getSessionIdMapper(HttpServerRequest request) {
HttpScope scope = request.getScope(Scope.APPLICATION);
SessionIdMapper res = scope == null ? null : (SessionIdMapper) scope.getAttachment(KeycloakConfigurationServletListener.ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON);
return res == null ? this.idMapper : res;
}
Also used :
HttpScope(org.wildfly.security.http.HttpScope)
SessionIdMapper(org.keycloak.adapters.spi.SessionIdMapper)
Example 4 with HttpScope
use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.
the class ElytronSamlSessionStore method logoutAccount.
@Override
public void logoutAccount() {
HttpScope session = getSession(false);
if (session.exists()) {
log.debug("Logging out - current account");
SamlSession samlSession = (SamlSession) session.getAttachment(SamlSession.class.getName());
if (samlSession != null) {
if (samlSession.getSessionIndex() != null) {
idMapperUpdater.removeSession(idMapper, session.getID());
}
session.setAttachment(SamlSession.class.getName(), null);
}
session.setAttachment(SAML_REDIRECT_URI, null);
}
}
Also used :
HttpScope(org.wildfly.security.http.HttpScope)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Example 5 with HttpScope
use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.
the class ElytronSamlSessionStore method isLoggedIn.
@Override
public boolean isLoggedIn() {
HttpScope session = getSession(false);
if (!session.exists()) {
log.debug("session was null, returning null");
return false;
}
if (!idMapper.hasSession(session.getID()) && !idMapperUpdater.refreshMapping(idMapper, session.getID())) {
log.debugf("Session %s has expired on some other node", session.getID());
session.setAttachment(SamlSession.class.getName(), null);
return false;
}
final SamlSession samlSession = SamlUtil.validateSamlSession(session.getAttachment(SamlSession.class.getName()), deployment);
if (samlSession == null) {
return false;
}
exchange.authenticationComplete(samlSession);
restoreRequest();
return true;
}
Also used :
HttpScope(org.wildfly.security.http.HttpScope)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Aggregations
HttpScope (org.wildfly.security.http.HttpScope)18
KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)7
RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)7
SamlSession (org.keycloak.adapters.saml.SamlSession)4
URI (java.net.URI)3
KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)3
HttpServerExchange (io.undertow.server.HttpServerExchange)2
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)2
BufferedInputStream (java.io.BufferedInputStream)2
IOException (java.io.IOException)2
InputStream (java.io.InputStream)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
InetAddress (java.net.InetAddress)2
InetSocketAddress (java.net.InetSocketAddress)2
ServletInputStream (javax.servlet.ServletInputStream)2
ServletRequest (javax.servlet.ServletRequest)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)2
AuthenticationError (org.keycloak.adapters.spi.AuthenticationError)2
LogoutError (org.keycloak.adapters.spi.LogoutError)2
