Search in sources :

Example 1 with HttpScope

use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.

the class ElytronHttpFacade method getResponse.

@Override
public Response getResponse() {
    return new Response() {

        @Override
        public void setStatus(final int status) {
            if (status < 200 || status > 300) {
                responseConsumer = responseConsumer.andThen(response -> response.setStatusCode(status));
            }
        }

        @Override
        public void addHeader(final String name, final String value) {
            headers.put(name, value);
            responseConsumer = responseConsumer.andThen(new Consumer<HttpServerResponse>() {

                @Override
                public void accept(HttpServerResponse response) {
                    String latestValue = headers.get(name);
                    if (latestValue.equals(value)) {
                        response.addResponseHeader(name, latestValue);
                    }
                }
            });
        }

        @Override
        public void setHeader(String name, String value) {
            addHeader(name, value);
        }

        @Override
        public void resetCookie(final String name, final String path) {
            responseConsumer = responseConsumer.andThen(response -> setCookie(name, "", path, null, 0, false, false, response));
            HttpScope exchangeScope = getScope(Scope.EXCHANGE);
            ProtectedHttpServerExchange undertowExchange = ProtectedHttpServerExchange.class.cast(exchangeScope.getAttachment(UNDERTOW_EXCHANGE));
            if (undertowExchange != null) {
                CookieImpl cookie = new CookieImpl(name, "");
                cookie.setMaxAge(0);
                cookie.setPath(path);
                undertowExchange.getExchange().setResponseCookie(cookie);
            }
        }

        @Override
        public void setCookie(final String name, final String value, final String path, final String domain, final int maxAge, final boolean secure, final boolean httpOnly) {
            responseConsumer = responseConsumer.andThen(response -> setCookie(name, value, path, domain, maxAge, secure, httpOnly, response));
        }

        private void setCookie(final String name, final String value, final String path, final String domain, final int maxAge, final boolean secure, final boolean httpOnly, HttpServerResponse response) {
            response.setResponseCookie(new HttpServerCookie() {

                @Override
                public String getName() {
                    return name;
                }

                @Override
                public String getValue() {
                    return value;
                }

                @Override
                public String getDomain() {
                    return domain;
                }

                @Override
                public int getMaxAge() {
                    return maxAge;
                }

                @Override
                public String getPath() {
                    return path;
                }

                @Override
                public boolean isSecure() {
                    return secure;
                }

                @Override
                public int getVersion() {
                    return 0;
                }

                @Override
                public boolean isHttpOnly() {
                    return httpOnly;
                }
            });
        }

        @Override
        public OutputStream getOutputStream() {
            ByteArrayOutputStream stream = new ByteArrayOutputStream();
            responseConsumer = responseConsumer.andThen(new Consumer<HttpServerResponse>() {

                @Override
                public void accept(HttpServerResponse httpServerResponse) {
                    try {
                        httpServerResponse.getOutputStream().write(stream.toByteArray());
                    } catch (IOException e) {
                        throw new RuntimeException("Failed to write to response output stream", e);
                    }
                }
            });
            return stream;
        }

        @Override
        public void sendError(int code) {
            setStatus(code);
        }

        @Override
        public void sendError(final int code, final String message) {
            responseConsumer = responseConsumer.andThen(response -> {
                response.setStatusCode(code);
                response.addResponseHeader("Content-Type", "text/html");
                try {
                    response.getOutputStream().write(message.getBytes());
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            });
        }

        @Override
        public void end() {
        }
    };
}
Also used : BufferedInputStream(java.io.BufferedInputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) URLDecoder(java.net.URLDecoder) CookieImpl(io.undertow.server.handlers.CookieImpl) ServletInputStream(javax.servlet.ServletInputStream) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) HttpServerExchange(io.undertow.server.HttpServerExchange) HashMap(java.util.HashMap) InetAddress(java.net.InetAddress) HttpServletRequest(javax.servlet.http.HttpServletRequest) CallbackHandler(javax.security.auth.callback.CallbackHandler) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) AuthChallenge(org.keycloak.adapters.spi.AuthChallenge) Map(java.util.Map) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) URI(java.net.URI) HttpServerCookie(org.wildfly.security.http.HttpServerCookie) LogoutError(org.keycloak.adapters.spi.LogoutError) OutputStream(java.io.OutputStream) Scope(org.wildfly.security.http.Scope) ServletRequest(javax.servlet.ServletRequest) AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) TokenStore(org.keycloak.enums.TokenStore) HttpServerResponse(org.wildfly.security.http.HttpServerResponse) Collection(java.util.Collection) IOException(java.io.IOException) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) X509Certificate(javax.security.cert.X509Certificate) AdapterTokenStore(org.keycloak.adapters.AdapterTokenStore) InetSocketAddress(java.net.InetSocketAddress) Consumer(java.util.function.Consumer) List(java.util.List) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext) AuthenticationError(org.keycloak.adapters.spi.AuthenticationError) HttpServerRequest(org.wildfly.security.http.HttpServerRequest) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpScope(org.wildfly.security.http.HttpScope) InputStream(java.io.InputStream) CookieImpl(io.undertow.server.handlers.CookieImpl) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) HttpServerResponse(org.wildfly.security.http.HttpServerResponse) Consumer(java.util.function.Consumer) HttpScope(org.wildfly.security.http.HttpScope) HttpServerCookie(org.wildfly.security.http.HttpServerCookie) HttpServerResponse(org.wildfly.security.http.HttpServerResponse)

Example 2 with HttpScope

use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.

the class ElytronSessionTokenStore method checkCurrentToken.

@Override
public void checkCurrentToken() {
    HttpScope session = httpFacade.getScope(Scope.SESSION);
    if (session == null || !session.exists())
        return;
    RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) session.getAttachment(KeycloakSecurityContext.class.getName());
    if (securityContext == null)
        return;
    // just in case session got serialized
    if (securityContext.getDeployment() == null)
        securityContext.setCurrentRequestInfo(httpFacade.getDeployment(), this);
    if (securityContext.isActive() && !securityContext.getDeployment().isAlwaysRefreshToken())
        return;
    // FYI: A refresh requires same scope, so same roles will be set.  Otherwise, refresh will fail and token will
    // not be updated
    boolean success = securityContext.refreshExpiredToken(false);
    if (success && securityContext.isActive())
        return;
    // Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
    session.setAttachment(KeycloakSecurityContext.class.getName(), null);
    session.invalidate();
}
Also used : HttpScope(org.wildfly.security.http.HttpScope) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext)

Example 3 with HttpScope

use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.

the class KeycloakHttpServerAuthenticationMechanism method getSessionIdMapper.

private SessionIdMapper getSessionIdMapper(HttpServerRequest request) {
    HttpScope scope = request.getScope(Scope.APPLICATION);
    SessionIdMapper res = scope == null ? null : (SessionIdMapper) scope.getAttachment(KeycloakConfigurationServletListener.ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON);
    return res == null ? this.idMapper : res;
}
Also used : HttpScope(org.wildfly.security.http.HttpScope) SessionIdMapper(org.keycloak.adapters.spi.SessionIdMapper)

Example 4 with HttpScope

use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.

the class ElytronSamlSessionStore method logoutAccount.

@Override
public void logoutAccount() {
    HttpScope session = getSession(false);
    if (session.exists()) {
        log.debug("Logging out - current account");
        SamlSession samlSession = (SamlSession) session.getAttachment(SamlSession.class.getName());
        if (samlSession != null) {
            if (samlSession.getSessionIndex() != null) {
                idMapperUpdater.removeSession(idMapper, session.getID());
            }
            session.setAttachment(SamlSession.class.getName(), null);
        }
        session.setAttachment(SAML_REDIRECT_URI, null);
    }
}
Also used : HttpScope(org.wildfly.security.http.HttpScope) SamlSession(org.keycloak.adapters.saml.SamlSession)

Example 5 with HttpScope

use of org.wildfly.security.http.HttpScope in project keycloak by keycloak.

the class ElytronSamlSessionStore method isLoggedIn.

@Override
public boolean isLoggedIn() {
    HttpScope session = getSession(false);
    if (!session.exists()) {
        log.debug("session was null, returning null");
        return false;
    }
    if (!idMapper.hasSession(session.getID()) && !idMapperUpdater.refreshMapping(idMapper, session.getID())) {
        log.debugf("Session %s has expired on some other node", session.getID());
        session.setAttachment(SamlSession.class.getName(), null);
        return false;
    }
    final SamlSession samlSession = SamlUtil.validateSamlSession(session.getAttachment(SamlSession.class.getName()), deployment);
    if (samlSession == null) {
        return false;
    }
    exchange.authenticationComplete(samlSession);
    restoreRequest();
    return true;
}
Also used : HttpScope(org.wildfly.security.http.HttpScope) SamlSession(org.keycloak.adapters.saml.SamlSession)

Aggregations

HttpScope (org.wildfly.security.http.HttpScope)18 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)7 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)7 SamlSession (org.keycloak.adapters.saml.SamlSession)4 URI (java.net.URI)3 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)3 HttpServerExchange (io.undertow.server.HttpServerExchange)2 ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)2 BufferedInputStream (java.io.BufferedInputStream)2 IOException (java.io.IOException)2 InputStream (java.io.InputStream)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 InetAddress (java.net.InetAddress)2 InetSocketAddress (java.net.InetSocketAddress)2 ServletInputStream (javax.servlet.ServletInputStream)2 ServletRequest (javax.servlet.ServletRequest)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)2 AuthenticationError (org.keycloak.adapters.spi.AuthenticationError)2 LogoutError (org.keycloak.adapters.spi.LogoutError)2