close user/client session later

2017-04-06 15:07:40 -04:00 · 2017-04-06 15:07:40 -04:00 · 13afc0147e
commit 13afc0147e
parent 1b3549f828
2 changed files with 50 additions and 36 deletions
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
@ -112,7 +112,8 @@ public class PolicyEvaluationService {
    @Produces("application/json")
    public Response evaluate(PolicyEvaluationRequest evaluationRequest) throws Throwable {
        this.auth.requireView();
-        KeycloakIdentity identity = createIdentity(evaluationRequest);
+        CloseableKeycloakIdentity identity = createIdentity(evaluationRequest);
        try {
            EvaluationContext evaluationContext = createEvaluationContext(evaluationRequest, identity);
            Decision decisionCollector = new Decision();
            authorization.evaluators().from(createPermissions(evaluationRequest, evaluationContext, authorization), evaluationContext).evaluate(decisionCollector);
@ -120,6 +121,9 @@ public class PolicyEvaluationService {
                throw decisionCollector.error;
            }
            return Response.ok(PolicyEvaluationResponseBuilder.build(decisionCollector.results, resourceServer, authorization, identity)).build();
        } finally {
            identity.close();
        }
    }
    private EvaluationContext createEvaluationContext(PolicyEvaluationRequest representation, KeycloakIdentity identity) {
@ -185,7 +189,29 @@ public class PolicyEvaluationService {
        }).collect(Collectors.toList());
    }
-    private KeycloakIdentity createIdentity(PolicyEvaluationRequest representation) {
+    private static class CloseableKeycloakIdentity extends KeycloakIdentity {
        private UserSessionModel userSession;
        private ClientSessionModel clientSession;
        public CloseableKeycloakIdentity(AccessToken accessToken, KeycloakSession keycloakSession, UserSessionModel userSession, ClientSessionModel clientSession) {
            super(accessToken, keycloakSession);
            this.userSession = userSession;
            this.clientSession = clientSession;
        }
        public void close() {
            if (clientSession != null) {
                keycloakSession.sessions().removeClientSession(realm, clientSession);
            }
            if (userSession != null) {
                keycloakSession.sessions().removeUserSession(realm, userSession);
            }
        }
    }
    private CloseableKeycloakIdentity createIdentity(PolicyEvaluationRequest representation) {
        KeycloakSession keycloakSession = this.authorization.getKeycloakSession();
        RealmModel realm = keycloakSession.getContext().getRealm();
        AccessToken accessToken = null;
@ -193,6 +219,8 @@ public class PolicyEvaluationService {
        String subject = representation.getUserId();
        ClientSessionModel clientSession = null;
        UserSessionModel userSession = null;
        if (subject != null) {
            UserModel userModel = keycloakSession.users().getUserById(subject, realm);
@ -205,9 +233,6 @@ public class PolicyEvaluationService {
                if (clientId != null) {
                    ClientModel clientModel = realm.getClientById(clientId);
                    ClientSessionModel clientSession = null;
                    UserSessionModel userSession = null;
                    try {
                    clientSession = keycloakSession.sessions().createClientSession(realm, clientModel);
                    userSession = keycloakSession.sessions().createUserSession(realm, userModel, userModel.getUsername(), "127.0.0.1", "passwd", false, null, null);
@ -220,18 +245,7 @@ public class PolicyEvaluationService {
                            requestedRoles.add(role);
                        }
                    }
                    accessToken = new TokenManager().createClientAccessToken(keycloakSession, requestedRoles, realm, clientModel, userModel, userSession, clientSession);
                    } finally {
                        if (clientSession != null) {
                            keycloakSession.sessions().removeClientSession(realm, clientSession);
                        }
                        if (userSession != null) {
                            keycloakSession.sessions().removeUserSession(realm, userSession);
                        }
                    }
                }
            }
        }
@ -260,6 +274,6 @@ public class PolicyEvaluationService {
            representation.getRoleIds().forEach(roleName -> realmAccess.addRole(roleName));
        }
-        return new KeycloakIdentity(accessToken, keycloakSession);
+        return new CloseableKeycloakIdentity(accessToken, keycloakSession, userSession, clientSession);
    }
 }
--- a/services/src/main/java/org/keycloak/authorization/common/KeycloakIdentity.java
+++ b/services/src/main/java/org/keycloak/authorization/common/KeycloakIdentity.java
@ -45,10 +45,10 @@ import java.util.Map;
 */
 public class KeycloakIdentity implements Identity {
-    private final AccessToken accessToken;
+    protected final AccessToken accessToken;
-    private final RealmModel realm;
+    protected final RealmModel realm;
-    private final KeycloakSession keycloakSession;
+    protected final KeycloakSession keycloakSession;
-    private final Attributes attributes;
+    protected final Attributes attributes;
    public KeycloakIdentity(KeycloakSession keycloakSession) {
        this(Tokens.getAccessToken(keycloakSession), keycloakSession);