close user/client session later
This commit is contained in:
parent
1b3549f828
commit
13afc0147e
2 changed files with 50 additions and 36 deletions
|
@ -112,14 +112,18 @@ public class PolicyEvaluationService {
|
||||||
@Produces("application/json")
|
@Produces("application/json")
|
||||||
public Response evaluate(PolicyEvaluationRequest evaluationRequest) throws Throwable {
|
public Response evaluate(PolicyEvaluationRequest evaluationRequest) throws Throwable {
|
||||||
this.auth.requireView();
|
this.auth.requireView();
|
||||||
KeycloakIdentity identity = createIdentity(evaluationRequest);
|
CloseableKeycloakIdentity identity = createIdentity(evaluationRequest);
|
||||||
EvaluationContext evaluationContext = createEvaluationContext(evaluationRequest, identity);
|
try {
|
||||||
Decision decisionCollector = new Decision();
|
EvaluationContext evaluationContext = createEvaluationContext(evaluationRequest, identity);
|
||||||
authorization.evaluators().from(createPermissions(evaluationRequest, evaluationContext, authorization), evaluationContext).evaluate(decisionCollector);
|
Decision decisionCollector = new Decision();
|
||||||
if (decisionCollector.error != null) {
|
authorization.evaluators().from(createPermissions(evaluationRequest, evaluationContext, authorization), evaluationContext).evaluate(decisionCollector);
|
||||||
throw decisionCollector.error;
|
if (decisionCollector.error != null) {
|
||||||
|
throw decisionCollector.error;
|
||||||
|
}
|
||||||
|
return Response.ok(PolicyEvaluationResponseBuilder.build(decisionCollector.results, resourceServer, authorization, identity)).build();
|
||||||
|
} finally {
|
||||||
|
identity.close();
|
||||||
}
|
}
|
||||||
return Response.ok(PolicyEvaluationResponseBuilder.build(decisionCollector.results, resourceServer, authorization, identity)).build();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private EvaluationContext createEvaluationContext(PolicyEvaluationRequest representation, KeycloakIdentity identity) {
|
private EvaluationContext createEvaluationContext(PolicyEvaluationRequest representation, KeycloakIdentity identity) {
|
||||||
|
@ -185,7 +189,29 @@ public class PolicyEvaluationService {
|
||||||
}).collect(Collectors.toList());
|
}).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
private KeycloakIdentity createIdentity(PolicyEvaluationRequest representation) {
|
private static class CloseableKeycloakIdentity extends KeycloakIdentity {
|
||||||
|
private UserSessionModel userSession;
|
||||||
|
private ClientSessionModel clientSession;
|
||||||
|
|
||||||
|
public CloseableKeycloakIdentity(AccessToken accessToken, KeycloakSession keycloakSession, UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||||
|
super(accessToken, keycloakSession);
|
||||||
|
this.userSession = userSession;
|
||||||
|
this.clientSession = clientSession;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void close() {
|
||||||
|
if (clientSession != null) {
|
||||||
|
keycloakSession.sessions().removeClientSession(realm, clientSession);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (userSession != null) {
|
||||||
|
keycloakSession.sessions().removeUserSession(realm, userSession);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private CloseableKeycloakIdentity createIdentity(PolicyEvaluationRequest representation) {
|
||||||
KeycloakSession keycloakSession = this.authorization.getKeycloakSession();
|
KeycloakSession keycloakSession = this.authorization.getKeycloakSession();
|
||||||
RealmModel realm = keycloakSession.getContext().getRealm();
|
RealmModel realm = keycloakSession.getContext().getRealm();
|
||||||
AccessToken accessToken = null;
|
AccessToken accessToken = null;
|
||||||
|
@ -193,6 +219,8 @@ public class PolicyEvaluationService {
|
||||||
|
|
||||||
String subject = representation.getUserId();
|
String subject = representation.getUserId();
|
||||||
|
|
||||||
|
ClientSessionModel clientSession = null;
|
||||||
|
UserSessionModel userSession = null;
|
||||||
if (subject != null) {
|
if (subject != null) {
|
||||||
UserModel userModel = keycloakSession.users().getUserById(subject, realm);
|
UserModel userModel = keycloakSession.users().getUserById(subject, realm);
|
||||||
|
|
||||||
|
@ -205,33 +233,19 @@ public class PolicyEvaluationService {
|
||||||
|
|
||||||
if (clientId != null) {
|
if (clientId != null) {
|
||||||
ClientModel clientModel = realm.getClientById(clientId);
|
ClientModel clientModel = realm.getClientById(clientId);
|
||||||
ClientSessionModel clientSession = null;
|
clientSession = keycloakSession.sessions().createClientSession(realm, clientModel);
|
||||||
UserSessionModel userSession = null;
|
userSession = keycloakSession.sessions().createUserSession(realm, userModel, userModel.getUsername(), "127.0.0.1", "passwd", false, null, null);
|
||||||
try {
|
|
||||||
clientSession = keycloakSession.sessions().createClientSession(realm, clientModel);
|
|
||||||
userSession = keycloakSession.sessions().createUserSession(realm, userModel, userModel.getUsername(), "127.0.0.1", "passwd", false, null, null);
|
|
||||||
|
|
||||||
new TokenManager().attachClientSession(userSession, clientSession);
|
new TokenManager().attachClientSession(userSession, clientSession);
|
||||||
|
|
||||||
Set<RoleModel> requestedRoles = new HashSet<>();
|
Set<RoleModel> requestedRoles = new HashSet<>();
|
||||||
for (String roleId : clientSession.getRoles()) {
|
for (String roleId : clientSession.getRoles()) {
|
||||||
RoleModel role = realm.getRoleById(roleId);
|
RoleModel role = realm.getRoleById(roleId);
|
||||||
if (role != null) {
|
if (role != null) {
|
||||||
requestedRoles.add(role);
|
requestedRoles.add(role);
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
accessToken = new TokenManager().createClientAccessToken(keycloakSession, requestedRoles, realm, clientModel, userModel, userSession, clientSession);
|
|
||||||
} finally {
|
|
||||||
if (clientSession != null) {
|
|
||||||
keycloakSession.sessions().removeClientSession(realm, clientSession);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (userSession != null) {
|
|
||||||
keycloakSession.sessions().removeUserSession(realm, userSession);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
accessToken = new TokenManager().createClientAccessToken(keycloakSession, requestedRoles, realm, clientModel, userModel, userSession, clientSession);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -260,6 +274,6 @@ public class PolicyEvaluationService {
|
||||||
representation.getRoleIds().forEach(roleName -> realmAccess.addRole(roleName));
|
representation.getRoleIds().forEach(roleName -> realmAccess.addRole(roleName));
|
||||||
}
|
}
|
||||||
|
|
||||||
return new KeycloakIdentity(accessToken, keycloakSession);
|
return new CloseableKeycloakIdentity(accessToken, keycloakSession, userSession, clientSession);
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -45,10 +45,10 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class KeycloakIdentity implements Identity {
|
public class KeycloakIdentity implements Identity {
|
||||||
|
|
||||||
private final AccessToken accessToken;
|
protected final AccessToken accessToken;
|
||||||
private final RealmModel realm;
|
protected final RealmModel realm;
|
||||||
private final KeycloakSession keycloakSession;
|
protected final KeycloakSession keycloakSession;
|
||||||
private final Attributes attributes;
|
protected final Attributes attributes;
|
||||||
|
|
||||||
public KeycloakIdentity(KeycloakSession keycloakSession) {
|
public KeycloakIdentity(KeycloakSession keycloakSession) {
|
||||||
this(Tokens.getAccessToken(keycloakSession), keycloakSession);
|
this(Tokens.getAccessToken(keycloakSession), keycloakSession);
|
||||||
|
|
Loading…
Reference in a new issue