Merge pull request #178 from matzew/master

status code clean ups
This commit is contained in:
Bill Burke 2014-01-27 05:25:09 -08:00
commit 1c1bff733d
11 changed files with 53 additions and 51 deletions

View file

@ -14,6 +14,7 @@ import org.keycloak.representations.SkeletonKeyToken;
import javax.management.ObjectName; import javax.management.ObjectName;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.Set; import java.util.Set;
@ -67,7 +68,7 @@ public class AuthenticatedActionsValve extends ValveBase {
protected void queryBearerToken(Request request, Response response, SkeletonKeySession session) throws IOException, ServletException { protected void queryBearerToken(Request request, Response response, SkeletonKeySession session) throws IOException, ServletException {
log.debugv("queryBearerToken {0}", request.getRequestURI()); log.debugv("queryBearerToken {0}", request.getRequestURI());
if (abortTokenResponse(request, response, session)) return; if (abortTokenResponse(request, response, session)) return;
response.setStatus(200); response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("text/plain"); response.setContentType("text/plain");
response.getOutputStream().write(session.getTokenString().getBytes()); response.getOutputStream().write(session.getTokenString().getBytes());
response.getOutputStream().flush(); response.getOutputStream().flush();
@ -77,15 +78,15 @@ public class AuthenticatedActionsValve extends ValveBase {
protected boolean abortTokenResponse(Request request, Response response, SkeletonKeySession session) throws IOException { protected boolean abortTokenResponse(Request request, Response response, SkeletonKeySession session) throws IOException {
if (session == null) { if (session == null) {
log.debugv("session was null, sending back 401: {0}", request.getRequestURI()); log.debugv("session was null, sending back 401: {0}", request.getRequestURI());
response.sendError(401); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return true; return true;
} }
if (!config.isExposeToken()) { if (!config.isExposeToken()) {
response.setStatus(200); response.setStatus(HttpServletResponse.SC_OK);
return true; return true;
} }
if (!config.isCors() && request.getHeader("Origin") != null) { if (!config.isCors() && request.getHeader("Origin") != null) {
response.setStatus(200); response.setStatus(HttpServletResponse.SC_OK);
return true; return true;
} }
return false; return false;
@ -110,7 +111,7 @@ public class AuthenticatedActionsValve extends ValveBase {
log.debugv("allowedOrigins did not contain origin"); log.debugv("allowedOrigins did not contain origin");
} }
response.sendError(403); response.sendError(HttpServletResponse.SC_FORBIDDEN);
return true; return true;
} }
log.debugv("returning origin: {0}", origin); log.debugv("returning origin: {0}", origin);

View file

@ -90,14 +90,14 @@ public class CatalinaBearerTokenAuthenticator {
String surrogate = null; String surrogate = null;
if (verifyCaller) { if (verifyCaller) {
if (token.getTrustedCertificates() == null || token.getTrustedCertificates().size() == 0) { if (token.getTrustedCertificates() == null || token.getTrustedCertificates().size() == 0) {
response.sendError(400); response.sendError(HttpServletResponse.SC_BAD_REQUEST);
throw new LoginException("No trusted certificates in token"); throw new LoginException("No trusted certificates in token");
} }
// for now, we just make sure JBoss Web did two-way SSL // for now, we just make sure JBoss Web did two-way SSL
// assume JBoss Web verifies the client cert // assume JBoss Web verifies the client cert
X509Certificate[] chain = request.getCertificateChain(); X509Certificate[] chain = request.getCertificateChain();
if (chain == null || chain.length == 0) { if (chain == null || chain.length == 0) {
response.sendError(400); response.sendError(HttpServletResponse.SC_BAD_REQUEST);
throw new LoginException("No certificates provided by jboss web to verify the caller"); throw new LoginException("No certificates provided by jboss web to verify the caller");
} }
surrogate = chain[0].getSubjectX500Principal().getName(); surrogate = chain[0].getSubjectX500Principal().getName();
@ -124,7 +124,7 @@ public class CatalinaBearerTokenAuthenticator {
} }
response.setHeader("WWW-Authenticate", header.toString()); response.setHeader("WWW-Authenticate", header.toString());
try { try {
response.sendError(401); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }

View file

@ -5,6 +5,8 @@ import org.apache.catalina.connector.Response;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.representations.adapters.config.AdapterConfig;
import javax.servlet.http.HttpServletResponse;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
@ -29,7 +31,7 @@ public class CorsPreflightChecker {
return false; return false;
} }
log.debug("Preflight request returning"); log.debug("Preflight request returning");
response.setStatus(200); response.setStatus(HttpServletResponse.SC_OK);
String origin = request.getHeader("Origin"); String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", origin); response.setHeader("Access-Control-Allow-Origin", origin);
response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Credentials", "true");

View file

@ -126,7 +126,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
String token = StreamUtil.readString(request.getInputStream()); String token = StreamUtil.readString(request.getInputStream());
if (token == null) { if (token == null) {
log.warn("admin request failed, no token"); log.warn("admin request failed, no token");
response.sendError(403, "no token"); response.sendError(HttpServletResponse.SC_FORBIDDEN, "no token");
return null; return null;
} }
@ -138,7 +138,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
} }
if (!verified) { if (!verified) {
log.warn("admin request failed, unable to verify token"); log.warn("admin request failed, unable to verify token");
response.sendError(403, "verification failed"); response.sendError(HttpServletResponse.SC_FORBIDDEN, "verification failed");
return null; return null;
} }
return input; return input;
@ -150,12 +150,12 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
LogoutAction action = JsonSerialization.readValue(token.getContent(), LogoutAction.class); LogoutAction action = JsonSerialization.readValue(token.getContent(), LogoutAction.class);
if (action.isExpired()) { if (action.isExpired()) {
log.warn("admin request failed, expired token"); log.warn("admin request failed, expired token");
response.sendError(400, "Expired token"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Expired token");
return; return;
} }
if (!resourceMetadata.getResourceName().equals(action.getResource())) { if (!resourceMetadata.getResourceName().equals(action.getResource())) {
log.warn("Resource name does not match"); log.warn("Resource name does not match");
response.sendError(400, "Resource name does not match"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Resource name does not match");
return; return;
} }
@ -169,9 +169,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
} }
} catch (Exception e) { } catch (Exception e) {
log.warn("failed to logout", e); log.warn("failed to logout", e);
response.sendError(500, "Failed to logout"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to logout");
} }
response.setStatus(204); response.setStatus(HttpServletResponse.SC_NO_CONTENT);
} }
protected boolean bearer(boolean challenge, Request request, HttpServletResponse response) throws LoginException, IOException { protected boolean bearer(boolean challenge, Request request, HttpServletResponse response) throws LoginException, IOException {
@ -208,7 +208,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
if (code == null) { if (code == null) {
String error = oauth.getError(); String error = oauth.getError();
if (error != null) { if (error != null) {
response.sendError(400, "OAuth " + error); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "OAuth " + error);
return; return;
} else { } else {
saveRequest(request, request.getSessionInternal(true)); saveRequest(request, request.getSessionInternal(true));

View file

@ -170,7 +170,7 @@ public class ServletOAuthLogin {
Cookie stateCookie = getCookie(realmInfo.getStateCookieName()); Cookie stateCookie = getCookie(realmInfo.getStateCookieName());
if (stateCookie == null) { if (stateCookie == null) {
sendError(400); sendError(HttpServletResponse.SC_BAD_REQUEST);
log.warn("No state cookie"); log.warn("No state cookie");
return false; return false;
} }
@ -185,12 +185,12 @@ public class ServletOAuthLogin {
// its ok to call request.getParameter() because this should be a redirect // its ok to call request.getParameter() because this should be a redirect
String state = request.getParameter("state"); String state = request.getParameter("state");
if (state == null) { if (state == null) {
sendError(400); sendError(HttpServletResponse.SC_BAD_REQUEST);
log.warn("state parameter was null"); log.warn("state parameter was null");
return false; return false;
} }
if (!state.equals(stateCookieValue)) { if (!state.equals(stateCookieValue)) {
sendError(400); sendError(HttpServletResponse.SC_BAD_REQUEST);
log.warn("state parameter invalid"); log.warn("state parameter invalid");
log.warn("cookie: " + stateCookieValue); log.warn("cookie: " + stateCookieValue);
log.warn("queryParam: " + state); log.warn("queryParam: " + state);
@ -229,7 +229,7 @@ public class ServletOAuthLogin {
} catch (TokenGrantRequest.HttpFailure failure) { } catch (TokenGrantRequest.HttpFailure failure) {
log.error("failed to turn code into token"); log.error("failed to turn code into token");
log.error("status from server: " + failure.getStatus()); log.error("status from server: " + failure.getStatus());
if (failure.getStatus() == 400 && failure.getError() != null) { if (failure.getStatus() == HttpServletResponse.SC_BAD_REQUEST && failure.getError() != null) {
log.error(" " + failure.getError()); log.error(" " + failure.getError());
} }
sendError(HttpServletResponse.SC_FORBIDDEN); sendError(HttpServletResponse.SC_FORBIDDEN);

View file

@ -42,7 +42,7 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
if (description != null) { if (description != null) {
header.append(", error_description=\"").append(description).append("\""); header.append(", error_description=\"").append(description).append("\"");
} }
request.abortWith(Response.status(401).header("WWW-Authenticate", header.toString()).build()); request.abortWith(Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, header.toString()).build());
return; return;
} }

View file

@ -3,6 +3,7 @@ package org.keycloak.adapters.undertow;
import io.undertow.server.HttpHandler; import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange; import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers; import io.undertow.util.Headers;
import io.undertow.util.StatusCodes;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.SkeletonKeySession; import org.keycloak.SkeletonKeySession;
import org.keycloak.adapters.AdapterConstants; import org.keycloak.adapters.AdapterConstants;
@ -56,7 +57,7 @@ public class AuthenticatedActionsHandler implements HttpHandler {
protected void queryBearerToken(HttpServerExchange exchange, SkeletonKeySession session) throws IOException, ServletException { protected void queryBearerToken(HttpServerExchange exchange, SkeletonKeySession session) throws IOException, ServletException {
log.debugv("queryBearerToken {0}",exchange.getRequestURI()); log.debugv("queryBearerToken {0}",exchange.getRequestURI());
if (abortTokenResponse(exchange, session)) return; if (abortTokenResponse(exchange, session)) return;
exchange.setResponseCode(200); exchange.setResponseCode(StatusCodes.OK);
exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain"); exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
exchange.getResponseSender().send(session.getTokenString()); exchange.getResponseSender().send(session.getTokenString());
exchange.endExchange(); exchange.endExchange();
@ -65,17 +66,17 @@ public class AuthenticatedActionsHandler implements HttpHandler {
protected boolean abortTokenResponse(HttpServerExchange exchange, SkeletonKeySession session) throws IOException { protected boolean abortTokenResponse(HttpServerExchange exchange, SkeletonKeySession session) throws IOException {
if (session == null) { if (session == null) {
log.debugv("session was null, sending back 401: {0}",exchange.getRequestURI()); log.debugv("session was null, sending back 401: {0}",exchange.getRequestURI());
exchange.setResponseCode(200); exchange.setResponseCode(StatusCodes.UNAUTHORIZED);
exchange.endExchange(); exchange.endExchange();
return true; return true;
} }
if (!adapterConfig.isExposeToken()) { if (!adapterConfig.isExposeToken()) {
exchange.setResponseCode(200); exchange.setResponseCode(StatusCodes.OK);
exchange.endExchange(); exchange.endExchange();
return true; return true;
} }
if (!adapterConfig.isCors() && exchange.getRequestHeaders().getFirst(Headers.ORIGIN) != null) { if (!adapterConfig.isCors() && exchange.getRequestHeaders().getFirst(Headers.ORIGIN) != null) {
exchange.setResponseCode(200); exchange.setResponseCode(StatusCodes.OK);
exchange.endExchange(); exchange.endExchange();
return true; return true;
} }
@ -101,12 +102,12 @@ public class AuthenticatedActionsHandler implements HttpHandler {
log.debugv("allowedOrigins did not contain origin"); log.debugv("allowedOrigins did not contain origin");
} }
exchange.setResponseCode(403); exchange.setResponseCode(StatusCodes.FORBIDDEN);
exchange.endExchange(); exchange.endExchange();
return true; return true;
} }
log.debugv("returning origin: {0}", origin); log.debugv("returning origin: {0}", origin);
exchange.setResponseCode(200); exchange.setResponseCode(StatusCodes.OK);
exchange.getResponseHeaders().put(PreflightCorsHandler.ACCESS_CONTROL_ALLOW_ORIGIN, origin); exchange.getResponseHeaders().put(PreflightCorsHandler.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
exchange.getResponseHeaders().put(PreflightCorsHandler.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); exchange.getResponseHeaders().put(PreflightCorsHandler.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
} else { } else {

View file

@ -6,6 +6,7 @@ import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.Cookie; import io.undertow.server.handlers.Cookie;
import io.undertow.server.handlers.CookieImpl; import io.undertow.server.handlers.CookieImpl;
import io.undertow.util.Headers; import io.undertow.util.Headers;
import io.undertow.util.StatusCodes;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.RSATokenVerifier; import org.keycloak.RSATokenVerifier;
import org.keycloak.adapters.config.RealmConfiguration; import org.keycloak.adapters.config.RealmConfiguration;
@ -129,14 +130,14 @@ public class OAuthAuthenticator {
@Override @Override
public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
if (redirect == null) { if (redirect == null) {
return new AuthenticationMechanism.ChallengeResult(true, 403); return new AuthenticationMechanism.ChallengeResult(true, StatusCodes.FORBIDDEN);
} }
CookieImpl cookie = new CookieImpl(realmInfo.getStateCookieName(), state); CookieImpl cookie = new CookieImpl(realmInfo.getStateCookieName(), state);
//cookie.setPath(getDefaultCookiePath()); todo I don't think we need to set state cookie path as it will be the same redirect //cookie.setPath(getDefaultCookiePath()); todo I don't think we need to set state cookie path as it will be the same redirect
cookie.setSecure(realmInfo.isSslRequired()); cookie.setSecure(realmInfo.isSslRequired());
exchange.setResponseCookie(cookie); exchange.setResponseCookie(cookie);
exchange.getResponseHeaders().put(Headers.LOCATION, redirect); exchange.getResponseHeaders().put(Headers.LOCATION, redirect);
return new AuthenticationMechanism.ChallengeResult(true, 302); return new AuthenticationMechanism.ChallengeResult(true, StatusCodes.FOUND);
} }
}; };
} }
@ -146,7 +147,7 @@ public class OAuthAuthenticator {
if (stateCookie == null) { if (stateCookie == null) {
log.warn("No state cookie"); log.warn("No state cookie");
return challenge(400); return challenge(StatusCodes.BAD_REQUEST);
} }
// reset the cookie // reset the cookie
log.info("** reseting application state cookie"); log.info("** reseting application state cookie");
@ -160,13 +161,13 @@ public class OAuthAuthenticator {
String state = getQueryParamValue("state"); String state = getQueryParamValue("state");
if (state == null) { if (state == null) {
log.warn("state parameter was null"); log.warn("state parameter was null");
return challenge(400); return challenge(StatusCodes.BAD_REQUEST);
} }
if (!state.equals(stateCookieValue)) { if (!state.equals(stateCookieValue)) {
log.warn("state parameter invalid"); log.warn("state parameter invalid");
log.warn("cookie: " + stateCookieValue); log.warn("cookie: " + stateCookieValue);
log.warn("queryParam: " + state); log.warn("queryParam: " + state);
return challenge(400); return challenge(StatusCodes.BAD_REQUEST);
} }
return null; return null;
@ -180,7 +181,7 @@ public class OAuthAuthenticator {
if (error != null) { if (error != null) {
// todo how do we send a response? // todo how do we send a response?
log.warn("There was an error: " + error); log.warn("There was an error: " + error);
challenge = challenge(400); challenge = challenge(StatusCodes.BAD_REQUEST);
return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED; return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
} else { } else {
log.info("redirecting to auth server"); log.info("redirecting to auth server");
@ -223,7 +224,7 @@ public class OAuthAuthenticator {
// abort if not HTTPS // abort if not HTTPS
if (realmInfo.isSslRequired() && !isRequestSecure()) { if (realmInfo.isSslRequired() && !isRequestSecure()) {
log.error("SSL is required"); log.error("SSL is required");
return challenge(403); return challenge(StatusCodes.FORBIDDEN);
} }
log.info("checking state cookie for after code"); log.info("checking state cookie for after code");
@ -237,14 +238,14 @@ public class OAuthAuthenticator {
} catch (TokenGrantRequest.HttpFailure failure) { } catch (TokenGrantRequest.HttpFailure failure) {
log.error("failed to turn code into token"); log.error("failed to turn code into token");
log.error("status from server: " + failure.getStatus()); log.error("status from server: " + failure.getStatus());
if (failure.getStatus() == 400 && failure.getError() != null) { if (failure.getStatus() == StatusCodes.BAD_REQUEST && failure.getError() != null) {
log.error(" " + failure.getError()); log.error(" " + failure.getError());
} }
return challenge(403); return challenge(StatusCodes.FORBIDDEN);
} catch (IOException e) { } catch (IOException e) {
log.error("failed to turn code into token"); log.error("failed to turn code into token");
return challenge(403); return challenge(StatusCodes.FORBIDDEN);
} }
tokenString = tokenResponse.getToken(); tokenString = tokenResponse.getToken();
@ -253,7 +254,7 @@ public class OAuthAuthenticator {
log.debug("Token Verification succeeded!"); log.debug("Token Verification succeeded!");
} catch (VerificationException e) { } catch (VerificationException e) {
log.error("failed verification of token"); log.error("failed verification of token");
return challenge(403); return challenge(StatusCodes.FORBIDDEN);
} }
log.info("successful authenticated"); log.info("successful authenticated");
return null; return null;

View file

@ -4,6 +4,7 @@ import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler; import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange; import io.undertow.server.HttpServerExchange;
import io.undertow.util.HttpString; import io.undertow.util.HttpString;
import io.undertow.util.StatusCodes;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.representations.adapters.config.AdapterConfig;
@ -54,7 +55,7 @@ public class PreflightCorsHandler implements HttpHandler {
return; return;
} }
log.debug("Preflight request returning"); log.debug("Preflight request returning");
exchange.setResponseCode(200); exchange.setResponseCode(StatusCodes.OK);
String origin = exchange.getRequestHeaders().getFirst("Origin"); String origin = exchange.getRequestHeaders().getFirst("Origin");
exchange.getResponseHeaders().put(ACCESS_CONTROL_ALLOW_ORIGIN, origin); exchange.getResponseHeaders().put(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
exchange.getResponseHeaders().put(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); exchange.getResponseHeaders().put(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");

View file

@ -5,6 +5,7 @@ import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange; import io.undertow.server.HttpServerExchange;
import io.undertow.server.session.SessionManager; import io.undertow.server.session.SessionManager;
import io.undertow.servlet.handlers.ServletRequestContext; import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.util.StatusCodes;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterConstants; import org.keycloak.adapters.AdapterConstants;
import org.keycloak.adapters.config.RealmConfiguration; import org.keycloak.adapters.config.RealmConfiguration;
@ -53,7 +54,7 @@ public class ServletAdminActionsHandler implements HttpHandler {
String token = StreamUtil.readString(request.getInputStream()); String token = StreamUtil.readString(request.getInputStream());
if (token == null) { if (token == null) {
log.warn("admin request failed, no token"); log.warn("admin request failed, no token");
response.sendError(403, "no token"); response.sendError(StatusCodes.FORBIDDEN, "no token");
return null; return null;
} }
@ -65,7 +66,7 @@ public class ServletAdminActionsHandler implements HttpHandler {
} }
if (!verified) { if (!verified) {
log.warn("admin request failed, unable to verify token"); log.warn("admin request failed, unable to verify token");
response.sendError(403, "verification failed"); response.sendError(StatusCodes.FORBIDDEN, "verification failed");
return null; return null;
} }
return input; return input;

View file

@ -6,24 +6,19 @@ import io.undertow.server.session.Session;
import io.undertow.server.session.SessionListener; import io.undertow.server.session.SessionListener;
import io.undertow.server.session.SessionManager; import io.undertow.server.session.SessionManager;
import io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler; import io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler;
import io.undertow.util.StatusCodes;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.SkeletonKeySession;
import org.keycloak.adapters.config.RealmConfiguration; import org.keycloak.adapters.config.RealmConfiguration;
import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.adapters.action.LogoutAction; import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import org.keycloak.util.StreamUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
@ -50,12 +45,12 @@ public class UserSessionManagement implements SessionListener {
LogoutAction action = JsonSerialization.readValue(token.getContent(), LogoutAction.class); LogoutAction action = JsonSerialization.readValue(token.getContent(), LogoutAction.class);
if (action.isExpired()) { if (action.isExpired()) {
log.warn("admin request failed, expired token"); log.warn("admin request failed, expired token");
response.sendError(400, "Expired token"); response.sendError(StatusCodes.BAD_REQUEST, "Expired token");
return; return;
} }
if (!realmInfo.getMetadata().getResourceName().equals(action.getResource())) { if (!realmInfo.getMetadata().getResourceName().equals(action.getResource())) {
log.warn("Resource name does not match"); log.warn("Resource name does not match");
response.sendError(400, "Resource name does not match"); response.sendError(StatusCodes.BAD_REQUEST, "Resource name does not match");
return; return;
} }
@ -69,9 +64,9 @@ public class UserSessionManagement implements SessionListener {
} }
} catch (Exception e) { } catch (Exception e) {
log.warn("failed to logout", e); log.warn("failed to logout", e);
response.sendError(500, "Failed to logout"); response.sendError(StatusCodes.INTERNAL_SERVER_ERROR, "Failed to logout");
} }
response.setStatus(204); response.setStatus(StatusCodes.NO_CONTENT);
} }
public void login(SessionManager manager, HttpSession session, String username) { public void login(SessionManager manager, HttpSession session, String username) {