libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

fix tomcat7 build

Browse source
This commit is contained in:
Bill Burke 2014-05-02 13:00:12 -04:00
parent e25b2b05ae
commit 201b35be54
2 changed files with 46 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
View file

@ -11,6 +11,7 @@ import org.apache.catalina.Valve;
import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response; import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase; import org.apache.catalina.valves.ValveBase;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthenticatedActionsHandler; import org.keycloak.adapters.AuthenticatedActionsHandler;
import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeployment;
@ -27,10 +28,10 @@ import org.keycloak.adapters.KeycloakDeployment;
*/ */
public class AuthenticatedActionsValve extends ValveBase { public class AuthenticatedActionsValve extends ValveBase {
private static final Logger log = Logger.getLogger(""+AuthenticatedActionsValve.class); private static final Logger log = Logger.getLogger(""+AuthenticatedActionsValve.class);
protected KeycloakDeployment deployment; protected AdapterDeploymentContext deploymentContext;
public AuthenticatedActionsValve(KeycloakDeployment deployment, Valve next, Container container, ObjectName objectName) { public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container, ObjectName controller) {
this.deployment = deployment; this.deploymentContext = deploymentContext;
if (next == null) throw new RuntimeException("WTF is next null?!"); if (next == null) throw new RuntimeException("WTF is next null?!");
setNext(next); setNext(next);
setContainer(container); setContainer(container);
@ -40,10 +41,17 @@ public class AuthenticatedActionsValve extends ValveBase {
@Override @Override
public void invoke(Request request, Response response) throws IOException, ServletException { public void invoke(Request request, Response response) throws IOException, ServletException {
log.finer("AuthenticatedActionsValve.invoke" + request.getRequestURI()); log.finer("AuthenticatedActionsValve.invoke" + request.getRequestURI());
AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, new CatalinaHttpFacade(request, response)); CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
if (handler.handledRequest()) { KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
return; if (deployment != null && deployment.isConfigured()) {
AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, new CatalinaHttpFacade(request, response));
if (handler.handledRequest()) {
return;
}
} }
getNext().invoke(request, response); getNext().invoke(request, response);
} }
} }

56
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
View file

@ -23,8 +23,10 @@ import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.deploy.LoginConfig;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterConstants; import org.keycloak.adapters.AdapterConstants;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthChallenge; import org.keycloak.adapters.AuthChallenge;
import org.keycloak.adapters.AuthOutcome; import org.keycloak.adapters.AuthOutcome;
import org.keycloak.adapters.HttpFacade;
import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder; import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.PreAuthActionsHandler; import org.keycloak.adapters.PreAuthActionsHandler;
@ -43,7 +45,7 @@ import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
public class KeycloakAuthenticatorValve extends FormAuthenticator implements LifecycleListener { public class KeycloakAuthenticatorValve extends FormAuthenticator implements LifecycleListener {
private final static Logger log = Logger.getLogger(""+KeycloakAuthenticatorValve.class); private final static Logger log = Logger.getLogger(""+KeycloakAuthenticatorValve.class);
protected CatalinaUserSessionManagement userSessionManagement = new CatalinaUserSessionManagement(); protected CatalinaUserSessionManagement userSessionManagement = new CatalinaUserSessionManagement();
protected KeycloakDeployment deployment; protected AdapterDeploymentContext deploymentContext;
@Override @Override
public void lifecycleEvent(LifecycleEvent event) { public void lifecycleEvent(LifecycleEvent event) {
@ -64,9 +66,17 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
} }
public void initInternal() { public void initInternal() {
this.deployment = KeycloakDeploymentBuilder.build(getConfigInputStream(context)); InputStream configInputStream = getConfigInputStream(context);
log.info("deployment realm:" + deployment.getRealm() + " resource:" + deployment.getResourceName()); KeycloakDeployment kd = null;
AuthenticatedActionsValve actions = new AuthenticatedActionsValve(deployment, getNext(), getContainer(), getObjectName()); if (configInputStream == null) {
log.warning("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
kd = new KeycloakDeployment();
} else {
kd = KeycloakDeploymentBuilder.build(configInputStream);
}
deploymentContext = new AdapterDeploymentContext(kd);
context.getServletContext().setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext);
AuthenticatedActionsValve actions = new AuthenticatedActionsValve(deploymentContext, getNext(), getContainer(), getObjectName());
setNext(actions); setNext(actions);
} }
@ -102,12 +112,12 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
@Override @Override
public void invoke(Request request, Response response) throws IOException, ServletException { public void invoke(Request request, Response response) throws IOException, ServletException {
try { try {
PreAuthActionsHandler handler = new PreAuthActionsHandler(userSessionManagement, deployment, CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
new CatalinaHttpFacade(request, response)); PreAuthActionsHandler handler = new PreAuthActionsHandler(userSessionManagement, deploymentContext, facade);
if (handler.handleRequest()) { if (handler.handleRequest()) {
return; return;
} }
checkKeycloakSession(request); checkKeycloakSession(request, facade);
super.invoke(request, response); super.invoke(request, response);
} finally { } finally {
} }
@ -116,6 +126,11 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
@Override @Override
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException { public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response); CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
return false;
}
CatalinaRequestAuthenticator authenticator = new CatalinaRequestAuthenticator(deployment, this, userSessionManagement, facade, request); CatalinaRequestAuthenticator authenticator = new CatalinaRequestAuthenticator(deployment, this, userSessionManagement, facade, request);
AuthOutcome outcome = authenticator.authenticate(); AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) { if (outcome == AuthOutcome.AUTHENTICATED) {
@ -132,29 +147,22 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
} }
/** /**
* Checks that access token is still valid. Will attempt refresh of token if * Checks that access token is still valid. Will attempt refresh of token if it is not.
* it is not. *
*
* @param request * @param request
*/ */
protected void checkKeycloakSession(Request request) { protected void checkKeycloakSession(Request request, HttpFacade facade) {
if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
return; RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal() if (session == null) return;
.getNote(KeycloakSecurityContext.class.getName());
if (session == null)
return;
// just in case session got serialized // just in case session got serialized
session.setDeployment(deployment); if (session.getDeployment() == null) session.setDeployment(deploymentContext.resolveDeployment(facade));
if (session.isActive()) if (session.isActive()) return;
return;
// FYI: A refresh requires same scope, so same roles will be set. // FYI: A refresh requires same scope, so same roles will be set. Otherwise, refresh will fail and token will
// Otherwise, refresh will fail and token will
// not be updated // not be updated
session.refreshExpiredToken(); session.refreshExpiredToken();
if (session.isActive()) if (session.isActive()) return;
return;
request.getSessionInternal().removeNote(KeycloakSecurityContext.class.getName()); request.getSessionInternal().removeNote(KeycloakSecurityContext.class.getName());
request.setUserPrincipal(null); request.setUserPrincipal(null);