Removing injection points for Resteasy objects and resolving instances from keycloak context instead
Relates #15374
This commit is contained in:
Pedro Igor
Václav Muzikář
parent
0bad673219
commit
28fc5b4574
50 changed files with 176 additions and 333 deletions
|
|
@ -69,7 +69,6 @@ import javax.crypto.spec.SecretKeySpec;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
|
@ -460,11 +459,9 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
|
||||||
|
|
||||||
protected final ClientConnection clientConnection;
|
protected final ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpRequest httpRequest;
|
||||||
protected HttpRequest httpRequest;
|
|
||||||
|
|
||||||
public Endpoint(AuthenticationCallback callback, RealmModel realm, EventBuilder event, AbstractOAuth2IdentityProvider provider) {
|
public Endpoint(AuthenticationCallback callback, RealmModel realm, EventBuilder event, AbstractOAuth2IdentityProvider provider) {
|
||||||
this.callback = callback;
|
this.callback = callback;
|
||||||
|
|
@ -473,6 +470,8 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
|
||||||
this.provider = provider;
|
this.provider = provider;
|
||||||
this.session = provider.session;
|
this.session = provider.session;
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
|
this.httpRequest = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ package org.keycloak.broker.saml;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
||||||
import org.keycloak.broker.provider.IdentityBrokerException;
|
import org.keycloak.broker.provider.IdentityBrokerException;
|
||||||
import org.keycloak.broker.provider.IdentityProvider;
|
import org.keycloak.broker.provider.IdentityProvider;
|
||||||
|
|
@ -81,7 +80,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -148,8 +146,7 @@ public class SAMLEndpoint {
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
private final HttpHeaders headers;
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
|
|
||||||
public SAMLEndpoint(KeycloakSession session, SAMLIdentityProvider provider, SAMLIdentityProviderConfig config, IdentityProvider.AuthenticationCallback callback, DestinationValidator destinationValidator) {
|
public SAMLEndpoint(KeycloakSession session, SAMLIdentityProvider provider, SAMLIdentityProviderConfig config, IdentityProvider.AuthenticationCallback callback, DestinationValidator destinationValidator) {
|
||||||
|
|
@ -160,6 +157,7 @@ public class SAMLEndpoint {
|
||||||
this.destinationValidator = destinationValidator;
|
this.destinationValidator = destinationValidator;
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
@ -599,7 +597,6 @@ public class SAMLEndpoint {
|
||||||
|
|
||||||
LoginProtocolFactory factory = (LoginProtocolFactory) session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, SamlProtocol.LOGIN_PROTOCOL);
|
LoginProtocolFactory factory = (LoginProtocolFactory) session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, SamlProtocol.LOGIN_PROTOCOL);
|
||||||
SamlService samlService = (SamlService) factory.createProtocolEndpoint(SAMLEndpoint.this.session, event);
|
SamlService samlService = (SamlService) factory.createProtocolEndpoint(SAMLEndpoint.this.session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(samlService);
|
|
||||||
AuthenticationSessionModel authSession = samlService.getOrCreateLoginSessionForIdpInitiatedSso(session, SAMLEndpoint.this.realm, oClient.get(), null);
|
AuthenticationSessionModel authSession = samlService.getOrCreateLoginSessionForIdpInitiatedSso(session, SAMLEndpoint.this.realm, oClient.get(), null);
|
||||||
if (authSession == null) {
|
if (authSession == null) {
|
||||||
event.error(Errors.INVALID_REDIRECT_URI);
|
event.error(Errors.INVALID_REDIRECT_URI);
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,6 @@ import org.keycloak.services.resources.LoginActionsService;
|
||||||
import org.keycloak.sessions.AuthenticationSessionModel;
|
import org.keycloak.sessions.AuthenticationSessionModel;
|
||||||
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
||||||
|
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
|
@ -61,10 +60,9 @@ public abstract class AuthorizationEndpointBase {
|
||||||
protected final EventBuilder event;
|
protected final EventBuilder event;
|
||||||
protected AuthenticationManager authManager;
|
protected AuthenticationManager authManager;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
@Context
|
protected final HttpRequest httpRequest;
|
||||||
protected HttpRequest httpRequest;
|
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -75,6 +73,8 @@ public abstract class AuthorizationEndpointBase {
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
this.httpRequest = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected AuthenticationProcessor createProcessor(AuthenticationSessionModel authSession, String flowId, String flowPath) {
|
protected AuthenticationProcessor createProcessor(AuthenticationSessionModel authSession, String flowId, String flowPath) {
|
||||||
|
|
|
||||||
|
|
@ -1,36 +1,24 @@
|
||||||
package org.keycloak.protocol.docker;
|
package org.keycloak.protocol.docker;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.events.EventType;
|
import org.keycloak.events.EventType;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.protocol.oidc.TokenManager;
|
|
||||||
import org.keycloak.services.resources.RealmsResource;
|
import org.keycloak.services.resources.RealmsResource;
|
||||||
import org.keycloak.utils.ProfileHelper;
|
import org.keycloak.utils.ProfileHelper;
|
||||||
|
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
import javax.ws.rs.core.UriInfo;
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
public class DockerV2LoginProtocolService {
|
public class DockerV2LoginProtocolService {
|
||||||
|
|
||||||
private final RealmModel realm;
|
|
||||||
private final TokenManager tokenManager;
|
|
||||||
private final EventBuilder event;
|
private final EventBuilder event;
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
public DockerV2LoginProtocolService(final KeycloakSession session, final EventBuilder event) {
|
public DockerV2LoginProtocolService(final KeycloakSession session, final EventBuilder event) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.realm = session.getContext().getRealm();
|
|
||||||
this.tokenManager = new TokenManager();
|
|
||||||
this.event = event;
|
this.event = event;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -60,8 +48,6 @@ public class DockerV2LoginProtocolService {
|
||||||
public Object auth() {
|
public Object auth() {
|
||||||
ProfileHelper.requireFeature(Profile.Feature.DOCKER);
|
ProfileHelper.requireFeature(Profile.Feature.DOCKER);
|
||||||
|
|
||||||
final DockerEndpoint endpoint = new DockerEndpoint(session, event, EventType.LOGIN);
|
return new DockerEndpoint(session, event, EventType.LOGIN);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@
|
||||||
package org.keycloak.protocol.oidc;
|
package org.keycloak.protocol.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.OAuthErrorException;
|
import org.keycloak.OAuthErrorException;
|
||||||
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
||||||
|
|
@ -423,7 +422,6 @@ public class DefaultTokenExchangeProvider implements TokenExchangeProvider {
|
||||||
LoginProtocolFactory factory = (LoginProtocolFactory) session.getKeycloakSessionFactory()
|
LoginProtocolFactory factory = (LoginProtocolFactory) session.getKeycloakSessionFactory()
|
||||||
.getProviderFactory(LoginProtocol.class, SamlProtocol.LOGIN_PROTOCOL);
|
.getProviderFactory(LoginProtocol.class, SamlProtocol.LOGIN_PROTOCOL);
|
||||||
SamlService samlService = (SamlService) factory.createProtocolEndpoint(session, event);
|
SamlService samlService = (SamlService) factory.createProtocolEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(samlService);
|
|
||||||
AuthenticationSessionModel authSession = samlService.getOrCreateLoginSessionForIdpInitiatedSso(session, realm,
|
AuthenticationSessionModel authSession = samlService.getOrCreateLoginSessionForIdpInitiatedSso(session, realm,
|
||||||
targetClient, null);
|
targetClient, null);
|
||||||
if (authSession == null) {
|
if (authSession == null) {
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,6 @@ import java.util.List;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.OAuthErrorException;
|
import org.keycloak.OAuthErrorException;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.crypto.KeyType;
|
import org.keycloak.crypto.KeyType;
|
||||||
|
|
@ -56,7 +55,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -78,11 +76,9 @@ public class OIDCLoginProtocolService {
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
private final HttpHeaders headers;
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -93,6 +89,8 @@ public class OIDCLoginProtocolService {
|
||||||
this.tokenManager = new TokenManager();
|
this.tokenManager = new TokenManager();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
this.providerConfig = providerConfig;
|
this.providerConfig = providerConfig;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder tokenServiceBaseUrl(UriInfo uriInfo) {
|
public static UriBuilder tokenServiceBaseUrl(UriInfo uriInfo) {
|
||||||
|
|
@ -158,9 +156,7 @@ public class OIDCLoginProtocolService {
|
||||||
*/
|
*/
|
||||||
@Path("auth")
|
@Path("auth")
|
||||||
public Object auth() {
|
public Object auth() {
|
||||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(session, event);
|
return new AuthorizationEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -169,7 +165,6 @@ public class OIDCLoginProtocolService {
|
||||||
@Path("registrations")
|
@Path("registrations")
|
||||||
public Object registrations() {
|
public Object registrations() {
|
||||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(session, event);
|
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint.register();
|
return endpoint.register();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -179,7 +174,6 @@ public class OIDCLoginProtocolService {
|
||||||
@Path("forgot-credentials")
|
@Path("forgot-credentials")
|
||||||
public Object forgotCredentialsPage() {
|
public Object forgotCredentialsPage() {
|
||||||
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(session, event);
|
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint.forgotCredentials();
|
return endpoint.forgotCredentials();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -188,9 +182,7 @@ public class OIDCLoginProtocolService {
|
||||||
*/
|
*/
|
||||||
@Path("token")
|
@Path("token")
|
||||||
public Object token() {
|
public Object token() {
|
||||||
TokenEndpoint endpoint = new TokenEndpoint(session, tokenManager, event);
|
return new TokenEndpoint(session, tokenManager, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("login-status-iframe.html")
|
@Path("login-status-iframe.html")
|
||||||
|
|
@ -243,25 +235,19 @@ public class OIDCLoginProtocolService {
|
||||||
|
|
||||||
@Path("userinfo")
|
@Path("userinfo")
|
||||||
public Object issueUserInfo() {
|
public Object issueUserInfo() {
|
||||||
UserInfoEndpoint endpoint = new UserInfoEndpoint(session, tokenManager);
|
return new UserInfoEndpoint(session, tokenManager);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* old deprecated logout endpoint needs to be removed in the future
|
/* old deprecated logout endpoint needs to be removed in the future
|
||||||
* https://issues.redhat.com/browse/KEYCLOAK-2940 */
|
* https://issues.redhat.com/browse/KEYCLOAK-2940 */
|
||||||
@Path("logout")
|
@Path("logout")
|
||||||
public Object logout() {
|
public Object logout() {
|
||||||
LogoutEndpoint endpoint = new LogoutEndpoint(session, tokenManager, event, providerConfig);
|
return new LogoutEndpoint(session, tokenManager, event, providerConfig);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("revoke")
|
@Path("revoke")
|
||||||
public Object revoke() {
|
public Object revoke() {
|
||||||
TokenRevocationEndpoint endpoint = new TokenRevocationEndpoint(session, event);
|
return new TokenRevocationEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("oauth/oob")
|
@Path("oauth/oob")
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@
|
||||||
package org.keycloak.protocol.oidc.endpoints;
|
package org.keycloak.protocol.oidc.endpoints;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.authentication.AuthenticationProcessor;
|
import org.keycloak.authentication.AuthenticationProcessor;
|
||||||
import org.keycloak.constants.AdapterConstants;
|
import org.keycloak.constants.AdapterConstants;
|
||||||
|
|
@ -115,9 +114,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
||||||
*/
|
*/
|
||||||
@Path("device")
|
@Path("device")
|
||||||
public Object authorizeDevice() {
|
public Object authorizeDevice() {
|
||||||
DeviceEndpoint endpoint = new DeviceEndpoint(session, event);
|
return new DeviceEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private Response process(MultivaluedMap<String, String> params) {
|
private Response process(MultivaluedMap<String, String> params) {
|
||||||
|
|
|
||||||
|
|
@ -88,7 +88,6 @@ import javax.ws.rs.OPTIONS;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
|
@ -106,11 +105,9 @@ public class LogoutEndpoint {
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
private final HttpHeaders headers;
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
private final TokenManager tokenManager;
|
private final TokenManager tokenManager;
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
|
|
@ -130,6 +127,8 @@ public class LogoutEndpoint {
|
||||||
this.event = event;
|
this.event = event;
|
||||||
this.providerConfig = providerConfig;
|
this.providerConfig = providerConfig;
|
||||||
this.offlineSessionsLazyLoadingEnabled = !Config.scope("userSessions").scope("infinispan").getBoolean("preloadOfflineSessionsFromDatabase", false);
|
this.offlineSessionsLazyLoadingEnabled = !Config.scope("userSessions").scope("infinispan").getBoolean("preloadOfflineSessionsFromDatabase", false);
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/")
|
@Path("/")
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ package org.keycloak.protocol.oidc.endpoints;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.OAuthErrorException;
|
import org.keycloak.OAuthErrorException;
|
||||||
import org.keycloak.authentication.AuthenticationProcessor;
|
import org.keycloak.authentication.AuthenticationProcessor;
|
||||||
|
|
@ -108,7 +107,6 @@ import javax.ws.rs.OPTIONS;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedHashMap;
|
import javax.ws.rs.core.MultivaluedHashMap;
|
||||||
|
|
@ -143,14 +141,11 @@ public class TokenEndpoint {
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
private final HttpResponse httpResponse;
|
||||||
private HttpResponse httpResponse;
|
|
||||||
|
|
||||||
@Context
|
private final HttpHeaders headers;
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -170,6 +165,9 @@ public class TokenEndpoint {
|
||||||
this.tokenManager = tokenManager;
|
this.tokenManager = tokenManager;
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.httpResponse = session.getContext().getContextObject(HttpResponse.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
|
|
@ -184,7 +182,6 @@ public class TokenEndpoint {
|
||||||
// create another instance of the endpoint that will be run within the new session.
|
// create another instance of the endpoint that will be run within the new session.
|
||||||
Resteasy.pushContext(KeycloakSession.class, kcSession);
|
Resteasy.pushContext(KeycloakSession.class, kcSession);
|
||||||
TokenEndpoint other = new TokenEndpoint(session, new TokenManager(), new EventBuilder(realmModel, kcSession, clientConnection));
|
TokenEndpoint other = new TokenEndpoint(session, new TokenManager(), new EventBuilder(realmModel, kcSession, clientConnection));
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(other);
|
|
||||||
return other.processGrantRequestInternal();
|
return other.processGrantRequestInternal();
|
||||||
} catch (WebApplicationException we) {
|
} catch (WebApplicationException we) {
|
||||||
// WebApplicationException needs to be returned and treated (rethrown) by the calling code because the new transaction
|
// WebApplicationException needs to be returned and treated (rethrown) by the calling code because the new transaction
|
||||||
|
|
@ -252,11 +249,7 @@ public class TokenEndpoint {
|
||||||
|
|
||||||
@Path("introspect")
|
@Path("introspect")
|
||||||
public Object introspect() {
|
public Object introspect() {
|
||||||
TokenIntrospectionEndpoint tokenIntrospectionEndpoint = new TokenIntrospectionEndpoint(this.session, this.event);
|
return new TokenIntrospectionEndpoint(this.session, this.event);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(tokenIntrospectionEndpoint);
|
|
||||||
|
|
||||||
return tokenIntrospectionEndpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@OPTIONS
|
@OPTIONS
|
||||||
|
|
|
||||||
|
|
@ -33,8 +33,6 @@ import org.keycloak.services.clientpolicy.ClientPolicyException;
|
||||||
import org.keycloak.services.clientpolicy.context.TokenIntrospectContext;
|
import org.keycloak.services.clientpolicy.context.TokenIntrospectContext;
|
||||||
|
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
@ -50,11 +48,8 @@ public class TokenIntrospectionEndpoint {
|
||||||
private static final String PARAM_TOKEN = "token";
|
private static final String PARAM_TOKEN = "token";
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
@Context
|
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -66,6 +61,7 @@ public class TokenIntrospectionEndpoint {
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|
|
||||||
|
|
@ -24,8 +24,6 @@ import java.util.stream.Collectors;
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.OPTIONS;
|
import javax.ws.rs.OPTIONS;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -64,11 +62,7 @@ public class TokenRevocationEndpoint {
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -85,6 +79,7 @@ public class TokenRevocationEndpoint {
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@ package org.keycloak.protocol.oidc.endpoints;
|
||||||
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.TokenCategory;
|
import org.keycloak.TokenCategory;
|
||||||
import org.keycloak.TokenVerifier;
|
import org.keycloak.TokenVerifier;
|
||||||
|
|
@ -74,7 +73,6 @@ import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.OPTIONS;
|
import javax.ws.rs.OPTIONS;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
|
@ -89,11 +87,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class UserInfoEndpoint {
|
public class UserInfoEndpoint {
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
|
||||||
private HttpResponse response;
|
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -113,6 +107,7 @@ public class UserInfoEndpoint {
|
||||||
this.tokenManager = tokenManager;
|
this.tokenManager = tokenManager;
|
||||||
this.appAuthManager = new AppAuthManager();
|
this.appAuthManager = new AppAuthManager();
|
||||||
this.error = new OAuth2Error().json(false).realm(realm);
|
this.error = new OAuth2Error().json(false).realm(realm);
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/")
|
@Path("/")
|
||||||
|
|
@ -124,9 +119,9 @@ public class UserInfoEndpoint {
|
||||||
@Path("/")
|
@Path("/")
|
||||||
@GET
|
@GET
|
||||||
@NoCache
|
@NoCache
|
||||||
public Response issueUserInfoGet(@Context final HttpHeaders headers) {
|
public Response issueUserInfoGet() {
|
||||||
setupCors();
|
setupCors();
|
||||||
String accessToken = this.appAuthManager.extractAuthorizationHeaderTokenOrReturnNull(headers);
|
String accessToken = this.appAuthManager.extractAuthorizationHeaderTokenOrReturnNull(session.getContext().getRequestHeaders());
|
||||||
authorization(accessToken);
|
authorization(accessToken);
|
||||||
return issueUserInfo();
|
return issueUserInfo();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,6 @@ import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -56,11 +55,11 @@ public class BackchannelAuthenticationCallbackEndpoint extends AbstractCibaEndpo
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(BackchannelAuthenticationCallbackEndpoint.class);
|
private static final Logger logger = Logger.getLogger(BackchannelAuthenticationCallbackEndpoint.class);
|
||||||
|
|
||||||
@Context
|
private final HttpRequest httpRequest;
|
||||||
private HttpRequest httpRequest;
|
|
||||||
|
|
||||||
public BackchannelAuthenticationCallbackEndpoint(KeycloakSession session, EventBuilder event) {
|
public BackchannelAuthenticationCallbackEndpoint(KeycloakSession session, EventBuilder event) {
|
||||||
super(session, event);
|
super(session, event);
|
||||||
|
this.httpRequest = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/")
|
@Path("/")
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,6 @@ import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -76,7 +75,8 @@ public class BackchannelAuthenticationEndpoint extends AbstractCibaEndpoint {
|
||||||
@NoCache
|
@NoCache
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response processGrantRequest(@Context HttpRequest httpRequest) {
|
public Response processGrantRequest() {
|
||||||
|
HttpRequest httpRequest = session.getContext().getContextObject(HttpRequest.class);
|
||||||
CIBAAuthenticationRequest request = authorizeClient(httpRequest.getDecodedFormParameters());
|
CIBAAuthenticationRequest request = authorizeClient(httpRequest.getDecodedFormParameters());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ package org.keycloak.protocol.oidc.grants.ciba.endpoints;
|
||||||
|
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
|
@ -63,11 +62,7 @@ public class CibaRootEndpoint implements OIDCExtProvider, OIDCExtProviderFactory
|
||||||
*/
|
*/
|
||||||
@Path("/auth/callback")
|
@Path("/auth/callback")
|
||||||
public BackchannelAuthenticationCallbackEndpoint authenticate() {
|
public BackchannelAuthenticationCallbackEndpoint authenticate() {
|
||||||
BackchannelAuthenticationCallbackEndpoint endpoint = new BackchannelAuthenticationCallbackEndpoint(session, event);
|
return new BackchannelAuthenticationCallbackEndpoint(session, event);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,6 @@ import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -81,13 +80,13 @@ public class DeviceEndpoint extends AuthorizationEndpointBase implements RealmRe
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(DeviceEndpoint.class);
|
protected static final Logger logger = Logger.getLogger(DeviceEndpoint.class);
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
private Cors cors;
|
private Cors cors;
|
||||||
|
|
||||||
public DeviceEndpoint(KeycloakSession session, EventBuilder event) {
|
public DeviceEndpoint(KeycloakSession session, EventBuilder event) {
|
||||||
super(session, event);
|
super(session, event);
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@
|
||||||
|
|
||||||
package org.keycloak.protocol.oidc.grants.device.endpoints;
|
package org.keycloak.protocol.oidc.grants.device.endpoints;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.models.KeycloakContext;
|
import org.keycloak.models.KeycloakContext;
|
||||||
|
|
@ -39,9 +38,7 @@ public class DeviceEndpointFactory implements RealmResourceProviderFactory {
|
||||||
KeycloakContext context = session.getContext();
|
KeycloakContext context = session.getContext();
|
||||||
RealmModel realm = context.getRealm();
|
RealmModel realm = context.getRealm();
|
||||||
EventBuilder event = new EventBuilder(realm, session, context.getConnection());
|
EventBuilder event = new EventBuilder(realm, session, context.getConnection());
|
||||||
DeviceEndpoint provider = new DeviceEndpoint(session, event);
|
return new DeviceEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(provider);
|
|
||||||
return provider;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,6 @@ import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
|
@ -59,8 +58,7 @@ public class ParEndpoint extends AbstractParEndpoint {
|
||||||
private static final String REQUEST_URI_PREFIX = "urn:ietf:params:oauth:request_uri:";
|
private static final String REQUEST_URI_PREFIX = "urn:ietf:params:oauth:request_uri:";
|
||||||
public static final int REQUEST_URI_PREFIX_LENGTH = REQUEST_URI_PREFIX.length();
|
public static final int REQUEST_URI_PREFIX_LENGTH = REQUEST_URI_PREFIX.length();
|
||||||
|
|
||||||
@Context
|
private final HttpRequest httpRequest;
|
||||||
private HttpRequest httpRequest;
|
|
||||||
|
|
||||||
private AuthorizationEndpointRequest authorizationRequest;
|
private AuthorizationEndpointRequest authorizationRequest;
|
||||||
|
|
||||||
|
|
@ -71,6 +69,7 @@ public class ParEndpoint extends AbstractParEndpoint {
|
||||||
|
|
||||||
public ParEndpoint(KeycloakSession session, EventBuilder event) {
|
public ParEndpoint(KeycloakSession session, EventBuilder event) {
|
||||||
super(session, event);
|
super(session, event);
|
||||||
|
this.httpRequest = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/")
|
@Path("/")
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ package org.keycloak.protocol.oidc.par.endpoints;
|
||||||
|
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
|
@ -45,11 +44,7 @@ public class ParRootEndpoint implements OIDCExtProvider, OIDCExtProviderFactory,
|
||||||
|
|
||||||
@Path("/request")
|
@Path("/request")
|
||||||
public ParEndpoint request() {
|
public ParEndpoint request() {
|
||||||
ParEndpoint endpoint = new ParEndpoint(session, event);
|
return new ParEndpoint(session, event);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,6 @@ import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.specimpl.ResteasyHttpHeaders;
|
import org.jboss.resteasy.specimpl.ResteasyHttpHeaders;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.broker.saml.SAMLDataMarshaller;
|
import org.keycloak.broker.saml.SAMLDataMarshaller;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.common.VerificationException;
|
import org.keycloak.common.VerificationException;
|
||||||
|
|
@ -1075,8 +1074,6 @@ public class SamlService extends AuthorizationEndpointBase {
|
||||||
public Response soapBinding(InputStream inputStream) {
|
public Response soapBinding(InputStream inputStream) {
|
||||||
SamlEcpProfileService bindingService = new SamlEcpProfileService(session, event, destinationValidator);
|
SamlEcpProfileService bindingService = new SamlEcpProfileService(session, event, destinationValidator);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(bindingService);
|
|
||||||
|
|
||||||
return bindingService.authenticate(inputStream);
|
return bindingService.authenticate(inputStream);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1335,8 +1332,8 @@ public class SamlService extends AuthorizationEndpointBase {
|
||||||
this.realmId = realm.getId();
|
this.realmId = realm.getId();
|
||||||
this.httpHeaders = new ResteasyHttpHeaders(headers.getRequestHeaders());
|
this.httpHeaders = new ResteasyHttpHeaders(headers.getRequestHeaders());
|
||||||
this.connection = connection;
|
this.connection = connection;
|
||||||
this.response = Resteasy.getContextData(org.jboss.resteasy.spi.HttpResponse.class);
|
this.response = session.getContext().getContextObject(org.jboss.resteasy.spi.HttpResponse.class);
|
||||||
this.request = Resteasy.getContextData(HttpRequest.class);
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
this.bindingType = bindingType;
|
this.bindingType = bindingType;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1404,7 +1401,6 @@ public class SamlService extends AuthorizationEndpointBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
SamlService endpoint = (SamlService) factory.createProtocolEndpoint(session, event);
|
SamlService endpoint = (SamlService) factory.createProtocolEndpoint(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
BindingProtocol protocol;
|
BindingProtocol protocol;
|
||||||
if (SamlProtocol.SAML_POST_BINDING.equals(bindingType)) {
|
if (SamlProtocol.SAML_POST_BINDING.equals(bindingType)) {
|
||||||
protocol = endpoint.newPostBindingProtocol();
|
protocol = endpoint.newPostBindingProtocol();
|
||||||
|
|
|
||||||
|
|
@ -22,9 +22,9 @@ import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
|
||||||
|
|
||||||
import javax.ws.rs.BadRequestException;
|
import javax.ws.rs.BadRequestException;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.ext.ExceptionMapper;
|
import javax.ws.rs.ext.ExceptionMapper;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Override explicitly added ExceptionMapper for handling <code>UnrecognizedPropertyException</code> in RestEasy Jackson
|
* Override explicitly added ExceptionMapper for handling <code>UnrecognizedPropertyException</code> in RestEasy Jackson
|
||||||
|
|
@ -34,13 +34,13 @@ import javax.ws.rs.ext.ExceptionMapper;
|
||||||
public class KcUnrecognizedPropertyExceptionHandler implements ExceptionMapper<UnrecognizedPropertyException> {
|
public class KcUnrecognizedPropertyExceptionHandler implements ExceptionMapper<UnrecognizedPropertyException> {
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
private HttpHeaders headers;
|
KeycloakSession session;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return escaped original message
|
* Return escaped original message
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public Response toResponse(UnrecognizedPropertyException exception) {
|
public Response toResponse(UnrecognizedPropertyException exception) {
|
||||||
return KeycloakErrorHandler.getResponse(headers, new BadRequestException(exception.getMessage()));
|
return KeycloakErrorHandler.getResponse(session, new BadRequestException(exception.getMessage()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -3,9 +3,7 @@ package org.keycloak.services.error;
|
||||||
import com.fasterxml.jackson.core.JsonParseException;
|
import com.fasterxml.jackson.core.JsonParseException;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.Failure;
|
import org.jboss.resteasy.spi.Failure;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.common.util.Resteasy;
|
|
||||||
import org.keycloak.forms.login.freemarker.model.UrlBean;
|
import org.keycloak.forms.login.freemarker.model.UrlBean;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakTransaction;
|
import org.keycloak.models.KeycloakTransaction;
|
||||||
|
|
@ -46,18 +44,14 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
|
||||||
public static final String ERROR_RESPONSE_TEXT = "Error response {0}";
|
public static final String ERROR_RESPONSE_TEXT = "Error response {0}";
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
private HttpHeaders headers;
|
KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
|
||||||
private HttpResponse response;
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response toResponse(Throwable throwable) {
|
public Response toResponse(Throwable throwable) {
|
||||||
return getResponse(headers, throwable);
|
return getResponse(session, throwable);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Response getResponse(HttpHeaders headers, Throwable throwable) {
|
public static Response getResponse(KeycloakSession session, Throwable throwable) {
|
||||||
KeycloakSession session = Resteasy.getContextData(KeycloakSession.class);
|
|
||||||
KeycloakTransaction tx = session.getTransactionManager();
|
KeycloakTransaction tx = session.getTransactionManager();
|
||||||
tx.setRollbackOnly();
|
tx.setRollbackOnly();
|
||||||
|
|
||||||
|
|
@ -69,6 +63,8 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
|
||||||
logger.debugv(throwable, ERROR_RESPONSE_TEXT, statusCode);
|
logger.debugv(throwable, ERROR_RESPONSE_TEXT, statusCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
HttpHeaders headers = session.getContext().getRequestHeaders();
|
||||||
|
|
||||||
if (!MediaTypeMatcher.isHtmlRequest(headers)) {
|
if (!MediaTypeMatcher.isHtmlRequest(headers)) {
|
||||||
OAuth2ErrorRepresentation error = new OAuth2ErrorRepresentation();
|
OAuth2ErrorRepresentation error = new OAuth2ErrorRepresentation();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,6 @@ import org.keycloak.util.TokenUtil;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.NewCookie;
|
import javax.ws.rs.core.NewCookie;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -58,16 +57,14 @@ public abstract class AbstractSecuredLocalService {
|
||||||
protected final ClientModel client;
|
protected final ClientModel client;
|
||||||
protected final RealmModel realm;
|
protected final RealmModel realm;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
protected final ClientConnection clientConnection;
|
protected final ClientConnection clientConnection;
|
||||||
protected String stateChecker;
|
protected String stateChecker;
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
protected final HttpRequest request;
|
||||||
protected HttpRequest request;
|
|
||||||
protected Auth auth;
|
protected Auth auth;
|
||||||
|
|
||||||
public AbstractSecuredLocalService(KeycloakSession session, ClientModel client) {
|
public AbstractSecuredLocalService(KeycloakSession session, ClientModel client) {
|
||||||
|
|
@ -75,6 +72,8 @@ public abstract class AbstractSecuredLocalService {
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
this.client = client;
|
this.client = client;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("login-redirect")
|
@Path("login-redirect")
|
||||||
|
|
@ -83,8 +82,7 @@ public abstract class AbstractSecuredLocalService {
|
||||||
@QueryParam("state") String state,
|
@QueryParam("state") String state,
|
||||||
@QueryParam("error") String error,
|
@QueryParam("error") String error,
|
||||||
@QueryParam("path") String path,
|
@QueryParam("path") String path,
|
||||||
@QueryParam("referrer") String referrer,
|
@QueryParam("referrer") String referrer) {
|
||||||
@Context HttpHeaders headers) {
|
|
||||||
try {
|
try {
|
||||||
if (error != null) {
|
if (error != null) {
|
||||||
if (OAuthErrorException.ACCESS_DENIED.equals(error)) {
|
if (OAuthErrorException.ACCESS_DENIED.equals(error)) {
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,6 @@ import javax.ws.rs.HeaderParam;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
|
@ -57,11 +56,9 @@ public class ClientsManagementService {
|
||||||
|
|
||||||
private final EventBuilder event;
|
private final EventBuilder event;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -72,6 +69,8 @@ public class ClientsManagementService {
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder clientsManagementBaseUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder clientsManagementBaseUrl(UriBuilder baseUriBuilder) {
|
||||||
|
|
|
||||||
|
|
@ -99,7 +99,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
@ -138,11 +137,9 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
private final HttpHeaders headers;
|
||||||
private HttpHeaders headers;
|
|
||||||
|
|
||||||
private EventBuilder event;
|
private EventBuilder event;
|
||||||
|
|
||||||
|
|
@ -154,6 +151,8 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
if (realmModel == null) {
|
if (realmModel == null) {
|
||||||
throw new IllegalArgumentException("Realm can not be null.");
|
throw new IllegalArgumentException("Realm can not be null.");
|
||||||
}
|
}
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void init() {
|
public void init() {
|
||||||
|
|
|
||||||
|
|
@ -46,9 +46,6 @@ public class JsResource {
|
||||||
@Context
|
@Context
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get keycloak.js file for javascript clients
|
* Get keycloak.js file for javascript clients
|
||||||
*
|
*
|
||||||
|
|
@ -127,7 +124,7 @@ public class JsResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
String contentType = "text/javascript";
|
String contentType = "text/javascript";
|
||||||
Cors cors = Cors.add(request).allowAllOrigins();
|
Cors cors = Cors.add(session.getContext().getContextObject(HttpRequest.class)).allowAllOrigins();
|
||||||
|
|
||||||
ResourceEncodingProvider encodingProvider = ResourceEncodingHelper.getResourceEncodingProvider(session, contentType);
|
ResourceEncodingProvider encodingProvider = ResourceEncodingHelper.getResourceEncodingProvider(session, contentType);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ import org.keycloak.authentication.RequiredActionFactory;
|
||||||
import org.keycloak.authentication.RequiredActionProvider;
|
import org.keycloak.authentication.RequiredActionProvider;
|
||||||
import org.keycloak.authentication.actiontoken.ActionTokenContext;
|
import org.keycloak.authentication.actiontoken.ActionTokenContext;
|
||||||
import org.keycloak.authentication.actiontoken.ActionTokenHandler;
|
import org.keycloak.authentication.actiontoken.ActionTokenHandler;
|
||||||
|
import org.keycloak.common.util.Resteasy;
|
||||||
import org.keycloak.models.DefaultActionTokenKey;
|
import org.keycloak.models.DefaultActionTokenKey;
|
||||||
import org.keycloak.authentication.actiontoken.ExplainedTokenVerificationException;
|
import org.keycloak.authentication.actiontoken.ExplainedTokenVerificationException;
|
||||||
import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler;
|
import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler;
|
||||||
|
|
@ -91,7 +92,6 @@ import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
|
@ -129,11 +129,9 @@ public class LoginActionsService {
|
||||||
|
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
private final ClientConnection clientConnection;
|
private final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -180,6 +178,8 @@ public class LoginActionsService {
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.event = event;
|
this.event = event;
|
||||||
CacheControlUtil.noBackButtonCacheControlHeader();
|
CacheControlUtil.noBackButtonCacheControlHeader();
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean checkSsl() {
|
private boolean checkSsl() {
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,6 @@ import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.OPTIONS;
|
import javax.ws.rs.OPTIONS;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriInfo;
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
@ -45,11 +44,9 @@ import javax.ws.rs.core.UriInfo;
|
||||||
public class PublicRealmResource {
|
public class PublicRealmResource {
|
||||||
protected static final Logger logger = Logger.getLogger(PublicRealmResource.class);
|
protected static final Logger logger = Logger.getLogger(PublicRealmResource.class);
|
||||||
|
|
||||||
@Context
|
protected final HttpRequest request;
|
||||||
protected HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpResponse response;
|
||||||
protected HttpResponse response;
|
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -58,6 +55,8 @@ public class PublicRealmResource {
|
||||||
public PublicRealmResource(KeycloakSession session) {
|
public PublicRealmResource(KeycloakSession session) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.response = session.getContext().getContextObject(HttpResponse.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@ package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.OAuthErrorException;
|
import org.keycloak.OAuthErrorException;
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.AuthorizationService;
|
import org.keycloak.authorization.AuthorizationService;
|
||||||
|
|
@ -67,9 +66,6 @@ public class RealmsResource {
|
||||||
@Context
|
@Context
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
public static UriBuilder realmBaseUrl(UriInfo uriInfo) {
|
public static UriBuilder realmBaseUrl(UriInfo uriInfo) {
|
||||||
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
||||||
return realmBaseUrl(baseUriBuilder);
|
return realmBaseUrl(baseUriBuilder);
|
||||||
|
|
@ -116,10 +112,7 @@ public class RealmsResource {
|
||||||
|
|
||||||
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
||||||
|
|
||||||
Object endpoint = factory.createProtocolEndpoint(session, event);
|
return factory.createProtocolEndpoint(session, event);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
|
|
||||||
return endpoint;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -165,9 +158,7 @@ public class RealmsResource {
|
||||||
public LoginActionsService getLoginActionsService(final @PathParam("realm") String name) {
|
public LoginActionsService getLoginActionsService(final @PathParam("realm") String name) {
|
||||||
resolveRealmAndUpdateSession(name);
|
resolveRealmAndUpdateSession(name);
|
||||||
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
||||||
LoginActionsService service = new LoginActionsService(session, event);
|
return new LoginActionsService(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(service);
|
|
||||||
return service;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("{realm}/clients-registrations")
|
@Path("{realm}/clients-registrations")
|
||||||
|
|
@ -181,9 +172,7 @@ public class RealmsResource {
|
||||||
public ClientsManagementService getClientsManagementService(final @PathParam("realm") String name) {
|
public ClientsManagementService getClientsManagementService(final @PathParam("realm") String name) {
|
||||||
resolveRealmAndUpdateSession(name);
|
resolveRealmAndUpdateSession(name);
|
||||||
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
||||||
ClientsManagementService service = new ClientsManagementService(session, event);
|
return new ClientsManagementService(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(service);
|
|
||||||
return service;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void resolveRealmAndUpdateSession(String realmName) {
|
private void resolveRealmAndUpdateSession(String realmName) {
|
||||||
|
|
@ -199,17 +188,13 @@ public class RealmsResource {
|
||||||
public Object getAccountService(final @PathParam("realm") String name) {
|
public Object getAccountService(final @PathParam("realm") String name) {
|
||||||
resolveRealmAndUpdateSession(name);
|
resolveRealmAndUpdateSession(name);
|
||||||
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
EventBuilder event = new EventBuilder(session.getContext().getRealm(), session, session.getContext().getConnection());
|
||||||
AccountLoader accountLoader = new AccountLoader(session, event);
|
return new AccountLoader(session, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(accountLoader);
|
|
||||||
return accountLoader;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("{realm}")
|
@Path("{realm}")
|
||||||
public PublicRealmResource getRealmResource(final @PathParam("realm") String name) {
|
public PublicRealmResource getRealmResource(final @PathParam("realm") String name) {
|
||||||
resolveRealmAndUpdateSession(name);
|
resolveRealmAndUpdateSession(name);
|
||||||
PublicRealmResource realmResource = new PublicRealmResource(session);
|
return new PublicRealmResource(session);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(realmResource);
|
|
||||||
return realmResource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("{realm}/broker")
|
@Path("{realm}/broker")
|
||||||
|
|
@ -217,7 +202,6 @@ public class RealmsResource {
|
||||||
resolveRealmAndUpdateSession(name);
|
resolveRealmAndUpdateSession(name);
|
||||||
|
|
||||||
IdentityBrokerService brokerService = new IdentityBrokerService(session);
|
IdentityBrokerService brokerService = new IdentityBrokerService(session);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(brokerService);
|
|
||||||
|
|
||||||
brokerService.init();
|
brokerService.init();
|
||||||
|
|
||||||
|
|
@ -229,7 +213,7 @@ public class RealmsResource {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response getVersionPreflight(final @PathParam("realm") String name,
|
public Response getVersionPreflight(final @PathParam("realm") String name,
|
||||||
final @PathParam("provider") String providerName) {
|
final @PathParam("provider") String providerName) {
|
||||||
return Cors.add(request, Response.ok()).allowedMethods("GET").preflight().auth().build();
|
return Cors.add(session.getContext().getContextObject(HttpRequest.class), Response.ok()).allowedMethods("GET").preflight().auth().build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
@ -252,7 +236,7 @@ public class RealmsResource {
|
||||||
|
|
||||||
if (wellKnown != null) {
|
if (wellKnown != null) {
|
||||||
ResponseBuilder responseBuilder = Response.ok(wellKnown.getConfig()).cacheControl(CacheControlUtil.noCache());
|
ResponseBuilder responseBuilder = Response.ok(wellKnown.getConfig()).cacheControl(CacheControlUtil.noCache());
|
||||||
return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build();
|
return Cors.add(session.getContext().getContextObject(HttpRequest.class), responseBuilder).allowedOrigins("*").auth().build();
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
|
|
@ -290,6 +274,7 @@ public class RealmsResource {
|
||||||
private void checkSsl(RealmModel realm) {
|
private void checkSsl(RealmModel realm) {
|
||||||
if (!session.getContext().getUri().getBaseUri().getScheme().equals("https")
|
if (!session.getContext().getUri().getBaseUri().getScheme().equals("https")
|
||||||
&& realm.getSslRequired().isRequired(session.getContext().getConnection())) {
|
&& realm.getSslRequired().isRequired(session.getContext().getConnection())) {
|
||||||
|
HttpRequest request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
Cors cors = Cors.add(request).auth().allowedMethods(request.getHttpMethod()).auth().exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS);
|
Cors cors = Cors.add(request).auth().allowedMethods(request.getHttpMethod()).auth().exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS);
|
||||||
throw new CorsErrorResponseException(cors.allowAllOrigins(), OAuthErrorException.INVALID_REQUEST, "HTTPS required",
|
throw new CorsErrorResponseException(cors.allowAllOrigins(), OAuthErrorException.INVALID_REQUEST, "HTTPS required",
|
||||||
Response.Status.FORBIDDEN);
|
Response.Status.FORBIDDEN);
|
||||||
|
|
|
||||||
|
|
@ -67,9 +67,6 @@ public class WelcomeResource {
|
||||||
|
|
||||||
private static final String KEYCLOAK_STATE_CHECKER = "WELCOME_STATE_CHECKER";
|
private static final String KEYCLOAK_STATE_CHECKER = "WELCOME_STATE_CHECKER";
|
||||||
|
|
||||||
@Context
|
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -246,7 +243,7 @@ public class WelcomeResource {
|
||||||
ClientConnection clientConnection = session.getContext().getConnection();
|
ClientConnection clientConnection = session.getContext().getConnection();
|
||||||
InetAddress remoteInetAddress = InetAddress.getByName(clientConnection.getRemoteAddr());
|
InetAddress remoteInetAddress = InetAddress.getByName(clientConnection.getRemoteAddr());
|
||||||
InetAddress localInetAddress = InetAddress.getByName(clientConnection.getLocalAddr());
|
InetAddress localInetAddress = InetAddress.getByName(clientConnection.getLocalAddr());
|
||||||
String xForwardedFor = headers.getHeaderString("X-Forwarded-For");
|
String xForwardedFor = session.getContext().getRequestHeaders().getHeaderString("X-Forwarded-For");
|
||||||
logger.debugf("Checking WelcomePage. Remote address: %s, Local address: %s, X-Forwarded-For header: %s", remoteInetAddress.toString(), localInetAddress.toString(), xForwardedFor);
|
logger.debugf("Checking WelcomePage. Remote address: %s, Local address: %s, X-Forwarded-For header: %s", remoteInetAddress.toString(), localInetAddress.toString(), xForwardedFor);
|
||||||
|
|
||||||
// Access through AJP protocol (loadbalancer) may cause that remoteAddress is "127.0.0.1".
|
// Access through AJP protocol (loadbalancer) may cause that remoteAddress is "127.0.0.1".
|
||||||
|
|
@ -277,7 +274,7 @@ public class WelcomeResource {
|
||||||
|
|
||||||
private void csrfCheck(final MultivaluedMap<String, String> formData) {
|
private void csrfCheck(final MultivaluedMap<String, String> formData) {
|
||||||
String formStateChecker = formData.getFirst("stateChecker");
|
String formStateChecker = formData.getFirst("stateChecker");
|
||||||
Cookie cookie = headers.getCookies().get(KEYCLOAK_STATE_CHECKER);
|
Cookie cookie = session.getContext().getRequestHeaders().getCookies().get(KEYCLOAK_STATE_CHECKER);
|
||||||
if (cookie == null) {
|
if (cookie == null) {
|
||||||
throw new ForbiddenException();
|
throw new ForbiddenException();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ package org.keycloak.services.resources.account;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.enums.AccountRestApiVersion;
|
import org.keycloak.common.enums.AccountRestApiVersion;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
|
|
@ -39,7 +38,6 @@ import javax.ws.rs.NotFoundException;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.UriInfo;
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
@ -54,16 +52,16 @@ public class AccountLoader {
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
private final EventBuilder event;
|
private final EventBuilder event;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
private final HttpResponse response;
|
||||||
@Context
|
|
||||||
private HttpResponse response;
|
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AccountLoader.class);
|
private static final Logger logger = Logger.getLogger(AccountLoader.class);
|
||||||
|
|
||||||
public AccountLoader(KeycloakSession session, EventBuilder event) {
|
public AccountLoader(KeycloakSession session, EventBuilder event) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.response = session.getContext().getContextObject(HttpResponse.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/")
|
@Path("/")
|
||||||
|
|
@ -87,7 +85,6 @@ public class AccountLoader {
|
||||||
} else {
|
} else {
|
||||||
if (deprecatedAccount) {
|
if (deprecatedAccount) {
|
||||||
AccountFormService accountFormService = new AccountFormService(session, client, event);
|
AccountFormService accountFormService = new AccountFormService(session, client, event);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(accountFormService);
|
|
||||||
accountFormService.init();
|
accountFormService.init();
|
||||||
return accountFormService;
|
return accountFormService;
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -150,9 +147,7 @@ public class AccountLoader {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
AccountRestService accountRestService = new AccountRestService(session, auth, event, version);
|
return new AccountRestService(session, auth, event, version);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(accountRestService);
|
|
||||||
return accountRestService;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private ClientModel getAccountManagementClient(RealmModel realm) {
|
private ClientModel getAccountManagementClient(RealmModel realm) {
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -100,10 +99,9 @@ import org.keycloak.validate.Validators;
|
||||||
*/
|
*/
|
||||||
public class AccountRestService {
|
public class AccountRestService {
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
protected final ClientConnection clientConnection;
|
protected final ClientConnection clientConnection;
|
||||||
|
|
||||||
|
|
@ -126,6 +124,8 @@ public class AccountRestService {
|
||||||
this.locale = session.getContext().resolveLocale(user);
|
this.locale = session.getContext().resolveLocale(user);
|
||||||
this.version = version;
|
this.version = version;
|
||||||
event.client(auth.getClient()).user(auth.getUser());
|
event.client(auth.getClient()).user(auth.getUser());
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -52,8 +52,6 @@ import javax.ws.rs.OPTIONS;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
|
@ -75,11 +73,9 @@ public class AdminConsole {
|
||||||
|
|
||||||
protected final ClientConnection clientConnection;
|
protected final ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
protected final HttpRequest request;
|
||||||
protected HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpResponse response;
|
||||||
protected HttpResponse response;
|
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -89,6 +85,8 @@ public class AdminConsole {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.response = session.getContext().getContextObject(HttpResponse.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static class WhoAmI {
|
public static class WhoAmI {
|
||||||
|
|
@ -200,12 +198,12 @@ public class AdminConsole {
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@NoCache
|
@NoCache
|
||||||
public Response whoAmI(final @Context HttpHeaders headers) {
|
public Response whoAmI() {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session)
|
AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session)
|
||||||
.setRealm(realm)
|
.setRealm(realm)
|
||||||
.setConnection(clientConnection)
|
.setConnection(clientConnection)
|
||||||
.setHeaders(headers)
|
.setHeaders(session.getContext().getRequestHeaders())
|
||||||
.authenticate();
|
.authenticate();
|
||||||
|
|
||||||
if (authResult == null) {
|
if (authResult == null) {
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import javax.ws.rs.NotAuthorizedException;
|
import javax.ws.rs.NotAuthorizedException;
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.jose.jws.JWSInput;
|
import org.keycloak.jose.jws.JWSInput;
|
||||||
|
|
@ -62,12 +61,6 @@ import java.util.Properties;
|
||||||
public class AdminRoot {
|
public class AdminRoot {
|
||||||
protected static final Logger logger = Logger.getLogger(AdminRoot.class);
|
protected static final Logger logger = Logger.getLogger(AdminRoot.class);
|
||||||
|
|
||||||
@Context
|
|
||||||
protected HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
|
||||||
protected HttpResponse response;
|
|
||||||
|
|
||||||
protected TokenManager tokenManager;
|
protected TokenManager tokenManager;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
|
|
@ -154,9 +147,8 @@ public class AdminRoot {
|
||||||
}
|
}
|
||||||
|
|
||||||
resolveRealmAndUpdateSession(name, session);
|
resolveRealmAndUpdateSession(name, session);
|
||||||
AdminConsole service = new AdminConsole(session);
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(service);
|
return new AdminConsole(session);
|
||||||
return service;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -207,7 +199,8 @@ public class AdminRoot {
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@Path("realms")
|
@Path("realms")
|
||||||
public Object getRealmsAdmin(@Context final HttpHeaders headers) {
|
public Object getRealmsAdmin() {
|
||||||
|
HttpRequest request = getHttpRequest();
|
||||||
|
|
||||||
if (!isAdminApiEnabled()) {
|
if (!isAdminApiEnabled()) {
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
|
|
@ -217,12 +210,15 @@ public class AdminRoot {
|
||||||
return new AdminCorsPreflightService(request);
|
return new AdminCorsPreflightService(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
AdminAuth auth = authenticateRealmAdminRequest(headers);
|
AdminAuth auth = authenticateRealmAdminRequest(session.getContext().getRequestHeaders());
|
||||||
if (auth != null) {
|
if (auth != null) {
|
||||||
logger.debug("authenticated admin access for: " + auth.getUser().getUsername());
|
logger.debug("authenticated admin access for: " + auth.getUser().getUsername());
|
||||||
}
|
}
|
||||||
|
|
||||||
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").exposedHeaders("Location").auth().build(response);
|
HttpResponse response = getHttpResponse();
|
||||||
|
|
||||||
|
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").exposedHeaders("Location").auth().build(
|
||||||
|
response);
|
||||||
|
|
||||||
return new RealmsAdminResource(session, auth, tokenManager);
|
return new RealmsAdminResource(session, auth, tokenManager);
|
||||||
}
|
}
|
||||||
|
|
@ -234,17 +230,19 @@ public class AdminRoot {
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@Path("serverinfo")
|
@Path("serverinfo")
|
||||||
public Object getServerInfo(@Context final HttpHeaders headers) {
|
public Object getServerInfo() {
|
||||||
|
|
||||||
if (!isAdminApiEnabled()) {
|
if (!isAdminApiEnabled()) {
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
HttpRequest request = getHttpRequest();
|
||||||
|
|
||||||
if (request.getHttpMethod().equals(HttpMethod.OPTIONS)) {
|
if (request.getHttpMethod().equals(HttpMethod.OPTIONS)) {
|
||||||
return new AdminCorsPreflightService(request);
|
return new AdminCorsPreflightService(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
AdminAuth auth = authenticateRealmAdminRequest(headers);
|
AdminAuth auth = authenticateRealmAdminRequest(session.getContext().getRequestHeaders());
|
||||||
if (!AdminPermissions.realms(session, auth).isAdmin()) {
|
if (!AdminPermissions.realms(session, auth).isAdmin()) {
|
||||||
throw new ForbiddenException();
|
throw new ForbiddenException();
|
||||||
}
|
}
|
||||||
|
|
@ -253,11 +251,20 @@ public class AdminRoot {
|
||||||
logger.debug("authenticated admin access for: " + auth.getUser().getUsername());
|
logger.debug("authenticated admin access for: " + auth.getUser().getUsername());
|
||||||
}
|
}
|
||||||
|
|
||||||
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response);
|
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(
|
||||||
|
getHttpResponse());
|
||||||
|
|
||||||
return new ServerInfoAdminResource(session);
|
return new ServerInfoAdminResource(session);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private HttpResponse getHttpResponse() {
|
||||||
|
return session.getContext().getContextObject(HttpResponse.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
private HttpRequest getHttpRequest() {
|
||||||
|
return session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
}
|
||||||
|
|
||||||
public static Theme getTheme(KeycloakSession session, RealmModel realm) throws IOException {
|
public static Theme getTheme(KeycloakSession session, RealmModel realm) throws IOException {
|
||||||
return session.theme().getTheme(Theme.Type.ADMIN);
|
return session.theme().getTheme(Theme.Type.ADMIN);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,6 @@ import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
|
@ -57,8 +56,7 @@ public class AttackDetectionResource {
|
||||||
|
|
||||||
protected final ClientConnection connection;
|
protected final ClientConnection connection;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public AttackDetectionResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
public AttackDetectionResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
|
@ -66,6 +64,7 @@ public class AttackDetectionResource {
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.connection = session.getContext().getConnection();
|
this.connection = session.getContext().getConnection();
|
||||||
this.adminEvent = adminEvent.realm(realm).resource(ResourceType.USER_LOGIN_FAILURE);
|
this.adminEvent = adminEvent.realm(realm).resource(ResourceType.USER_LOGIN_FAILURE);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,6 @@ import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -70,7 +69,7 @@ public class ClientInitialAccessResource {
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public ClientInitialAccessPresentation create(ClientInitialAccessCreatePresentation config, @Context final HttpResponse response) {
|
public ClientInitialAccessPresentation create(ClientInitialAccessCreatePresentation config) {
|
||||||
auth.clients().requireManage();
|
auth.clients().requireManage();
|
||||||
|
|
||||||
int expiration = config.getExpiration() != null ? config.getExpiration() : 0;
|
int expiration = config.getExpiration() != null ? config.getExpiration() : 0;
|
||||||
|
|
@ -85,6 +84,8 @@ public class ClientInitialAccessResource {
|
||||||
String token = ClientRegistrationTokenUtils.createInitialAccessToken(session, realm, clientInitialAccessModel);
|
String token = ClientRegistrationTokenUtils.createInitialAccessToken(session, realm, clientInitialAccessModel);
|
||||||
rep.setToken(token);
|
rep.setToken(token);
|
||||||
|
|
||||||
|
HttpResponse response = session.getContext().getContextObject(HttpResponse.class);
|
||||||
|
|
||||||
response.setStatus(Response.Status.CREATED.getStatusCode());
|
response.setStatus(Response.Status.CREATED.getStatusCode());
|
||||||
response.getOutputHeaders().add(HttpHeaders.LOCATION, session.getContext().getUri().getAbsolutePathBuilder().path(clientInitialAccessModel.getId()).build().toString());
|
response.getOutputHeaders().add(HttpHeaders.LOCATION, session.getContext().getUri().getAbsolutePathBuilder().path(clientInitialAccessModel.getId()).build().toString());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,6 @@ import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.PUT;
|
import javax.ws.rs.PUT;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
|
@ -40,11 +39,9 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluato
|
||||||
public class ClientPoliciesResource {
|
public class ClientPoliciesResource {
|
||||||
protected static final Logger logger = Logger.getLogger(ClientPoliciesResource.class);
|
protected static final Logger logger = Logger.getLogger(ClientPoliciesResource.class);
|
||||||
|
|
||||||
@Context
|
protected final HttpRequest request;
|
||||||
protected HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpResponse response;
|
||||||
protected HttpResponse response;
|
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -55,6 +52,8 @@ public class ClientPoliciesResource {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.response = session.getContext().getContextObject(HttpResponse.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,6 @@ import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.PUT;
|
import javax.ws.rs.PUT;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
|
@ -41,11 +40,9 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluato
|
||||||
public class ClientProfilesResource {
|
public class ClientProfilesResource {
|
||||||
protected static final Logger logger = Logger.getLogger(ClientProfilesResource.class);
|
protected static final Logger logger = Logger.getLogger(ClientProfilesResource.class);
|
||||||
|
|
||||||
@Context
|
protected final HttpRequest request;
|
||||||
protected HttpRequest request;
|
|
||||||
|
|
||||||
@Context
|
protected final HttpResponse response;
|
||||||
protected HttpResponse response;
|
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -56,6 +53,8 @@ public class ClientProfilesResource {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
|
this.response = session.getContext().getContextObject(HttpResponse.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -82,8 +81,7 @@ public class ComponentResource {
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public ComponentResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
public ComponentResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
|
@ -91,6 +89,7 @@ public class ComponentResource {
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.adminEvent = adminEvent.resource(ResourceType.COMPONENT);
|
this.adminEvent = adminEvent.resource(ResourceType.COMPONENT);
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@ package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.util.ObjectUtil;
|
import org.keycloak.common.util.ObjectUtil;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
import org.keycloak.events.admin.ResourceType;
|
import org.keycloak.events.admin.ResourceType;
|
||||||
|
|
@ -237,9 +236,7 @@ public class GroupResource {
|
||||||
public RoleMapperResource getRoleMappings() {
|
public RoleMapperResource getRoleMappings() {
|
||||||
AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.groups().requireManage(group);
|
AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.groups().requireManage(group);
|
||||||
AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.groups().requireView(group);
|
AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.groups().requireView(group);
|
||||||
RoleMapperResource resource = new RoleMapperResource(session, auth, group, adminEvent, manageCheck, viewCheck);
|
return new RoleMapperResource(session, auth, group, adminEvent, manageCheck, viewCheck);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
|
||||||
return resource;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -132,8 +131,7 @@ public class RealmAdminResource {
|
||||||
|
|
||||||
protected final ClientConnection connection;
|
protected final ClientConnection connection;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public RealmAdminResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
public RealmAdminResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
|
@ -141,6 +139,7 @@ public class RealmAdminResource {
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.connection = session.getContext().getConnection();
|
this.connection = session.getContext().getConnection();
|
||||||
this.adminEvent = adminEvent.resource(ResourceType.REALM);
|
this.adminEvent = adminEvent.resource(ResourceType.REALM);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -174,9 +173,7 @@ public class RealmAdminResource {
|
||||||
*/
|
*/
|
||||||
@Path("attack-detection")
|
@Path("attack-detection")
|
||||||
public AttackDetectionResource getAttackDetection() {
|
public AttackDetectionResource getAttackDetection() {
|
||||||
AttackDetectionResource resource = new AttackDetectionResource(session, auth, adminEvent);
|
return new AttackDetectionResource(session, auth, adminEvent);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
|
||||||
return resource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -329,9 +326,7 @@ public class RealmAdminResource {
|
||||||
*/
|
*/
|
||||||
@Path("components")
|
@Path("components")
|
||||||
public ComponentResource getComponents() {
|
public ComponentResource getComponents() {
|
||||||
ComponentResource resource = new ComponentResource(session, auth, adminEvent);
|
return new ComponentResource(session, auth, adminEvent);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
|
||||||
return resource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -462,10 +457,7 @@ public class RealmAdminResource {
|
||||||
*/
|
*/
|
||||||
@Path("users")
|
@Path("users")
|
||||||
public UsersResource users() {
|
public UsersResource users() {
|
||||||
UsersResource users = new UsersResource(session, auth, adminEvent);
|
return new UsersResource(session, auth, adminEvent);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(users);
|
|
||||||
//resourceContext.initResource(users);
|
|
||||||
return users;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@NoCache
|
@NoCache
|
||||||
|
|
@ -1092,16 +1084,12 @@ public class RealmAdminResource {
|
||||||
@Path("client-policies/policies")
|
@Path("client-policies/policies")
|
||||||
public ClientPoliciesResource getClientPoliciesResource() {
|
public ClientPoliciesResource getClientPoliciesResource() {
|
||||||
ProfileHelper.requireFeature(Profile.Feature.CLIENT_POLICIES);
|
ProfileHelper.requireFeature(Profile.Feature.CLIENT_POLICIES);
|
||||||
ClientPoliciesResource resource = new ClientPoliciesResource(session, auth);
|
return new ClientPoliciesResource(session, auth);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
|
||||||
return resource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("client-policies/profiles")
|
@Path("client-policies/profiles")
|
||||||
public ClientProfilesResource getClientProfilesResource() {
|
public ClientProfilesResource getClientProfilesResource() {
|
||||||
ProfileHelper.requireFeature(Profile.Feature.CLIENT_POLICIES);
|
ProfileHelper.requireFeature(Profile.Feature.CLIENT_POLICIES);
|
||||||
ClientProfilesResource resource = new ClientProfilesResource(session, auth);
|
return new ClientProfilesResource(session, auth);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
|
||||||
return resource;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@ package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.models.AdminRoles;
|
import org.keycloak.models.AdminRoles;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
|
|
@ -47,8 +46,6 @@ import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.CacheControl;
|
import javax.ws.rs.core.CacheControl;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
|
@ -168,8 +165,7 @@ public class RealmsAdminResource {
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@Path("{realm}")
|
@Path("{realm}")
|
||||||
public RealmAdminResource getRealmAdmin(@Context final HttpHeaders headers,
|
public RealmAdminResource getRealmAdmin(@PathParam("realm") final String name) {
|
||||||
@PathParam("realm") final String name) {
|
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.getRealmByName(name);
|
RealmModel realm = realmManager.getRealmByName(name);
|
||||||
if (realm == null) throw new NotFoundException("Realm not found.");
|
if (realm == null) throw new NotFoundException("Realm not found.");
|
||||||
|
|
@ -183,10 +179,7 @@ public class RealmsAdminResource {
|
||||||
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
|
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
|
||||||
session.getContext().setRealm(realm);
|
session.getContext().setRealm(realm);
|
||||||
|
|
||||||
RealmAdminResource adminResource = new RealmAdminResource(session, realmAuth, adminEvent);
|
return new RealmAdminResource(session, realmAuth, adminEvent);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
|
|
||||||
//resourceContext.initResource(adminResource);
|
|
||||||
return adminResource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -87,8 +86,7 @@ public class RoleMapperResource {
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public RoleMapperResource(KeycloakSession session,
|
public RoleMapperResource(KeycloakSession session,
|
||||||
AdminPermissionEvaluator auth,
|
AdminPermissionEvaluator auth,
|
||||||
|
|
@ -104,6 +102,7 @@ public class RoleMapperResource {
|
||||||
this.roleMapper = roleMapper;
|
this.roleMapper = roleMapper;
|
||||||
this.managePermission = manageCheck;
|
this.managePermission = manageCheck;
|
||||||
this.viewPermission = viewCheck;
|
this.viewPermission = viewCheck;
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@ package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.authentication.RequiredActionProvider;
|
import org.keycloak.authentication.RequiredActionProvider;
|
||||||
import org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken;
|
import org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
|
@ -92,7 +91,6 @@ import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
@ -140,8 +138,7 @@ public class UserResource {
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public UserResource(KeycloakSession session, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
public UserResource(KeycloakSession session, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
|
@ -150,6 +147,7 @@ public class UserResource {
|
||||||
this.clientConnection = session.getContext().getConnection();
|
this.clientConnection = session.getContext().getConnection();
|
||||||
this.user = user;
|
this.user = user;
|
||||||
this.adminEvent = adminEvent.resource(ResourceType.USER);
|
this.adminEvent = adminEvent.resource(ResourceType.USER);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -581,10 +579,7 @@ public class UserResource {
|
||||||
public RoleMapperResource getRoleMappings() {
|
public RoleMapperResource getRoleMappings() {
|
||||||
AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.users().requireMapRoles(user);
|
AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.users().requireMapRoles(user);
|
||||||
AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.users().requireView(user);
|
AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.users().requireView(user);
|
||||||
RoleMapperResource resource = new RoleMapperResource(session, auth, user, adminEvent, manageCheck, viewCheck);
|
return new RoleMapperResource(session, auth, user, adminEvent, manageCheck, viewCheck);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
|
||||||
return resource;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,6 @@ package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.common.util.ObjectUtil;
|
import org.keycloak.common.util.ObjectUtil;
|
||||||
|
|
@ -31,7 +30,6 @@ import org.keycloak.models.ModelDuplicateException;
|
||||||
import org.keycloak.models.ModelException;
|
import org.keycloak.models.ModelException;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.policy.PasswordPolicyNotMetException;
|
import org.keycloak.policy.PasswordPolicyNotMetException;
|
||||||
|
|
@ -91,8 +89,7 @@ public class UsersResource {
|
||||||
|
|
||||||
protected final KeycloakSession session;
|
protected final KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public UsersResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
public UsersResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
|
@ -100,6 +97,7 @@ public class UsersResource {
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.realm = session.getContext().getRealm();
|
this.realm = session.getContext().getRealm();
|
||||||
this.adminEvent = adminEvent.resource(ResourceType.USER);
|
this.adminEvent = adminEvent.resource(ResourceType.USER);
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -226,10 +224,8 @@ public class UsersResource {
|
||||||
if (auth.users().canQuery()) throw new NotFoundException("User not found");
|
if (auth.users().canQuery()) throw new NotFoundException("User not found");
|
||||||
else throw new ForbiddenException();
|
else throw new ForbiddenException();
|
||||||
}
|
}
|
||||||
UserResource resource = new UserResource(session, user, auth, adminEvent);
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
return new UserResource(session, user, auth, adminEvent);
|
||||||
//resourceContext.initResource(users);
|
|
||||||
return resource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,6 @@ import twitter4j.conf.ConfigurationBuilder;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
|
@ -171,8 +170,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
|
||||||
|
|
||||||
protected final ClientConnection clientConnection;
|
protected final ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
protected final HttpHeaders headers;
|
||||||
protected HttpHeaders headers;
|
|
||||||
|
|
||||||
public Endpoint(KeycloakSession session, AuthenticationCallback callback, EventBuilder event, TwitterIdentityProvider provider) {
|
public Endpoint(KeycloakSession session, AuthenticationCallback callback, EventBuilder event, TwitterIdentityProvider provider) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
|
@ -181,6 +179,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
|
||||||
this.callback = callback;
|
this.callback = callback;
|
||||||
this.event = event;
|
this.event = event;
|
||||||
this.provider = provider;
|
this.provider = provider;
|
||||||
|
this.headers = session.getContext().getRequestHeaders();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
|
@ -69,8 +68,7 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
|
||||||
private final ConcurrentMap<String, ClientNotificationEndpointRequest> cibaClientNotifications;
|
private final ConcurrentMap<String, ClientNotificationEndpointRequest> cibaClientNotifications;
|
||||||
private final ConcurrentMap<String, String> intentClientBindings;
|
private final ConcurrentMap<String, String> intentClientBindings;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
HttpRequest request;
|
|
||||||
|
|
||||||
public TestApplicationResourceProvider(KeycloakSession session, BlockingQueue<LogoutAction> adminLogoutActions,
|
public TestApplicationResourceProvider(KeycloakSession session, BlockingQueue<LogoutAction> adminLogoutActions,
|
||||||
BlockingQueue<LogoutToken> backChannelLogoutTokens,
|
BlockingQueue<LogoutToken> backChannelLogoutTokens,
|
||||||
|
|
@ -91,6 +89,7 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
|
||||||
this.authenticationChannelRequests = authenticationChannelRequests;
|
this.authenticationChannelRequests = authenticationChannelRequests;
|
||||||
this.cibaClientNotifications = cibaClientNotifications;
|
this.cibaClientNotifications = cibaClientNotifications;
|
||||||
this.intentClientBindings = intentClientBindings;
|
this.intentClientBindings = intentClientBindings;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|
|
||||||
|
|
@ -17,9 +17,7 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.rest;
|
package org.keycloak.testsuite.rest;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.Config.Scope;
|
import org.keycloak.Config.Scope;
|
||||||
import org.keycloak.crypto.Algorithm;
|
|
||||||
import org.keycloak.crypto.KeyType;
|
import org.keycloak.crypto.KeyType;
|
||||||
import org.keycloak.crypto.KeyUse;
|
import org.keycloak.crypto.KeyUse;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
|
@ -59,12 +57,8 @@ public class TestApplicationResourceProviderFactory implements RealmResourceProv
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RealmResourceProvider create(KeycloakSession session) {
|
public RealmResourceProvider create(KeycloakSession session) {
|
||||||
TestApplicationResourceProvider provider = new TestApplicationResourceProvider(session, adminLogoutActions,
|
return new TestApplicationResourceProvider(session, adminLogoutActions,
|
||||||
backChannelLogoutTokens, frontChannelLogoutTokens, pushNotBeforeActions, testAvailabilityActions, oidcClientData, authenticationChannelRequests, cibaClientNotifications, intentClientBindings);
|
backChannelLogoutTokens, frontChannelLogoutTokens, pushNotBeforeActions, testAvailabilityActions, oidcClientData, authenticationChannelRequests, cibaClientNotifications, intentClientBindings);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(provider);
|
|
||||||
|
|
||||||
return provider;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ package org.keycloak.testsuite.rest;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authorization.policy.evaluation.Realm;
|
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.common.util.HtmlUtils;
|
import org.keycloak.common.util.HtmlUtils;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
|
@ -96,7 +95,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
|
||||||
import javax.ws.rs.core.Cookie;
|
import javax.ws.rs.core.Cookie;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
|
|
@ -126,8 +124,7 @@ public class TestingResourceProvider implements RealmResourceProvider {
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
private final Map<String, TimerProvider.TimerTaskContext> suspendedTimerTasks;
|
private final Map<String, TimerProvider.TimerTaskContext> suspendedTimerTasks;
|
||||||
|
|
||||||
@Context
|
private final HttpRequest request;
|
||||||
private HttpRequest request;
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Object getResource() {
|
public Object getResource() {
|
||||||
|
|
@ -137,6 +134,7 @@ public class TestingResourceProvider implements RealmResourceProvider {
|
||||||
public TestingResourceProvider(KeycloakSession session, Map<String, TimerProvider.TimerTaskContext> suspendedTimerTasks) {
|
public TestingResourceProvider(KeycloakSession session, Map<String, TimerProvider.TimerTaskContext> suspendedTimerTasks) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.suspendedTimerTasks = suspendedTimerTasks;
|
this.suspendedTimerTasks = suspendedTimerTasks;
|
||||||
|
this.request = session.getContext().getContextObject(HttpRequest.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ package org.keycloak.testsuite.rest;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.keycloak.Config.Scope;
|
import org.keycloak.Config.Scope;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
|
@ -37,9 +36,7 @@ public class TestingResourceProviderFactory implements RealmResourceProviderFact
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RealmResourceProvider create(KeycloakSession session) {
|
public RealmResourceProvider create(KeycloakSession session) {
|
||||||
TestingResourceProvider testProvider = new TestingResourceProvider(session, suspendedTimerTasks);
|
return new TestingResourceProvider(session, suspendedTimerTasks);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(testProvider);
|
|
||||||
return testProvider;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue