Merge pull request #4454 from sebastienblanc/KEYCLOAK-3473

KEYCLOAK-3473 : add new flag to determine if error response must be sent or not
2017-09-11 18:52:07 -04:00 · 2017-09-11 18:52:07 -04:00 · 2cadf0a260
commit 2cadf0a260
parent 9c48da2a78 aaac85e541
3 changed files with 20 additions and 3 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
@ -164,7 +164,12 @@ public class BearerTokenRequestAuthenticator {
                OIDCAuthenticationError error = new OIDCAuthenticationError(reason, description);
                facade.getRequest().setError(error);
                facade.getResponse().addHeader("WWW-Authenticate", challenge);
-                facade.getResponse().sendError(401);
+                if(deployment.isDelegateBearerErrorResponseSending()){
+                    facade.getResponse().setStatus(401);
+                }
+                else {
+                    facade.getResponse().sendError(401);
+                }
                return true;
            }
        };
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@ -94,6 +94,8 @@ public class KeycloakDeployment {
    
    protected Map<String, String> redirectRewriteRules;

+    protected boolean delegateBearerErrorResponseSending = false;
+
    public KeycloakDeployment() {
    }

@ -456,6 +458,12 @@ public class KeycloakDeployment {
    public void setRewriteRedirectRules(Map<String, String> redirectRewriteRules) {
        this.redirectRewriteRules = redirectRewriteRules;
    }
-    
-    
+
+    public boolean isDelegateBearerErrorResponseSending() {
+        return delegateBearerErrorResponseSending;
+    }
+
+    public void setDelegateBearerErrorResponseSending(boolean delegateBearerErrorResponseSending) {
+        this.delegateBearerErrorResponseSending = delegateBearerErrorResponseSending;
+    }
 }
--- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
+++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
@ -134,6 +134,10 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati

        HttpFacade facade = new SimpleHttpFacade(request, response);
        KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
+
+        // using Spring authenticationFailureHandler
+        deployment.setDelegateBearerErrorResponseSending(true);
+
        AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request);
        RequestAuthenticator authenticator
                = new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, -1);