From 3559c5dc3ccb3bab1ae35e2a076c083592a829b3 Mon Sep 17 00:00:00 2001 From: pedroigor Date: Wed, 21 Mar 2018 10:01:02 -0300 Subject: [PATCH] [KEYCLOAK-6878] - Always refresh token option not working for invalid tokens --- .../KeycloakSecurityContextRequestFilter.java | 36 +++++++++---------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakSecurityContextRequestFilter.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakSecurityContextRequestFilter.java index 50db7de2b1..3821103fe1 100644 --- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakSecurityContextRequestFilter.java +++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakSecurityContextRequestFilter.java @@ -16,6 +16,15 @@ */ package org.keycloak.adapters.springsecurity.filter; +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.AdapterDeploymentContext; @@ -29,14 +38,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.filter.GenericFilterBean; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - /** * @author Pedro Igor */ @@ -60,19 +61,14 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) { RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext; + KeycloakDeployment deployment = resolveDeployment(request, response); - if (refreshableSecurityContext.isActive()) { - KeycloakDeployment deployment = resolveDeployment(request, response); - - if (deployment.isAlwaysRefreshToken()) { - if (refreshableSecurityContext.refreshExpiredToken(false)) { - request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext); - } else { - clearAuthenticationContext(); - } + if (deployment.isAlwaysRefreshToken()) { + if (refreshableSecurityContext.refreshExpiredToken(false)) { + request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext); + } else { + clearAuthenticationContext(); } - } else { - clearAuthenticationContext(); } } @@ -80,7 +76,7 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl } @Override - protected void initFilterBean() throws ServletException { + protected void initFilterBean() { deploymentContext = applicationContext.getBean(AdapterDeploymentContext.class); }