Merge pull request #5088 from pedroigor/KEYCLOAK-6878
[KEYCLOAK-6878] - Always refresh token option not working for invalid tokens
This commit is contained in:
commit
593f57fd2c
1 changed files with 16 additions and 20 deletions
|
@ -16,6 +16,15 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.adapters.springsecurity.filter;
|
package org.keycloak.adapters.springsecurity.filter;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import javax.servlet.FilterChain;
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.ServletRequest;
|
||||||
|
import javax.servlet.ServletResponse;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.keycloak.KeycloakPrincipal;
|
import org.keycloak.KeycloakPrincipal;
|
||||||
import org.keycloak.KeycloakSecurityContext;
|
import org.keycloak.KeycloakSecurityContext;
|
||||||
import org.keycloak.adapters.AdapterDeploymentContext;
|
import org.keycloak.adapters.AdapterDeploymentContext;
|
||||||
|
@ -29,14 +38,6 @@ import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.web.filter.GenericFilterBean;
|
import org.springframework.web.filter.GenericFilterBean;
|
||||||
|
|
||||||
import javax.servlet.FilterChain;
|
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import javax.servlet.ServletRequest;
|
|
||||||
import javax.servlet.ServletResponse;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||||
*/
|
*/
|
||||||
|
@ -60,19 +61,14 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl
|
||||||
|
|
||||||
if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
|
if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
|
||||||
RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext;
|
RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext;
|
||||||
|
KeycloakDeployment deployment = resolveDeployment(request, response);
|
||||||
|
|
||||||
if (refreshableSecurityContext.isActive()) {
|
if (deployment.isAlwaysRefreshToken()) {
|
||||||
KeycloakDeployment deployment = resolveDeployment(request, response);
|
if (refreshableSecurityContext.refreshExpiredToken(false)) {
|
||||||
|
request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext);
|
||||||
if (deployment.isAlwaysRefreshToken()) {
|
} else {
|
||||||
if (refreshableSecurityContext.refreshExpiredToken(false)) {
|
clearAuthenticationContext();
|
||||||
request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext);
|
|
||||||
} else {
|
|
||||||
clearAuthenticationContext();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
clearAuthenticationContext();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -80,7 +76,7 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void initFilterBean() throws ServletException {
|
protected void initFilterBean() {
|
||||||
deploymentContext = applicationContext.getBean(AdapterDeploymentContext.class);
|
deploymentContext = applicationContext.getBean(AdapterDeploymentContext.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue