Merge pull request #5088 from pedroigor/KEYCLOAK-6878

[KEYCLOAK-6878] - Always refresh token option not working for invalid tokens
This commit is contained in:
Pedro Igor 2018-03-26 09:38:05 -03:00 committed by GitHub
commit 593f57fd2c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,6 +16,15 @@
*/ */
package org.keycloak.adapters.springsecurity.filter; package org.keycloak.adapters.springsecurity.filter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterDeploymentContext;
@ -29,14 +38,6 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean; import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/ */
@ -60,19 +61,14 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl
if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) { if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext; RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext;
KeycloakDeployment deployment = resolveDeployment(request, response);
if (refreshableSecurityContext.isActive()) { if (deployment.isAlwaysRefreshToken()) {
KeycloakDeployment deployment = resolveDeployment(request, response); if (refreshableSecurityContext.refreshExpiredToken(false)) {
request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext);
if (deployment.isAlwaysRefreshToken()) { } else {
if (refreshableSecurityContext.refreshExpiredToken(false)) { clearAuthenticationContext();
request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext);
} else {
clearAuthenticationContext();
}
} }
} else {
clearAuthenticationContext();
} }
} }
@ -80,7 +76,7 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl
} }
@Override @Override
protected void initFilterBean() throws ServletException { protected void initFilterBean() {
deploymentContext = applicationContext.getBean(AdapterDeploymentContext.class); deploymentContext = applicationContext.getBean(AdapterDeploymentContext.class);
} }