libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #3468 from sebastienblanc/KEYCLOAK-3514

Browse source 
KEYCLOAK-3514 : fix servlet logout on bearer-only client
This commit is contained in:
Stian Thorgersen 2016-11-08 07:35:44 +01:00 committed by GitHub
commit 5b54375490
4 changed files with 35 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
View file

@ -92,7 +92,7 @@ public abstract class AbstractUndertowKeycloakAuthMech implements Authentication
UndertowHttpFacade facade = createFacade(exchange);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
if (ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
}
AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);

10
testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerDatabaseServlet.java
View file

@ -40,7 +40,13 @@ public class CustomerDatabaseServlet extends HttpServlet {
pw.println("Bill Burke");
pw.print("</body></html>");
pw.flush();
}
@Override
protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.logout();
PrintWriter pw = resp.getWriter();
pw.println("servlet logout from database ok");
pw.flush();
}
}

24
testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java
View file

@ -43,16 +43,38 @@ public class CustomerServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
PrintWriter pw = resp.getWriter();
KeycloakSecurityContext context = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
if (req.getRequestURI().endsWith("logout")) {
resp.setStatus(200);
pw.println("servlet logout ok");
//Clear principal form database-service by calling logout
StringBuilder result = new StringBuilder();
String urlBase;
if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
urlBase = System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
} else {
urlBase = System.getProperty("app.server.base.url", "http://localhost:8280");
}
URL url = new URL(urlBase + "/customer-db/");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("DELETE");
conn.setRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + context.getTokenString());
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
while ((line = rd.readLine()) != null) {
result.append(line);
}
rd.close();
pw.println(result.toString());
// Call logout before pw.flush
req.logout();
pw.flush();
return;
}
KeycloakSecurityContext context = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
//try {
StringBuilder result = new StringBuilder();

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
View file

@ -387,7 +387,9 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
// test logout
driver.navigate().to(customerPortal + "/logout");
assertTrue(driver.getPageSource().contains("servlet logout ok"));
pageSource = driver.getPageSource();
assertTrue(pageSource.contains("servlet logout ok"));
assertTrue(pageSource.contains("servlet logout from database ok"));
customerPortal.navigateTo();
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);