From d98c37549559d7c65a3d26526d749b92676e54c7 Mon Sep 17 00:00:00 2001 From: sebastien blanc Date: Wed, 2 Nov 2016 11:39:37 +0100 Subject: [PATCH 1/2] KEYCLOAK-3514 : Don't call logout for bearer-only client --- .../adapters/undertow/AbstractUndertowKeycloakAuthMech.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java index e65d9226f0..2398c95c83 100755 --- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java +++ b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java @@ -92,7 +92,7 @@ public abstract class AbstractUndertowKeycloakAuthMech implements Authentication UndertowHttpFacade facade = createFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); - if (ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { + if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); From ee8c986e8e2b825ad0abc864bbd57da1a547990e Mon Sep 17 00:00:00 2001 From: sebastien blanc Date: Thu, 3 Nov 2016 14:24:32 +0100 Subject: [PATCH 2/2] add integration test --- .../servlet/CustomerDatabaseServlet.java | 10 ++++++-- .../adapter/servlet/CustomerServlet.java | 24 ++++++++++++++++++- .../AbstractDemoServletsAdapterTest.java | 4 +++- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerDatabaseServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerDatabaseServlet.java index 7392dd0950..d6d038a318 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerDatabaseServlet.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerDatabaseServlet.java @@ -40,7 +40,13 @@ public class CustomerDatabaseServlet extends HttpServlet { pw.println("Bill Burke"); pw.print(""); pw.flush(); - - + } + + @Override + protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + req.logout(); + PrintWriter pw = resp.getWriter(); + pw.println("servlet logout from database ok"); + pw.flush(); } } diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java index e174d7e007..b4fd9a50f9 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java @@ -43,16 +43,38 @@ public class CustomerServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { PrintWriter pw = resp.getWriter(); + KeycloakSecurityContext context = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName()); if (req.getRequestURI().endsWith("logout")) { resp.setStatus(200); pw.println("servlet logout ok"); + + //Clear principal form database-service by calling logout + StringBuilder result = new StringBuilder(); + String urlBase; + if (System.getProperty("app.server.ssl.required", "false").equals("true")) { + urlBase = System.getProperty("app.server.ssl.base.url", "https://localhost:8643"); + } else { + urlBase = System.getProperty("app.server.base.url", "http://localhost:8280"); + } + + URL url = new URL(urlBase + "/customer-db/"); + HttpURLConnection conn = (HttpURLConnection) url.openConnection(); + conn.setRequestMethod("DELETE"); + conn.setRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + context.getTokenString()); + BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); + String line; + while ((line = rd.readLine()) != null) { + result.append(line); + } + rd.close(); + pw.println(result.toString()); // Call logout before pw.flush req.logout(); pw.flush(); return; } - KeycloakSecurityContext context = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName()); + //try { StringBuilder result = new StringBuilder(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java index e742b91cb3..6ddb57af95 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java @@ -387,7 +387,9 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd // test logout driver.navigate().to(customerPortal + "/logout"); - assertTrue(driver.getPageSource().contains("servlet logout ok")); + pageSource = driver.getPageSource(); + assertTrue(pageSource.contains("servlet logout ok")); + assertTrue(pageSource.contains("servlet logout from database ok")); customerPortal.navigateTo(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);