KEYCLOAK-682 Only send logout admin action to clients associated with user session
This commit is contained in:
Stian Thorgersen
parent
e96d6f0dfd
commit
5d141d4d8a
2 changed files with 13 additions and 4 deletions
|
|
@ -73,7 +73,7 @@ public class AuthenticationManager {
|
||||||
expireIdentityCookie(realm, uriInfo, connection);
|
expireIdentityCookie(realm, uriInfo, connection);
|
||||||
expireRememberMeCookie(realm, uriInfo, connection);
|
expireRememberMeCookie(realm, uriInfo, connection);
|
||||||
|
|
||||||
new ResourceAdminManager().logoutUser(uriInfo.getRequestUri(), realm, user.getId(), userSession.getId());
|
new ResourceAdminManager().logoutUser(uriInfo.getRequestUri(), realm, user.getId(), userSession);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,9 +8,12 @@ import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
|
||||||
import org.keycloak.TokenIdGenerator;
|
import org.keycloak.TokenIdGenerator;
|
||||||
import org.keycloak.adapters.AdapterConstants;
|
import org.keycloak.adapters.AdapterConstants;
|
||||||
import org.keycloak.models.ApplicationModel;
|
import org.keycloak.models.ApplicationModel;
|
||||||
|
import org.keycloak.models.ClientModel;
|
||||||
|
import org.keycloak.models.ClientSessionModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.representations.adapters.action.LogoutAction;
|
import org.keycloak.representations.adapters.action.LogoutAction;
|
||||||
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||||
import org.keycloak.representations.adapters.action.SessionStats;
|
import org.keycloak.representations.adapters.action.SessionStats;
|
||||||
|
|
@ -98,6 +101,9 @@ public class ResourceAdminManager {
|
||||||
|
|
||||||
protected String getManagementUrl(URI requestUri, ApplicationModel application) {
|
protected String getManagementUrl(URI requestUri, ApplicationModel application) {
|
||||||
String mgmtUrl = application.getManagementUrl();
|
String mgmtUrl = application.getManagementUrl();
|
||||||
|
if (mgmtUrl == null || mgmtUrl.equals("")) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
// this is to support relative admin urls when keycloak and applications are deployed on the same machine
|
// this is to support relative admin urls when keycloak and applications are deployed on the same machine
|
||||||
return ResolveRelative.resolveRelativeUri(requestUri, mgmtUrl);
|
return ResolveRelative.resolveRelativeUri(requestUri, mgmtUrl);
|
||||||
|
|
@ -147,15 +153,18 @@ public class ResourceAdminManager {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void logoutUser(URI requestUri, RealmModel realm, String user, String session) {
|
public void logoutUser(URI requestUri, RealmModel realm, String user, UserSessionModel session) {
|
||||||
ApacheHttpClient4Executor executor = createExecutor();
|
ApacheHttpClient4Executor executor = createExecutor();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// don't set user notBefore as we don't want a database hit on a user driven logout
|
// don't set user notBefore as we don't want a database hit on a user driven logout
|
||||||
List<ApplicationModel> resources = realm.getApplications();
|
List<ApplicationModel> resources = realm.getApplications();
|
||||||
logger.debugv("logging out {0} resources ", resources.size());
|
logger.debugv("logging out {0} resources ", resources.size());
|
||||||
for (ApplicationModel resource : resources) {
|
for (ClientSessionModel clientSession : session.getClientSessions()) {
|
||||||
logoutApplication(requestUri, realm, resource, user, session, executor, 0);
|
ClientModel client = clientSession.getClient();
|
||||||
|
if (client instanceof ApplicationModel) {
|
||||||
|
logoutApplication(requestUri, realm, (ApplicationModel) client, user, session.getId(), executor, 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} finally {
|
} finally {
|
||||||
executor.getHttpClient().getConnectionManager().shutdown();
|
executor.getHttpClient().getConnectionManager().shutdown();
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue