libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-10266 Allows proper handling of Single Sign Out events.

Browse source 
It was incorrectly relying on web application listeners on session
destruction.
While it's used as a Spring Bean (declared in
KeycloakWebSecurityConfigurerAdapter) so it has to use Spring-based
facility.
See also https://lists.jboss.org/pipermail/keycloak-user/2016-March/005479.html
This commit is contained in:
Leonid Rozenblyum 2019-10-10 19:10:12 +03:00 committed by Stian Thorgersen
parent 4c8cb05b7a
commit 61561968ed
1 changed files with 22 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/management/HttpSessionManager.java
View file

@ -17,15 +17,17 @@
package org.keycloak.adapters.springsecurity.management; package org.keycloak.adapters.springsecurity.management;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.keycloak.adapters.spi.UserSessionManagement; import org.keycloak.adapters.spi.UserSessionManagement;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component; import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import javax.servlet.http.HttpSession; import org.springframework.security.web.session.HttpSessionCreatedEvent;
import javax.servlet.http.HttpSessionEvent; import org.springframework.security.web.session.HttpSessionDestroyedEvent;
import javax.servlet.http.HttpSessionListener;
import java.util.List;
/** /**
* User session manager for handling logout of Spring Secured sessions. * User session manager for handling logout of Spring Secured sessions.
@ -33,22 +35,24 @@ import java.util.List;
* @author <a href="mailto:srossillo@smartling.com">Scott Rossillo</a> * @author <a href="mailto:srossillo@smartling.com">Scott Rossillo</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
@Component public class HttpSessionManager implements ApplicationListener<ApplicationEvent>, UserSessionManagement {
public class HttpSessionManager implements HttpSessionListener, UserSessionManagement {
private static final Logger log = LoggerFactory.getLogger(HttpSessionManager.class); private static final Logger log = LoggerFactory.getLogger(HttpSessionManager.class);
private SessionManagementStrategy sessions = new LocalSessionManagementStrategy(); private SessionManagementStrategy sessions = new LocalSessionManagementStrategy();
@Override @Override
public void sessionCreated(HttpSessionEvent event) { public void onApplicationEvent(ApplicationEvent event) {
log.debug("Session created: {}", event.getSession().getId()); if (event instanceof HttpSessionCreatedEvent) {
HttpSession session = event.getSession(); HttpSessionCreatedEvent e = (HttpSessionCreatedEvent) event;
HttpSession session = e.getSession();
log.debug("Session created: {}", session.getId());
sessions.store(session); sessions.store(session);
} else if (event instanceof HttpSessionDestroyedEvent) {
HttpSessionDestroyedEvent e = (HttpSessionDestroyedEvent) event;
HttpSession session = e.getSession();
sessions.remove(session.getId());
log.debug("Session destroyed: {}", session.getId());
} }
@Override
public void sessionDestroyed(HttpSessionEvent event) {
sessions.remove(event.getSession().getId());
} }
@Override @Override
@ -70,4 +74,5 @@ public class HttpSessionManager implements HttpSessionListener, UserSessionManag
} }
} }
} }
} }