logout
This commit is contained in:
parent
4cbc423d67
commit
73ed22c52c
3 changed files with 40 additions and 7 deletions
|
@ -54,6 +54,7 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
|
protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
|
||||||
|
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
|
||||||
Set<String> roles = getRolesFromToken(securityContext);
|
Set<String> roles = getRolesFromToken(securityContext);
|
||||||
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
|
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
|
||||||
Session session = request.getSessionInternal(true);
|
Session session = request.getSessionInternal(true);
|
||||||
|
|
|
@ -60,6 +60,17 @@ public class CatalinaSecurityContextHelper {
|
||||||
subjectGroup.addMember(role);
|
subjectGroup.addMember(role);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// add the CallerPrincipal group if none has been added in getRoleSets
|
||||||
|
// Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
|
||||||
|
// callerGroup.addMember(identity);
|
||||||
|
// principals.add(callerGroup);
|
||||||
|
// SecurityContext sc = SecurityContextAssociation.getSecurityContext();
|
||||||
|
// Principal userPrincipal = getPrincipal(subject);
|
||||||
|
// sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
|
||||||
|
// List<String> rolesAsStringList = new ArrayList<String>();
|
||||||
|
// rolesAsStringList.addAll(roleSet);
|
||||||
|
//
|
||||||
Principal userPrincipal = getPrincipal(subject);
|
Principal userPrincipal = getPrincipal(subject);
|
||||||
List<String> rolesAsStringList = new ArrayList<String>();
|
List<String> rolesAsStringList = new ArrayList<String>();
|
||||||
rolesAsStringList.addAll(roleSet);
|
rolesAsStringList.addAll(roleSet);
|
||||||
|
|
|
@ -16,6 +16,7 @@ import org.apache.catalina.Lifecycle;
|
||||||
import org.apache.catalina.LifecycleEvent;
|
import org.apache.catalina.LifecycleEvent;
|
||||||
import org.apache.catalina.LifecycleException;
|
import org.apache.catalina.LifecycleException;
|
||||||
import org.apache.catalina.LifecycleListener;
|
import org.apache.catalina.LifecycleListener;
|
||||||
|
import org.apache.catalina.Session;
|
||||||
import org.apache.catalina.authenticator.FormAuthenticator;
|
import org.apache.catalina.authenticator.FormAuthenticator;
|
||||||
import org.apache.catalina.connector.Request;
|
import org.apache.catalina.connector.Request;
|
||||||
import org.apache.catalina.connector.Response;
|
import org.apache.catalina.connector.Response;
|
||||||
|
@ -31,13 +32,13 @@ import org.keycloak.adapters.KeycloakDeployment;
|
||||||
import org.keycloak.adapters.KeycloakDeploymentBuilder;
|
import org.keycloak.adapters.KeycloakDeploymentBuilder;
|
||||||
import org.keycloak.adapters.PreAuthActionsHandler;
|
import org.keycloak.adapters.PreAuthActionsHandler;
|
||||||
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
|
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
|
||||||
|
import org.keycloak.adapters.ServerRequest;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Web deployment whose security is managed by a remote OAuth Skeleton Key
|
* Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server
|
||||||
* authentication server
|
|
||||||
* <p/>
|
* <p/>
|
||||||
* Redirects browser to remote authentication server if not logged in. Also
|
* Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests
|
||||||
* allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.
|
* that contain a Skeleton Key bearer tokens.
|
||||||
*
|
*
|
||||||
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
|
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
|
@ -53,9 +54,29 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
|
||||||
try {
|
try {
|
||||||
startDeployment();
|
startDeployment();
|
||||||
} catch (LifecycleException e) {
|
} catch (LifecycleException e) {
|
||||||
e.printStackTrace();
|
log.severe("Error starting deployment. " + e.getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (event.getType() == Lifecycle.AFTER_START_EVENT) initInternal();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void logout(Request request) throws ServletException {
|
||||||
|
KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
|
||||||
|
if (ksc != null) {
|
||||||
|
request.removeAttribute(KeycloakSecurityContext.class.getName());
|
||||||
|
Session session = request.getSessionInternal(false);
|
||||||
|
if (session != null) {
|
||||||
|
session.removeNote(KeycloakSecurityContext.class.getName());
|
||||||
|
try {
|
||||||
|
ServerRequest.invokeLogout(deploymentContext.getDeployment(), ksc.getToken().getSessionState());
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.severe("failed to invoke remote logout. " + e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
super.logout(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void startDeployment() throws LifecycleException {
|
public void startDeployment() throws LifecycleException {
|
||||||
|
@ -152,7 +173,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
|
||||||
* @param request
|
* @param request
|
||||||
*/
|
*/
|
||||||
protected void checkKeycloakSession(Request request, HttpFacade facade) {
|
protected void checkKeycloakSession(Request request, HttpFacade facade) {
|
||||||
if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
|
if (request.getSessionInternal(false) == null || request.getPrincipal() == null) return;
|
||||||
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
|
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
|
||||||
if (session == null) return;
|
if (session == null) return;
|
||||||
// just in case session got serialized
|
// just in case session got serialized
|
||||||
|
|
Loading…
Reference in a new issue