libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #634 from patriot1burke/master

Browse source 
buncho fixes
This commit is contained in:
Bill Burke 2014-08-18 18:55:18 -04:00
commit 89d47a392b
8 changed files with 533 additions and 215 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-menu.html
View file

@ -9,7 +9,7 @@
</li> </li>
<li data-ng-show="access.viewUsers" data-ng-class="(path[2] == 'users' || path[1] == 'user') && 'active'"><a href="#/realms/{{realm.realm}}/users">Users</a> <li data-ng-show="access.viewUsers" data-ng-class="(path[2] == 'users' || path[1] == 'user') && 'active'"><a href="#/realms/{{realm.realm}}/users">Users</a>
</li> </li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'roles' || (path[1] == 'role' & path[3] != 'applications') && 'active'"><a href="#/realms/{{realm.realm}}/roles">Roles</a> <li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'roles' || (path[1] == 'role' && path[3] != 'applications')) && 'active'"><a href="#/realms/{{realm.realm}}/roles">Roles</a>
</li> </li>
<li data-ng-show="access.viewApplications" data-ng-class="(path[2] == 'applications' || path[1] == 'application' || path[3] == 'applications') && 'active'"><a href="#/realms/{{realm.realm}}/applications">Applications</a></li> <li data-ng-show="access.viewApplications" data-ng-class="(path[2] == 'applications' || path[1] == 'application' || path[3] == 'applications') && 'active'"><a href="#/realms/{{realm.realm}}/applications">Applications</a></li>
<li data-ng-show="access.viewClients" data-ng-class="(path[2] == 'oauth-clients' || path[1] == 'oauth-client') && 'active'"><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li> <li data-ng-show="access.viewClients" data-ng-class="(path[2] == 'oauth-clients' || path[1] == 'oauth-client') && 'active'"><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>

2
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -173,7 +173,7 @@ public class AuthenticationManager {
public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers, boolean checkActive) { public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers, boolean checkActive) {
logger.info("authenticateIdentityCookie"); logger.info("authenticateIdentityCookie");
Cookie cookie = headers.getCookies().get(KEYCLOAK_IDENTITY_COOKIE); Cookie cookie = headers.getCookies().get(KEYCLOAK_IDENTITY_COOKIE);
if (cookie == null) { if (cookie == null || "".equals(cookie.getValue())) {
logger.infov("authenticateCookie could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE); logger.infov("authenticateCookie could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE);
return null; return null;
} }

2
services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java
View file

@ -156,7 +156,7 @@ public class UserFederationResource {
@GET @GET
@NoCache @NoCache
@Path("instances/{id}") @Path("instances/{id}")
@Consumes("application/json") @Produces("application/json")
public UserFederationProviderRepresentation getProviderInstance(@PathParam("id") String id) { public UserFederationProviderRepresentation getProviderInstance(@PathParam("id") String id) {
logger.info("getProvider"); logger.info("getProvider");
auth.requireView(); auth.requireView();

402
services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
View file

@ -1,199 +1,203 @@
/* /*
* JBoss, Home of Professional Open Source. * JBoss, Home of Professional Open Source.
* Copyright 2012, Red Hat, Inc., and individual contributors * Copyright 2012, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the * as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors. * distribution for a full listing of individual contributors.
* *
* This is free software; you can redistribute it and/or modify it * This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as * under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of * published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
* *
* This software is distributed in the hope that it will be useful, * This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free * License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/ */
package org.keycloak.services.resources.flows; package org.keycloak.services.resources.flows;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl; import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection; import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.audit.Audit; import org.keycloak.audit.Audit;
import org.keycloak.audit.Details; import org.keycloak.audit.Details;
import org.keycloak.audit.EventType; import org.keycloak.audit.EventType;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel; import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction; import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.models.UserSessionModel; import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AccessCode; import org.keycloak.services.managers.AccessCode;
import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.TokenManager; import org.keycloak.services.managers.TokenManager;
import javax.ws.rs.core.Cookie; import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.UriInfo;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/ */
public class OAuthFlows { public class OAuthFlows {
private static final Logger log = Logger.getLogger(OAuthFlows.class); private static final Logger log = Logger.getLogger(OAuthFlows.class);
private final KeycloakSession session; private final KeycloakSession session;
private final RealmModel realm; private final RealmModel realm;
private final HttpRequest request; private final HttpRequest request;
private final UriInfo uriInfo; private final UriInfo uriInfo;
private ClientConnection clientConnection; private ClientConnection clientConnection;
private final AuthenticationManager authManager; private final AuthenticationManager authManager;
private final TokenManager tokenManager; private final TokenManager tokenManager;
OAuthFlows(KeycloakSession session, RealmModel realm, HttpRequest request, UriInfo uriInfo, ClientConnection clientConnection, AuthenticationManager authManager, OAuthFlows(KeycloakSession session, RealmModel realm, HttpRequest request, UriInfo uriInfo, ClientConnection clientConnection, AuthenticationManager authManager,
TokenManager tokenManager) { TokenManager tokenManager) {
this.session = session; this.session = session;
this.realm = realm; this.realm = realm;
this.request = request; this.request = request;
this.uriInfo = uriInfo; this.uriInfo = uriInfo;
this.clientConnection = clientConnection; this.clientConnection = clientConnection;
this.authManager = authManager; this.authManager = authManager;
this.tokenManager = tokenManager; this.tokenManager = tokenManager;
} }
public Response redirectAccessCode(AccessCode accessCode, UserSessionModel userSession, String state, String redirect) { public Response redirectAccessCode(AccessCode accessCode, UserSessionModel userSession, String state, String redirect) {
String code = accessCode.getCode(); String code = accessCode.getCode();
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, code); UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, code);
log.debugv("redirectAccessCode: state: {0}", state); log.debugv("redirectAccessCode: state: {0}", state);
if (state != null) if (state != null)
redirectUri.queryParam(OAuth2Constants.STATE, state); redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build()); Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME); Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
Cookie sessionCookie = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_SESSION_COOKIE); Cookie sessionCookie = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_SESSION_COOKIE);
if (sessionCookie != null) { if (sessionCookie != null) {
String oldSessionId = sessionCookie.getValue().split("/")[2];
if (!oldSessionId.equals(userSession.getId())) { String[] split = sessionCookie.getValue().split("/");
UserSessionModel oldSession = session.sessions().getUserSession(realm, oldSessionId); if (split.length >= 3) {
if (oldSession != null) { String oldSessionId = split[2];
log.debugv("Removing old user session: session: {0}", oldSessionId); if (!oldSessionId.equals(userSession.getId())) {
session.sessions().removeUserSession(realm, oldSession); UserSessionModel oldSession = session.sessions().getUserSession(realm, oldSessionId);
} if (oldSession != null) {
} log.debugv("Removing old user session: session: {0}", oldSessionId);
} session.sessions().removeUserSession(realm, oldSession);
}
// refresh the cookies! }
authManager.createLoginCookie(realm, accessCode.getUser(), userSession, uriInfo, clientConnection); }
if (userSession.isRememberMe()) authManager.createRememberMeCookie(realm, uriInfo, clientConnection); }
return location.build();
} // refresh the cookies!
authManager.createLoginCookie(realm, accessCode.getUser(), userSession, uriInfo, clientConnection);
public Response redirectError(ClientModel client, String error, String state, String redirect) { if (userSession.isRememberMe()) authManager.createRememberMeCookie(realm, uriInfo, clientConnection);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, error); return location.build();
if (state != null) { }
redirectUri.queryParam(OAuth2Constants.STATE, state);
} public Response redirectError(ClientModel client, String error, String state, String redirect) {
return Response.status(302).location(redirectUri.build()).build(); UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, error);
} if (state != null) {
redirectUri.queryParam(OAuth2Constants.STATE, state);
public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, UserSessionModel session, Audit audit) { }
isTotpConfigurationRequired(user); return Response.status(302).location(redirectUri.build()).build();
isEmailVerificationRequired(user); }
boolean isResource = client instanceof ApplicationModel; public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, UserSessionModel session, Audit audit) {
AccessCode accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, this.session, realm, client, user, session); isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
log.debugv("processAccessCode: isResource: {0}", isResource);
log.debugv("processAccessCode: go to oauth page?: {0}", boolean isResource = client instanceof ApplicationModel;
!isResource); AccessCode accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, this.session, realm, client, user, session);
audit.detail(Details.CODE_ID, accessCode.getCodeId()); log.debugv("processAccessCode: isResource: {0}", isResource);
log.debugv("processAccessCode: go to oauth page?: {0}",
Set<RequiredAction> requiredActions = user.getRequiredActions(); !isResource);
if (!requiredActions.isEmpty()) {
RequiredAction action = user.getRequiredActions().iterator().next(); audit.detail(Details.CODE_ID, accessCode.getCodeId());
accessCode.setRequiredAction(action);
Set<RequiredAction> requiredActions = user.getRequiredActions();
if (action.equals(RequiredAction.VERIFY_EMAIL)) { if (!requiredActions.isEmpty()) {
audit.clone().event(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, accessCode.getUser().getEmail()).success(); RequiredAction action = user.getRequiredActions().iterator().next();
} accessCode.setRequiredAction(action);
return Flows.forms(this.session, realm, client, uriInfo).setAccessCode(accessCode.getCode()).setUser(user) if (action.equals(RequiredAction.VERIFY_EMAIL)) {
.createResponse(action); audit.clone().event(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, accessCode.getUser().getEmail()).success();
} }
if (!isResource) { return Flows.forms(this.session, realm, client, uriInfo).setAccessCode(accessCode.getCode()).setUser(user)
accessCode.setAction(ClientSessionModel.Action.OAUTH_GRANT); .createResponse(action);
}
List<RoleModel> realmRoles = new LinkedList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRoles = new MultivaluedMapImpl<String, RoleModel>(); if (!isResource) {
for (RoleModel r : accessCode.getRequestedRoles()) { accessCode.setAction(ClientSessionModel.Action.OAUTH_GRANT);
if (r.getContainer() instanceof RealmModel) {
realmRoles.add(r); List<RoleModel> realmRoles = new LinkedList<RoleModel>();
} else { MultivaluedMap<String, RoleModel> resourceRoles = new MultivaluedMapImpl<String, RoleModel>();
resourceRoles.add(((ApplicationModel) r.getContainer()).getName(), r); for (RoleModel r : accessCode.getRequestedRoles()) {
} if (r.getContainer() instanceof RealmModel) {
} realmRoles.add(r);
} else {
return Flows.forms(this.session, realm, client, uriInfo) resourceRoles.add(((ApplicationModel) r.getContainer()).getName(), r);
.setAccessCode(accessCode.getCode()) }
.setAccessRequest(realmRoles, resourceRoles) }
.setClient(client)
.createOAuthGrant(); return Flows.forms(this.session, realm, client, uriInfo)
} .setAccessCode(accessCode.getCode())
.setAccessRequest(realmRoles, resourceRoles)
if (redirect != null) { .setClient(client)
audit.success(); .createOAuthGrant();
}
accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
return redirectAccessCode(accessCode, session, state, redirect); if (redirect != null) {
} else { audit.success();
return null;
} accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
} return redirectAccessCode(accessCode, session, state, redirect);
} else {
public Response forwardToSecurityFailure(String message) { return null;
return Flows.forms(session, realm, null, uriInfo).setError(message).createErrorPage(); }
} }
private void isTotpConfigurationRequired(UserModel user) { public Response forwardToSecurityFailure(String message) {
for (RequiredCredentialModel c : realm.getRequiredCredentials()) { return Flows.forms(session, realm, null, uriInfo).setError(message).createErrorPage();
if (c.getType().equals(CredentialRepresentation.TOTP) && !user.isTotp()) { }
user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
log.debug("User is required to configure totp"); private void isTotpConfigurationRequired(UserModel user) {
} for (RequiredCredentialModel c : realm.getRequiredCredentials()) {
} if (c.getType().equals(CredentialRepresentation.TOTP) && !user.isTotp()) {
} user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
log.debug("User is required to configure totp");
private void isEmailVerificationRequired(UserModel user) { }
if (realm.isVerifyEmail() && !user.isEmailVerified()) { }
user.addRequiredAction(RequiredAction.VERIFY_EMAIL); }
log.debug("User is required to verify email");
} private void isEmailVerificationRequired(UserModel user) {
} if (realm.isVerifyEmail() && !user.isEmailVerified()) {
user.addRequiredAction(RequiredAction.VERIFY_EMAIL);
} log.debug("User is required to verify email");
}
}
}

22
services/src/main/java/org/keycloak/services/util/CookieHelper.java
View file

@ -1,9 +1,9 @@
package org.keycloak.services.util; package org.keycloak.services.util;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.ResteasyProviderFactory;
import javax.servlet.http.Cookie; import javax.ws.rs.core.HttpHeaders;
import javax.servlet.http.HttpServletResponse;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -24,16 +24,12 @@ public class CookieHelper {
* @param httpOnly * @param httpOnly
*/ */
public static void addCookie(String name, String value, String path, String domain, String comment, int maxAge, boolean secure, boolean httpOnly) { public static void addCookie(String name, String value, String path, String domain, String comment, int maxAge, boolean secure, boolean httpOnly) {
HttpServletResponse response = ResteasyProviderFactory.getContextData(HttpServletResponse.class); HttpResponse response = ResteasyProviderFactory.getContextData(HttpResponse.class);
Cookie cookie = new Cookie(name, value); StringBuffer cookieBuf = new StringBuffer();
if (path != null) cookie.setPath(path); ServerCookie.appendCookieValue(cookieBuf, 1, name, value, path, domain, comment, maxAge, secure, httpOnly);
if (domain != null) cookie.setDomain(domain); String cookie = cookieBuf.toString();
if (comment != null) cookie.setComment(comment); response.getOutputHeaders().add(HttpHeaders.SET_COOKIE, cookie);
cookie.setMaxAge(maxAge);
cookie.setSecure(secure);
cookie.setHttpOnly(httpOnly);
response.addCookie(cookie);
} }
} }

305
services/src/main/java/org/keycloak/services/util/ServerCookie.java Executable file
View file

@ -0,0 +1,305 @@
package org.keycloak.services.util;
import java.io.Serializable;
import java.text.DateFormat;
import java.text.FieldPosition;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
/**
* Server-side cookie representation. borrowed from Tomcat.
*/
public class ServerCookie implements Serializable {
private static final String tspecials = ",; ";
private static final String tspecials2 = "()<>@,;:\\\"/[]?={} \t";
/*
* Tests a string and returns true if the string counts as a
* reserved token in the Java language.
*
* @param value the <code>String</code> to be tested
*
* @return <code>true</code> if the <code>String</code> is a reserved
* token; <code>false</code> if it is not
*/
public static boolean isToken(String value) {
if (value == null) return true;
int len = value.length();
for (int i = 0; i < len; i++) {
char c = value.charAt(i);
if (tspecials.indexOf(c) != -1)
return false;
}
return true;
}
public static boolean containsCTL(String value, int version) {
if (value == null) return false;
int len = value.length();
for (int i = 0; i < len; i++) {
char c = value.charAt(i);
if (c < 0x20 || c >= 0x7f) {
if (c == 0x09)
continue; //allow horizontal tabs
return true;
}
}
return false;
}
public static boolean isToken2(String value) {
if (value == null) return true;
int len = value.length();
for (int i = 0; i < len; i++) {
char c = value.charAt(i);
if (tspecials2.indexOf(c) != -1)
return false;
}
return true;
}
/**
* @deprecated - Not used
*/
public static boolean checkName(String name) {
if (!isToken(name)
|| name.equalsIgnoreCase("Comment") // rfc2019
|| name.equalsIgnoreCase("Discard") // rfc2965
|| name.equalsIgnoreCase("Domain") // rfc2019
|| name.equalsIgnoreCase("Expires") // Netscape
|| name.equalsIgnoreCase("Max-Age") // rfc2019
|| name.equalsIgnoreCase("Path") // rfc2019
|| name.equalsIgnoreCase("Secure") // rfc2019
|| name.equalsIgnoreCase("Version") // rfc2019
// TODO remaining RFC2965 attributes
) {
return false;
}
return true;
}
// -------------------- Cookie parsing tools
/**
* Return the header name to set the cookie, based on cookie version.
*/
public static String getCookieHeaderName(int version) {
// TODO Re-enable logging when RFC2965 is implemented
// log( (version==1) ? "Set-Cookie2" : "Set-Cookie");
if (version == 1) {
// XXX RFC2965 not referenced in Servlet Spec
// Set-Cookie2 is not supported by Netscape 4, 6, IE 3, 5
// Set-Cookie2 is supported by Lynx and Opera
// Need to check on later IE and FF releases but for now...
// RFC2109
return "Set-Cookie";
// return "Set-Cookie2";
} else {
// Old Netscape
return "Set-Cookie";
}
}
/**
* US locale - all HTTP dates are in english
*/
private final static Locale LOCALE_US = Locale.US;
/**
* GMT timezone - all HTTP dates are on GMT
*/
public final static TimeZone GMT_ZONE = TimeZone.getTimeZone("GMT");
/**
* Pattern used for old cookies
*/
private final static String OLD_COOKIE_PATTERN = "EEE, dd-MMM-yyyy HH:mm:ss z";
private final static DateFormat oldCookieFormat = new SimpleDateFormat(OLD_COOKIE_PATTERN, LOCALE_US);
public static String formatOldCookie(Date d) {
String ocf = null;
synchronized (oldCookieFormat) {
ocf = oldCookieFormat.format(d);
}
return ocf;
}
public static void formatOldCookie(Date d, StringBuffer sb,
FieldPosition fp) {
synchronized (oldCookieFormat) {
oldCookieFormat.format(d, sb, fp);
}
}
private static final String ancientDate = formatOldCookie(new Date(10000));
// TODO RFC2965 fields also need to be passed
public static void appendCookieValue(StringBuffer headerBuf,
int version,
String name,
String value,
String path,
String domain,
String comment,
int maxAge,
boolean isSecure,
boolean httpOnly) {
StringBuffer buf = new StringBuffer();
// Servlet implementation checks name
buf.append(name);
buf.append("=");
// Servlet implementation does not check anything else
// NOTE!!! BROWSERS REALLY DON'T LIKE QUOTING
//maybeQuote2(version, buf, value);
buf.append(value);
// Add version 1 specific information
if (version == 1) {
// Version=1 ... required
buf.append("; Version=1");
// Comment=comment
if (comment != null) {
buf.append("; Comment=");
//maybeQuote2(version, buf, comment);
buf.append(comment);
}
}
// Add domain information, if present
if (domain != null) {
buf.append("; Domain=");
//maybeQuote2(version, buf, domain);
buf.append(domain);
}
// Max-Age=secs ... or use old "Expires" format
// TODO RFC2965 Discard
if (maxAge >= 0) {
// Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
buf.append("; Expires=");
// To expire immediately we need to set the time in past
if (maxAge == 0)
buf.append(ancientDate);
else
formatOldCookie
(new Date(System.currentTimeMillis() +
maxAge * 1000L), buf,
new FieldPosition(0));
buf.append("; Max-Age=");
buf.append(maxAge);
}
// Path=path
if (path != null) {
buf.append("; Path=");
buf.append(path);
}
// Secure
if (isSecure) {
buf.append("; Secure");
}
// HttpOnly
if (httpOnly) {
buf.append("; HttpOnly");
}
headerBuf.append(buf);
}
/**
* @deprecated - Not used
*/
@Deprecated
public static void maybeQuote(int version, StringBuffer buf, String value) {
// special case - a \n or \r shouldn't happen in any case
if (isToken(value)) {
buf.append(value);
} else {
buf.append('"');
buf.append(escapeDoubleQuotes(value, 0, value.length()));
buf.append('"');
}
}
public static boolean alreadyQuoted(String value) {
if (value == null || value.length() == 0) return false;
return (value.charAt(0) == '\"' && value.charAt(value.length() - 1) == '\"');
}
/**
* Quotes values using rules that vary depending on Cookie version.
*
* @param version
* @param buf
* @param value
*/
public static void maybeQuote2(int version, StringBuffer buf, String value) {
if (value == null || value.length() == 0) {
buf.append("\"\"");
} else if (containsCTL(value, version))
throw new IllegalArgumentException("Control character in cookie value, consider BASE64 encoding your value");
else if (alreadyQuoted(value)) {
buf.append('"');
buf.append(escapeDoubleQuotes(value, 1, value.length() - 1));
buf.append('"');
} else if (version == 0 && !isToken(value)) {
buf.append('"');
buf.append(escapeDoubleQuotes(value, 0, value.length()));
buf.append('"');
} else if (version == 1 && !isToken2(value)) {
buf.append('"');
buf.append(escapeDoubleQuotes(value, 0, value.length()));
buf.append('"');
} else {
buf.append(value);
}
}
/**
* Escapes any double quotes in the given string.
*
* @param s the input string
* @param beginIndex start index inclusive
* @param endIndex exclusive
* @return The (possibly) escaped string
*/
private static String escapeDoubleQuotes(String s, int beginIndex, int endIndex) {
if (s == null || s.length() == 0 || s.indexOf('"') == -1) {
return s;
}
StringBuffer b = new StringBuffer();
for (int i = beginIndex; i < endIndex; i++) {
char c = s.charAt(i);
if (c == '\\') {
b.append(c);
//ignore the character after an escape, just append it
if (++i >= endIndex) throw new IllegalArgumentException("Invalid escape character in cookie value.");
b.append(s.charAt(i));
} else if (c == '"')
b.append('\\').append('"');
else
b.append(c);
}
return b.toString();
}
}

8
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java
View file

@ -3,6 +3,7 @@ package org.keycloak.testsuite.forms;
import org.junit.Assert; import org.junit.Assert;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.FixMethodOrder; import org.junit.FixMethodOrder;
import org.junit.Ignore;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.junit.rules.RuleChain; import org.junit.rules.RuleChain;
@ -102,6 +103,13 @@ public class FederationProvidersIntegrationTest {
@WebResource @WebResource
protected AccountPasswordPage changePasswordPage; protected AccountPasswordPage changePasswordPage;
@Test
@Ignore
public void runit() throws Exception {
Thread.sleep(10000000);
}
static UserModel addUser(KeycloakSession session, RealmModel realm, String username, String email, String password) { static UserModel addUser(KeycloakSession session, RealmModel realm, String username, String email, String password) {
UserModel user = session.users().addUser(realm, username); UserModel user = session.users().addUser(realm, username);
user.setEmail(email); user.setEmail(email);

5
testsuite/integration/src/test/java/org/keycloak/testsuite/perf/AccessTokenPerfTest.java
View file

@ -180,6 +180,11 @@ public class AccessTokenPerfTest {
} }
Assert.assertEquals(302, response.getStatus()); Assert.assertEquals(302, response.getStatus());
uri = response.getLocation(); uri = response.getLocation();
for (String header : response.getHeaders().keySet()) {
for (Object value : response.getHeaders().get(header)) {
System.out.println(header + ": " + value);
}
}
response.close(); response.close();
Assert.assertNotNull(uri); Assert.assertNotNull(uri);