more
This commit is contained in:
Bill Burke
parent
b54061fc3f
commit
9ab023cc6c
8 changed files with 315 additions and 275 deletions
|
|
@ -25,11 +25,6 @@
|
|||
<listener-class>org.keycloak.services.listeners.KeycloakSessionDestroyListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<filter>
|
||||
<filter-name>Keycloak Client Connection Filter</filter-name>
|
||||
<filter-class>org.keycloak.services.filters.ClientConnectionFilter</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>Keycloak Session Management</filter-name>
|
||||
<filter-class>org.keycloak.services.filters.KeycloakSessionServletFilter</filter-class>
|
||||
|
|
|
|||
6
model/api/src/main/java/org/keycloak/models/KeycloakContext.java
Normal file → Executable file
6
model/api/src/main/java/org/keycloak/models/KeycloakContext.java
Normal file → Executable file
|
|
@ -1,5 +1,7 @@
|
|||
package org.keycloak.models;
|
||||
|
||||
import org.keycloak.ClientConnection;
|
||||
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
||||
|
|
@ -20,4 +22,8 @@ public interface KeycloakContext {
|
|||
|
||||
void setClient(ClientModel client);
|
||||
|
||||
ClientConnection getConnection();
|
||||
|
||||
void setConnection(ClientConnection connection);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -434,7 +434,7 @@ public class AuthenticationProcessor {
|
|||
if (authenticator.requiresUser() && authUser != null) {
|
||||
configuredFor = authenticator.configuredFor(session, realm, authUser);
|
||||
if (!configuredFor) {
|
||||
if (model.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
|
||||
if (model.isRequired()) {
|
||||
if (model.isUserSetupAllowed()) {
|
||||
clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.SETUP_REQUIRED);
|
||||
String requiredAction = authenticator.getRequiredAction();
|
||||
|
|
@ -445,6 +445,9 @@ public class AuthenticationProcessor {
|
|||
} else {
|
||||
throw new AuthException(Error.CREDENTIAL_SETUP_REQUIRED);
|
||||
}
|
||||
} else if (model.isOptional()) {
|
||||
clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.SKIPPED);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -477,7 +480,9 @@ public class AuthenticationProcessor {
|
|||
clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.CHALLENGED);
|
||||
return context.challenge;
|
||||
} else if (result == Status.ATTEMPTED) {
|
||||
if (model.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) throw new AuthException(Error.INVALID_CREDENTIALS);
|
||||
if (model.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
|
||||
throw new AuthException(Error.INVALID_CREDENTIALS);
|
||||
}
|
||||
clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.ATTEMPTED);
|
||||
continue;
|
||||
} else {
|
||||
|
|
|
|||
12
services/src/main/java/org/keycloak/services/DefaultKeycloakContext.java
Normal file → Executable file
12
services/src/main/java/org/keycloak/services/DefaultKeycloakContext.java
Normal file → Executable file
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.services;
|
||||
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.ClientConnection;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakContext;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
|
@ -17,6 +18,8 @@ public class DefaultKeycloakContext implements KeycloakContext {
|
|||
|
||||
private ClientModel client;
|
||||
|
||||
private ClientConnection connection;
|
||||
|
||||
@Override
|
||||
public UriInfo getUri() {
|
||||
return ResteasyProviderFactory.getContextData(UriInfo.class);
|
||||
|
|
@ -47,4 +50,13 @@ public class DefaultKeycloakContext implements KeycloakContext {
|
|||
this.client = client;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientConnection getConnection() {
|
||||
return connection;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setConnection(ClientConnection connection) {
|
||||
this.connection = connection;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import java.io.IOException;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@Deprecated
|
||||
public class ClientConnectionFilter implements Filter {
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.services.filters;
|
||||
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.ClientConnection;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.KeycloakTransaction;
|
||||
|
|
@ -26,11 +27,29 @@ public class KeycloakSessionServletFilter implements Filter {
|
|||
|
||||
@Override
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||
HttpServletRequest request = (HttpServletRequest)servletRequest;
|
||||
final HttpServletRequest request = (HttpServletRequest)servletRequest;
|
||||
|
||||
KeycloakSessionFactory sessionFactory = (KeycloakSessionFactory) servletRequest.getServletContext().getAttribute(KeycloakSessionFactory.class.getName());
|
||||
KeycloakSession session = sessionFactory.create();
|
||||
ResteasyProviderFactory.pushContext(KeycloakSession.class, session);
|
||||
ClientConnection connection = new ClientConnection() {
|
||||
@Override
|
||||
public String getRemoteAddr() {
|
||||
return request.getRemoteAddr();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getRemoteHost() {
|
||||
return request.getRemoteHost();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getReportPort() {
|
||||
return request.getRemotePort();
|
||||
}
|
||||
};
|
||||
session.getContext().setConnection(connection);
|
||||
ResteasyProviderFactory.pushContext(ClientConnection.class, connection);
|
||||
|
||||
KeycloakTransaction tx = session.getTransaction();
|
||||
ResteasyProviderFactory.pushContext(KeycloakTransaction.class, tx);
|
||||
|
|
|
|||
|
|
@ -315,6 +315,8 @@ public class LoginActionsService {
|
|||
event.error(Errors.CLIENT_NOT_FOUND);
|
||||
return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
|
||||
}
|
||||
session.getContext().setClient(client);
|
||||
|
||||
if (!client.isEnabled()) {
|
||||
event.error(Errors.CLIENT_NOT_FOUND);
|
||||
return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
|
||||
|
|
|
|||
|
|
@ -172,7 +172,7 @@ public class OAuthGrantTest {
|
|||
// Open login form and assert grantPage not shown
|
||||
oauth.openLoginForm();
|
||||
appPage.assertCurrent();
|
||||
events.expectLogin().detail(Details.AUTH_METHOD, "sso").removeDetail(Details.USERNAME).client("third-party").assertEvent();
|
||||
events.expectLogin().removeDetail(Details.USERNAME).client("third-party").assertEvent();
|
||||
|
||||
// Revoke grant in account mgmt.
|
||||
accountAppsPage.open();
|
||||
|
|
|
|||
Loading…
Reference in a new issue