KEYCLOAK-6752, KEYCLOAK-6565
Fixed missing deployment after deserialization. Other adapters already have logic for filling in deployment when it's missing in the context, Spring Security adapter lacked that feature. The solution is based on an attachment https://issues.jboss.org/secure/attachment/12431091/FixKeycloakSecurityContextRequestFilter.java from https://issues.jboss.org/browse/KEYCLOAK-6565
This commit is contained in:
parent
5281a38cf7
commit
a4edb083c3
1 changed files with 16 additions and 2 deletions
|
@ -28,9 +28,14 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import org.keycloak.KeycloakPrincipal;
|
||||
import org.keycloak.KeycloakSecurityContext;
|
||||
import org.keycloak.adapters.AdapterDeploymentContext;
|
||||
import org.keycloak.adapters.AdapterTokenStore;
|
||||
import org.keycloak.adapters.KeycloakDeployment;
|
||||
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
|
||||
import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
|
||||
import org.keycloak.adapters.springsecurity.token.AdapterTokenStoreFactory;
|
||||
import org.keycloak.adapters.springsecurity.token.SpringSecurityAdapterTokenStoreFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
|
@ -42,8 +47,10 @@ import org.springframework.web.filter.GenericFilterBean;
|
|||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||
*/
|
||||
public class KeycloakSecurityContextRequestFilter extends GenericFilterBean implements ApplicationContextAware {
|
||||
private static final Logger log = LoggerFactory.getLogger(KeycloakSecurityContextRequestFilter.class);
|
||||
|
||||
private static final String FILTER_APPLIED = KeycloakSecurityContext.class.getPackage().getName() + ".token-refreshed";
|
||||
private final AdapterTokenStoreFactory adapterTokenStoreFactory = new SpringSecurityAdapterTokenStoreFactory();
|
||||
|
||||
private ApplicationContext applicationContext;
|
||||
private AdapterDeploymentContext deploymentContext;
|
||||
|
@ -57,12 +64,19 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl
|
|||
|
||||
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
|
||||
|
||||
KeycloakSecurityContext keycloakSecurityContext = getKeycloakPrincipal();
|
||||
KeycloakSecurityContext keycloakSecurityContext = getKeycloakSecurityContext();
|
||||
|
||||
if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
|
||||
RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext;
|
||||
KeycloakDeployment deployment = resolveDeployment(request, response);
|
||||
|
||||
// just in case session got serialized
|
||||
if (refreshableSecurityContext.getDeployment()==null) {
|
||||
log.trace("Recreating missing deployment and related fields in deserialized context");
|
||||
AdapterTokenStore adapterTokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, (HttpServletRequest) request);
|
||||
refreshableSecurityContext.setCurrentRequestInfo(deployment, adapterTokenStore);
|
||||
}
|
||||
|
||||
if (!refreshableSecurityContext.isActive() || deployment.isAlwaysRefreshToken()) {
|
||||
if (refreshableSecurityContext.refreshExpiredToken(false)) {
|
||||
request.setAttribute(KeycloakSecurityContext.class.getName(), refreshableSecurityContext);
|
||||
|
@ -87,7 +101,7 @@ public class KeycloakSecurityContextRequestFilter extends GenericFilterBean impl
|
|||
this.applicationContext = applicationContext;
|
||||
}
|
||||
|
||||
private KeycloakSecurityContext getKeycloakPrincipal() {
|
||||
private KeycloakSecurityContext getKeycloakSecurityContext() {
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (authentication != null) {
|
||||
|
|
Loading…
Reference in a new issue