From ae47b7fa807c0816126f94e78f6ef6fabfecee83 Mon Sep 17 00:00:00 2001 From: stianst Date: Mon, 30 Jul 2018 20:26:34 +0200 Subject: [PATCH] KEYCLOAK-7967 Remove injection of UriInfo --- .../admin/PolicyResourceService.java | 15 +++-- .../authorization/admin/PolicyService.java | 13 +++-- .../admin/ResourceServerService.java | 18 +++--- .../admin/ResourceSetService.java | 27 +++++---- .../authorization/admin/ScopeService.java | 27 +++++---- .../protection/ProtectionService.java | 6 +- .../policy/UserManagedPermissionService.java | 10 ++-- .../protection/resource/ResourceService.java | 17 +++--- .../oidc/AbstractOAuth2IdentityProvider.java | 5 +- .../oidc/KeycloakOIDCIdentityProvider.java | 2 +- .../broker/oidc/OIDCIdentityProvider.java | 5 +- .../keycloak/broker/saml/SAMLEndpoint.java | 25 ++++---- .../protocol/AuthorizationEndpointBase.java | 8 +-- .../protocol/docker/DockerEndpoint.java | 6 +- .../docker/DockerV2LoginProtocolService.java | 3 - .../oidc/OIDCLoginProtocolService.java | 7 +-- .../oidc/endpoints/AuthorizationEndpoint.java | 12 ++-- .../oidc/endpoints/LogoutEndpoint.java | 17 ++---- .../oidc/endpoints/TokenEndpoint.java | 26 ++++----- .../endpoints/TokenIntrospectionEndpoint.java | 5 +- .../oidc/endpoints/UserInfoEndpoint.java | 11 +--- .../keycloak/protocol/saml/SamlService.java | 32 +++++----- .../profile/ecp/SamlEcpProfileService.java | 4 +- .../services/error/KeycloakErrorHandler.java | 17 +++--- .../AbstractSecuredLocalService.java | 16 ++--- .../resources/ClientsManagementService.java | 6 +- .../resources/IdentityBrokerService.java | 51 ++++++++-------- .../resources/LoginActionsService.java | 58 ++++++++++--------- .../resources/PublicRealmResource.java | 6 +- .../services/resources/RealmsResource.java | 5 +- .../services/resources/WelcomeResource.java | 16 ++--- .../resources/account/AccountConsole.java | 58 +++++++++---------- .../resources/account/AccountFormService.java | 51 ++++++++-------- .../resources/account/AccountRestService.java | 5 +- .../resources/admin/AdminConsole.java | 20 +++---- .../services/resources/admin/AdminRoot.java | 8 +-- .../admin/AttackDetectionResource.java | 9 +-- .../AuthenticationManagementResource.java | 57 +++++++++--------- .../ClientAttributeCertificateResource.java | 6 +- .../admin/ClientInitialAccessResource.java | 12 ++-- .../ClientRegistrationPolicyResource.java | 21 +++---- .../resources/admin/ClientResource.java | 36 +++++------- .../resources/admin/ClientScopeResource.java | 7 +-- .../resources/admin/ClientScopesResource.java | 8 +-- .../admin/ClientStorageProviderResource.java | 15 ----- .../resources/admin/ClientsResource.java | 9 ++- .../resources/admin/ComponentResource.java | 13 ++--- .../resources/admin/GroupResource.java | 23 +++----- .../resources/admin/GroupsResource.java | 25 ++++---- .../admin/IdentityProviderResource.java | 19 +++--- .../admin/IdentityProvidersResource.java | 15 ++--- .../admin/ProtocolMappersResource.java | 14 ++--- .../resources/admin/RealmAdminResource.java | 42 ++++++-------- .../resources/admin/RealmsAdminResource.java | 8 +-- .../resources/admin/RoleByIdResource.java | 22 +++---- .../admin/RoleContainerResource.java | 12 ++-- .../resources/admin/RoleMapperResource.java | 13 ++--- .../resources/admin/UserResource.java | 47 +++++++-------- .../admin/UserStorageProviderResource.java | 8 +-- .../resources/admin/UsersResource.java | 14 ++--- .../twitter/TwitterIdentityProvider.java | 7 +-- 61 files changed, 453 insertions(+), 627 deletions(-) diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java index c89c340de7..d896a8fcb5 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java @@ -40,6 +40,7 @@ import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; +import org.keycloak.models.KeycloakSession; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; @@ -55,6 +56,8 @@ import org.keycloak.util.JsonSerialization; */ public class PolicyResourceService { + @Context + private KeycloakSession session; private final Policy policy; protected final ResourceServer resourceServer; protected final AuthorizationProvider authorization; @@ -73,7 +76,7 @@ public class PolicyResourceService { @Consumes("application/json") @Produces("application/json") @NoCache - public Response update(@Context UriInfo uriInfo, String payload) { + public Response update(String payload) { if (auth != null) { this.auth.realm().requireManageAuthorization(); } @@ -89,13 +92,13 @@ public class PolicyResourceService { RepresentationToModel.toModel(representation, authorization, policy); - audit(uriInfo, representation, OperationType.UPDATE); + audit(representation, OperationType.UPDATE); return Response.status(Status.CREATED).build(); } @DELETE - public Response delete(@Context UriInfo uriInfo) { + public Response delete() { if (auth != null) { this.auth.realm().requireManageAuthorization(); } @@ -113,7 +116,7 @@ public class PolicyResourceService { policyStore.delete(policy.getId()); if (authorization.getRealm().isAdminEventsEnabled()) { - audit(uriInfo, toRepresentation(policy, authorization), OperationType.DELETE); + audit(toRepresentation(policy, authorization), OperationType.DELETE); } return Response.noContent().build(); @@ -255,9 +258,9 @@ public class PolicyResourceService { return policy; } - private void audit(@Context UriInfo uriInfo, AbstractPolicyRepresentation policy, OperationType operation) { + private void audit(AbstractPolicyRepresentation policy, OperationType operation) { if (authorization.getRealm().isAdminEventsEnabled()) { - adminEvent.operation(operation).resourcePath(uriInfo).representation(policy).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(policy).success(); } } } diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java index 20a3e698d8..49f1e0d2e9 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java @@ -57,6 +57,7 @@ import org.keycloak.authorization.store.StoreFactory; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.Constants; +import org.keycloak.models.KeycloakSession; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation; @@ -71,6 +72,8 @@ import org.keycloak.util.JsonSerialization; */ public class PolicyService { + @Context + private KeycloakSession session; protected final ResourceServer resourceServer; protected final AuthorizationProvider authorization; protected final AdminPermissionEvaluator auth; @@ -108,7 +111,7 @@ public class PolicyService { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @NoCache - public Response create(@Context UriInfo uriInfo, String payload) { + public Response create(String payload) { if (auth != null) { this.auth.realm().requireManageAuthorization(); } @@ -118,7 +121,7 @@ public class PolicyService { representation.setId(policy.getId()); - audit(uriInfo, representation, representation.getId(), OperationType.CREATE); + audit(representation, representation.getId(), OperationType.CREATE); return Response.status(Status.CREATED).entity(representation).build(); } @@ -325,12 +328,12 @@ public class PolicyService { }); } - private void audit(@Context UriInfo uriInfo, AbstractPolicyRepresentation resource, String id, OperationType operation) { + private void audit(AbstractPolicyRepresentation resource, String id, OperationType operation) { if (authorization.getRealm().isAdminEventsEnabled()) { if (id != null) { - adminEvent.operation(operation).resourcePath(uriInfo, id).representation(resource).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success(); } else { - adminEvent.operation(operation).resourcePath(uriInfo).representation(resource).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success(); } } } diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java index 85b7804e86..9bdb352623 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java @@ -27,7 +27,6 @@ import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; @@ -68,9 +67,6 @@ public class ResourceServerService { private ResourceServer resourceServer; private final ClientModel client; - @Context - private UriInfo uriInfo; - public ResourceServerService(AuthorizationProvider authorization, ResourceServer resourceServer, ClientModel client, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { this.authorization = authorization; this.session = authorization.getKeycloakSession(); @@ -96,7 +92,7 @@ public class ResourceServerService { this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId()); createDefaultRoles(serviceAccount); createDefaultPermission(createDefaultResource(), createDefaultPolicy()); - audit(OperationType.CREATE, uriInfo, newClient); + audit(OperationType.CREATE, session.getContext().getUri(), newClient); return resourceServer; } @@ -108,14 +104,14 @@ public class ResourceServerService { this.auth.realm().requireManageAuthorization(); this.resourceServer.setAllowRemoteResourceManagement(server.isAllowRemoteResourceManagement()); this.resourceServer.setPolicyEnforcementMode(server.getPolicyEnforcementMode()); - audit(OperationType.UPDATE, uriInfo, false); + audit(OperationType.UPDATE, session.getContext().getUri(), false); return Response.noContent().build(); } public void delete() { this.auth.realm().requireManageAuthorization(); authorization.getStoreFactory().getResourceServerStore().delete(resourceServer.getId()); - audit(OperationType.DELETE, uriInfo, false); + audit(OperationType.DELETE, session.getContext().getUri(), false); } @GET @@ -136,21 +132,21 @@ public class ResourceServerService { @Path("/import") @POST @Consumes(MediaType.APPLICATION_JSON) - public Response importSettings(@Context final UriInfo uriInfo, ResourceServerRepresentation rep) { + public Response importSettings(ResourceServerRepresentation rep) { this.auth.realm().requireManageAuthorization(); rep.setClientId(client.getId()); RepresentationToModel.toModel(rep, authorization); - audit(OperationType.UPDATE, uriInfo, false); + audit(OperationType.UPDATE, session.getContext().getUri(), false); return Response.noContent().build(); } @Path("/resource") public ResourceSetService getResourceSetResource() { - ResourceSetService resource = new ResourceSetService(this.resourceServer, this.authorization, this.auth, adminEvent); + ResourceSetService resource = new ResourceSetService(this.session, this.resourceServer, this.authorization, this.auth, adminEvent); ResteasyProviderFactory.getInstance().injectProperties(resource); @@ -159,7 +155,7 @@ public class ResourceServerService { @Path("/scope") public ScopeService getScopeResource() { - ScopeService resource = new ScopeService(this.resourceServer, this.authorization, this.auth, adminEvent); + ScopeService resource = new ScopeService(this.session, this.resourceServer, this.authorization, this.auth, adminEvent); ResteasyProviderFactory.getInstance().injectProperties(resource); diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java index 3fded6badc..78dff9eb2f 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java @@ -61,6 +61,7 @@ import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; +import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.representations.idm.authorization.PolicyRepresentation; @@ -79,9 +80,11 @@ public class ResourceSetService { private final AuthorizationProvider authorization; private final AdminPermissionEvaluator auth; private final AdminEventBuilder adminEvent; + private KeycloakSession session; private ResourceServer resourceServer; - public ResourceSetService(ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + public ResourceSetService(KeycloakSession session, ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + this.session = session; this.resourceServer = resourceServer; this.authorization = authorization; this.auth = auth; @@ -92,14 +95,14 @@ public class ResourceSetService { @NoCache @Consumes("application/json") @Produces("application/json") - public Response create(@Context UriInfo uriInfo, ResourceRepresentation resource) { + public Response createPost(ResourceRepresentation resource) { if (resource == null) { return Response.status(Status.BAD_REQUEST).build(); } ResourceRepresentation newResource = create(resource); - audit(uriInfo, resource, resource.getId(), OperationType.CREATE); + audit(resource, resource.getId(), OperationType.CREATE); return Response.status(Status.CREATED).entity(newResource).build(); } @@ -134,7 +137,7 @@ public class ResourceSetService { @PUT @Consumes("application/json") @Produces("application/json") - public Response update(@Context UriInfo uriInfo, @PathParam("id") String id, ResourceRepresentation resource) { + public Response update(@PathParam("id") String id, ResourceRepresentation resource) { requireManage(); resource.setId(id); StoreFactory storeFactory = this.authorization.getStoreFactory(); @@ -147,14 +150,14 @@ public class ResourceSetService { toModel(resource, resourceServer, authorization); - audit(uriInfo, resource, OperationType.UPDATE); + audit(resource, OperationType.UPDATE); return Response.noContent().build(); } @Path("{id}") @DELETE - public Response delete(@Context UriInfo uriInfo, @PathParam("id") String id) { + public Response delete(@PathParam("id") String id) { requireManage(); StoreFactory storeFactory = authorization.getStoreFactory(); Resource resource = storeFactory.getResourceStore().findById(id, resourceServer.getId()); @@ -166,7 +169,7 @@ public class ResourceSetService { storeFactory.getResourceStore().delete(id); if (authorization.getRealm().isAdminEventsEnabled()) { - audit(uriInfo, toRepresentation(resource, resourceServer, authorization), OperationType.DELETE); + audit(toRepresentation(resource, resourceServer, authorization), OperationType.DELETE); } return Response.noContent().build(); @@ -465,16 +468,16 @@ public class ResourceSetService { } } - private void audit(@Context UriInfo uriInfo, ResourceRepresentation resource, OperationType operation) { - audit(uriInfo, resource, null, operation); + private void audit(ResourceRepresentation resource, OperationType operation) { + audit(resource, null, operation); } - public void audit(@Context UriInfo uriInfo, ResourceRepresentation resource, String id, OperationType operation) { + public void audit(ResourceRepresentation resource, String id, OperationType operation) { if (authorization.getRealm().isAdminEventsEnabled()) { if (id != null) { - adminEvent.operation(operation).resourcePath(uriInfo, id).representation(resource).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success(); } else { - adminEvent.operation(operation).resourcePath(uriInfo).representation(resource).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success(); } } } diff --git a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java index 294951cc70..5e4dd6f4cd 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java @@ -28,6 +28,7 @@ import org.keycloak.authorization.store.StoreFactory; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.Constants; +import org.keycloak.models.KeycloakSession; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; @@ -67,9 +68,11 @@ public class ScopeService { private final AuthorizationProvider authorization; private final AdminPermissionEvaluator auth; private final AdminEventBuilder adminEvent; + private KeycloakSession session; private ResourceServer resourceServer; - public ScopeService(ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + public ScopeService(KeycloakSession session, ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + this.session = session; this.resourceServer = resourceServer; this.authorization = authorization; this.auth = auth; @@ -80,13 +83,13 @@ public class ScopeService { @NoCache @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Response create(@Context UriInfo uriInfo, ScopeRepresentation scope) { + public Response create(ScopeRepresentation scope) { this.auth.realm().requireManageAuthorization(); Scope model = toModel(scope, this.resourceServer, authorization); scope.setId(model.getId()); - audit(uriInfo, scope, scope.getId(), OperationType.CREATE); + audit(scope, scope.getId(), OperationType.CREATE); return Response.status(Status.CREATED).entity(scope).build(); } @@ -95,7 +98,7 @@ public class ScopeService { @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Response update(@Context UriInfo uriInfo, @PathParam("id") String id, ScopeRepresentation scope) { + public Response update(@PathParam("id") String id, ScopeRepresentation scope) { this.auth.realm().requireManageAuthorization(); scope.setId(id); StoreFactory storeFactory = authorization.getStoreFactory(); @@ -107,14 +110,14 @@ public class ScopeService { toModel(scope, resourceServer, authorization); - audit(uriInfo, scope, OperationType.UPDATE); + audit(scope, OperationType.UPDATE); return Response.noContent().build(); } @Path("{id}") @DELETE - public Response delete(@Context UriInfo uriInfo, @PathParam("id") String id) { + public Response delete(@PathParam("id") String id) { this.auth.realm().requireManageAuthorization(); StoreFactory storeFactory = authorization.getStoreFactory(); List resources = storeFactory.getResourceStore().findByScope(Arrays.asList(id), resourceServer.getId()); @@ -143,7 +146,7 @@ public class ScopeService { storeFactory.getScopeStore().delete(id); if (authorization.getRealm().isAdminEventsEnabled()) { - audit(uriInfo, toRepresentation(scope), OperationType.DELETE); + audit(toRepresentation(scope), OperationType.DELETE); } return Response.noContent().build(); @@ -260,16 +263,16 @@ public class ScopeService { .build(); } - private void audit(@Context UriInfo uriInfo, ScopeRepresentation resource, OperationType operation) { - audit(uriInfo, resource, null, operation); + private void audit(ScopeRepresentation resource, OperationType operation) { + audit(resource, null, operation); } - private void audit(@Context UriInfo uriInfo, ScopeRepresentation resource, String id, OperationType operation) { + private void audit(ScopeRepresentation resource, String id, OperationType operation) { if (authorization.getRealm().isAdminEventsEnabled()) { if (id != null) { - adminEvent.operation(operation).resourcePath(uriInfo, id).representation(resource).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success(); } else { - adminEvent.operation(operation).resourcePath(uriInfo).representation(resource).success(); + adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success(); } } } diff --git a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java index f4bbba6225..6301e0c707 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java @@ -45,6 +45,8 @@ import org.keycloak.authorization.protection.policy.UserManagedPermissionService */ public class ProtectionService { + @Context + private KeycloakSession session; private final AuthorizationProvider authorization; @Context @@ -58,11 +60,11 @@ public class ProtectionService { public Object resource() { KeycloakIdentity identity = createIdentity(true); ResourceServer resourceServer = getResourceServer(identity); - ResourceSetService resourceManager = new ResourceSetService(resourceServer, this.authorization, null, createAdminEventBuilder(identity, resourceServer)); + ResourceSetService resourceManager = new ResourceSetService(this.session, resourceServer, this.authorization, null, createAdminEventBuilder(identity, resourceServer)); ResteasyProviderFactory.getInstance().injectProperties(resourceManager); - ResourceService resource = new ResourceService(resourceServer, identity, resourceManager); + ResourceService resource = new ResourceService(this.session, resourceServer, identity, resourceManager); ResteasyProviderFactory.getInstance().injectProperties(resource); diff --git a/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java index d9663a487c..d0e2a17f6d 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java @@ -74,7 +74,7 @@ public class UserManagedPermissionService { @Path("{resourceId}") @Consumes("application/json") @Produces("application/json") - public Response create(@Context UriInfo uriInfo, @PathParam("resourceId") String resourceId, UmaPermissionRepresentation representation) { + public Response create(@PathParam("resourceId") String resourceId, UmaPermissionRepresentation representation) { if (representation.getId() != null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Newly created uma policies should not have an id", Response.Status.BAD_REQUEST); } @@ -91,7 +91,7 @@ public class UserManagedPermissionService { @PUT @Consumes("application/json") @Produces("application/json") - public Response update(@Context UriInfo uriInfo, @PathParam("policyId") String policyId, String payload) { + public Response update(@PathParam("policyId") String policyId, String payload) { UmaPermissionRepresentation representation; try { @@ -102,14 +102,14 @@ public class UserManagedPermissionService { checkRequest(getAssociatedResourceId(policyId), representation); - return PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).update(uriInfo, payload); + return PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).update(payload); } @Path("{policyId}") @DELETE - public Response delete(@Context UriInfo uriInfo, @PathParam("policyId") String policyId) { + public Response delete(@PathParam("policyId") String policyId) { checkRequest(getAssociatedResourceId(policyId), null); - PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).delete(uriInfo); + PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).delete(); return Response.noContent().build(); } diff --git a/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java b/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java index 1fbe5f9363..4368a9afc1 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java @@ -39,6 +39,7 @@ import org.keycloak.authorization.identity.Identity; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.events.admin.OperationType; +import org.keycloak.models.KeycloakSession; import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.services.ErrorResponseException; @@ -50,9 +51,11 @@ public class ResourceService { private final ResourceServer resourceServer; private final ResourceSetService resourceManager; + private final KeycloakSession session; private final Identity identity; - public ResourceService(ResourceServer resourceServer, Identity identity, ResourceSetService resourceManager) { + public ResourceService(KeycloakSession session, ResourceServer resourceServer, Identity identity, ResourceSetService resourceManager) { + this.session = session; this.identity = identity; this.resourceServer = resourceServer; this.resourceManager = resourceManager; @@ -61,7 +64,7 @@ public class ResourceService { @POST @Consumes("application/json") @Produces("application/json") - public Response create(@Context UriInfo uriInfo, UmaResourceRepresentation resource) { + public Response create(UmaResourceRepresentation resource) { checkResourceServerSettings(); if (resource == null) { @@ -85,7 +88,7 @@ public class ResourceService { ResourceRepresentation newResource = resourceManager.create(resource); - resourceManager.audit(uriInfo, resource, resource.getId(), OperationType.CREATE); + resourceManager.audit(resource, resource.getId(), OperationType.CREATE); return Response.status(Status.CREATED).entity(new UmaResourceRepresentation(newResource)).build(); } @@ -94,15 +97,15 @@ public class ResourceService { @PUT @Consumes("application/json") @Produces("application/json") - public Response update(@Context UriInfo uriInfo, @PathParam("id") String id, ResourceRepresentation resource) { - return this.resourceManager.update(uriInfo, id, resource); + public Response update(@PathParam("id") String id, ResourceRepresentation resource) { + return this.resourceManager.update(id, resource); } @Path("/{id}") @DELETE - public Response delete(@Context UriInfo uriInfo, @PathParam("id") String id) { + public Response delete(@PathParam("id") String id) { checkResourceServerSettings(); - return this.resourceManager.delete(uriInfo, id); + return this.resourceManager.delete(id); } @Path("/{id}") diff --git a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java index 18e6243fec..790fd99460 100755 --- a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java +++ b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java @@ -389,9 +389,6 @@ public abstract class AbstractOAuth2IdentityProvider keys = new LinkedList<>(); @@ -241,7 +238,7 @@ public class SAMLEndpoint { SAMLDocumentHolder holder = extractRequestDocument(samlRequest); RequestAbstractType requestAbstractType = (RequestAbstractType) holder.getSamlObject(); // validate destination - if (requestAbstractType.getDestination() != null && !uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) { + if (requestAbstractType.getDestination() != null && !session.getContext().getUri().getAbsolutePath().equals(requestAbstractType.getDestination())) { event.event(EventType.IDENTITY_PROVIDER_RESPONSE); event.detail(Details.REASON, "invalid_destination"); event.error(Errors.INVALID_SAML_RESPONSE); @@ -280,7 +277,7 @@ public class SAMLEndpoint { continue; } try { - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, false); } catch (Exception e) { logger.warn("failed to do backchannel logout for userSession", e); } @@ -295,7 +292,7 @@ public class SAMLEndpoint { continue; } try { - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, false); } catch (Exception e) { logger.warn("failed to do backchannel logout for userSession", e); } @@ -303,7 +300,7 @@ public class SAMLEndpoint { } } - String issuerURL = getEntityId(uriInfo, realm); + String issuerURL = getEntityId(session.getContext().getUri(), realm); SAML2LogoutResponseBuilder builder = new SAML2LogoutResponseBuilder(); builder.logoutRequestID(request.getID()); builder.destination(config.getSingleLogoutServiceUrl()); @@ -340,7 +337,7 @@ public class SAMLEndpoint { private String getEntityId(UriInfo uriInfo, RealmModel realm) { return UriBuilder.fromUri(uriInfo.getBaseUri()).path("realms").path(realm.getName()).build().toString(); } - + protected Response handleLoginResponse(String samlResponse, SAMLDocumentHolder holder, ResponseType responseType, String relayState, String clientId) { try { @@ -459,7 +456,7 @@ public class SAMLEndpoint { SAMLDocumentHolder holder = extractResponseDocument(samlResponse); StatusResponseType statusResponse = (StatusResponseType)holder.getSamlObject(); // validate destination - if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) { + if (statusResponse.getDestination() != null && !session.getContext().getUri().getAbsolutePath().toString().equals(statusResponse.getDestination())) { event.event(EventType.IDENTITY_PROVIDER_RESPONSE); event.detail(Details.REASON, "invalid_destination"); event.error(Errors.INVALID_SAML_RESPONSE); @@ -506,7 +503,7 @@ public class SAMLEndpoint { event.error(Errors.USER_SESSION_NOT_FOUND); return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.SESSION_NOT_ACTIVE); } - return AuthenticationManager.finishBrowserLogout(session, realm, userSession, uriInfo, clientConnection, headers); + return AuthenticationManager.finishBrowserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers); } @@ -552,7 +549,7 @@ public class SAMLEndpoint { @Override protected void verifySignature(String key, SAMLDocumentHolder documentHolder) throws VerificationException { KeyLocator locator = getIDPKeyLocator(); - SamlProtocolUtils.verifyRedirectSignature(documentHolder, locator, uriInfo, key); + SamlProtocolUtils.verifyRedirectSignature(documentHolder, locator, session.getContext().getUri(), key); } diff --git a/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java b/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java index 518d487718..3b3a769220 100755 --- a/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java +++ b/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java @@ -61,8 +61,6 @@ public abstract class AuthorizationEndpointBase { protected EventBuilder event; protected AuthenticationManager authManager; - @Context - protected UriInfo uriInfo; @Context protected HttpHeaders headers; @Context @@ -87,7 +85,7 @@ public abstract class AuthorizationEndpointBase { .setEventBuilder(event) .setRealm(realm) .setSession(session) - .setUriInfo(uriInfo) + .setUriInfo(session.getContext().getUri()) .setRequest(httpRequest); authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath); @@ -136,7 +134,7 @@ public abstract class AuthorizationEndpointBase { return processor.finishAuthentication(protocol); } else { try { - RestartLoginCookie.setRestartCookie(session, realm, clientConnection, uriInfo, authSession); + RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession); if (redirectToAuthentication) { return processor.redirectToFlow(); } @@ -152,7 +150,7 @@ public abstract class AuthorizationEndpointBase { } protected void checkSsl() { - if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { + if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { event.error(Errors.SSL_REQUIRED); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED); } diff --git a/services/src/main/java/org/keycloak/protocol/docker/DockerEndpoint.java b/services/src/main/java/org/keycloak/protocol/docker/DockerEndpoint.java index 6ed777d4b2..ec86d78ac3 100644 --- a/services/src/main/java/org/keycloak/protocol/docker/DockerEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/docker/DockerEndpoint.java @@ -43,7 +43,7 @@ public class DockerEndpoint extends AuthorizationEndpointBase { public Response build() { ProfileHelper.requireFeature(Profile.Feature.DOCKER); - final MultivaluedMap params = uriInfo.getQueryParameters(); + final MultivaluedMap params = session.getContext().getUri().getQueryParameters(); account = params.getFirst(DockerAuthV2Protocol.ACCOUNT_PARAM); if (account == null) { @@ -72,7 +72,7 @@ public class DockerEndpoint extends AuthorizationEndpointBase { // So back button doesn't work CacheControlUtil.noBackButtonCacheControlHeader(); - return handleBrowserAuthenticationRequest(authenticationSession, new DockerAuthV2Protocol(session, realm, uriInfo, headers, event.event(login)), false, false); + return handleBrowserAuthenticationRequest(authenticationSession, new DockerAuthV2Protocol(session, realm, session.getContext().getUri(), headers, event.event(login)), false, false); } private void updateAuthenticationSession() { @@ -83,7 +83,7 @@ public class DockerEndpoint extends AuthorizationEndpointBase { authenticationSession.setClientNote(DockerAuthV2Protocol.ACCOUNT_PARAM, account); authenticationSession.setClientNote(DockerAuthV2Protocol.SERVICE_PARAM, service); authenticationSession.setClientNote(DockerAuthV2Protocol.SCOPE_PARAM, scope); - authenticationSession.setClientNote(DockerAuthV2Protocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + authenticationSession.setClientNote(DockerAuthV2Protocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); } diff --git a/services/src/main/java/org/keycloak/protocol/docker/DockerV2LoginProtocolService.java b/services/src/main/java/org/keycloak/protocol/docker/DockerV2LoginProtocolService.java index a0dad58129..8bbcb0ad98 100644 --- a/services/src/main/java/org/keycloak/protocol/docker/DockerV2LoginProtocolService.java +++ b/services/src/main/java/org/keycloak/protocol/docker/DockerV2LoginProtocolService.java @@ -22,9 +22,6 @@ public class DockerV2LoginProtocolService { private final TokenManager tokenManager; private final EventBuilder event; - @Context - private UriInfo uriInfo; - @Context private KeycloakSession session; diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java index c1952a55cc..8e2784f76b 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java @@ -66,9 +66,6 @@ public class OIDCLoginProtocolService { private TokenManager tokenManager; private EventBuilder event; - @Context - private UriInfo uriInfo; - @Context private KeycloakSession session; @@ -244,8 +241,8 @@ public class OIDCLoginProtocolService { @GET @Path("delegated") public Response kcinitBrowserLoginComplete(@QueryParam("error") boolean error) { - AuthenticationManager.expireIdentityCookie(realm, uriInfo, clientConnection); - AuthenticationManager.expireRememberMeCookie(realm, uriInfo, clientConnection); + AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection); + AuthenticationManager.expireRememberMeCookie(realm, session.getContext().getUri(), clientConnection); if (error) { LoginFormsProvider forms = session.getProvider(LoginFormsProvider.class); return forms diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java index c7fc511e98..4313b7b910 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java @@ -105,7 +105,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { @GET public Response buildGet() { logger.trace("Processing @GET request"); - return process(uriInfo.getQueryParameters()); + return process(session.getContext().getUri().getQueryParameters()); } private Response process(MultivaluedMap params) { @@ -358,7 +358,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { event.detail(Details.REDIRECT_URI, redirectUriParam); // redirect_uri parameter is required per OpenID Connect, but optional per OAuth2 - redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUriParam, realm, client, isOIDCRequest); + redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUriParam, realm, client, isOIDCRequest); if (redirectUri == null) { event.error(Errors.INVALID_REDIRECT_URI); throw new ErrorPageException(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM); @@ -372,7 +372,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name()); authenticationSession.setClientNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, request.getResponseType()); authenticationSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, request.getRedirectUriParam()); - authenticationSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + authenticationSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); if (request.getState() != null) authenticationSession.setClientNote(OIDCLoginProtocol.STATE_PARAM, request.getState()); if (request.getNonce() != null) authenticationSession.setClientNote(OIDCLoginProtocol.NONCE_PARAM, request.getNonce()); @@ -406,11 +406,11 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { this.event.event(EventType.LOGIN); authenticationSession.setAuthNote(Details.AUTH_TYPE, CODE_AUTH_TYPE); - return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, uriInfo, headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false); + return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, session.getContext().getUri(), headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false); } private Response buildRegister() { - authManager.expireIdentityCookie(realm, uriInfo, clientConnection); + authManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection); AuthenticationFlowModel flow = realm.getRegistrationFlow(); String flowId = flow.getId(); @@ -422,7 +422,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { } private Response buildForgotCredential() { - authManager.expireIdentityCookie(realm, uriInfo, clientConnection); + authManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection); AuthenticationFlowModel flow = realm.getResetCredentialsFlow(); String flowId = flow.getId(); diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java index 643eaebb53..9dbb54f430 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java @@ -48,7 +48,6 @@ import org.keycloak.util.TokenUtil; import javax.ws.rs.Consumes; import javax.ws.rs.GET; -import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; @@ -57,7 +56,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; /** * @author Stian Thorgersen @@ -77,9 +75,6 @@ public class LogoutEndpoint { @Context private HttpHeaders headers; - @Context - private UriInfo uriInfo; - private TokenManager tokenManager; private RealmModel realm; private EventBuilder event; @@ -105,7 +100,7 @@ public class LogoutEndpoint { String redirect = postLogoutRedirectUri != null ? postLogoutRedirectUri : redirectUri; if (redirect != null) { - String validatedUri = RedirectUtils.verifyRealmRedirectUri(uriInfo, redirect, realm); + String validatedUri = RedirectUtils.verifyRealmRedirectUri(session.getContext().getUri(), redirect, realm); if (validatedUri == null) { event.event(EventType.LOGOUT); event.detail(Details.REDIRECT_URI, redirect); @@ -135,12 +130,12 @@ public class LogoutEndpoint { if (state != null) userSession.setNote(OIDCLoginProtocol.LOGOUT_STATE_PARAM, state); userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, OIDCLoginProtocol.LOGIN_PROTOCOL); logger.debug("Initiating OIDC browser logout"); - Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers); + Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers); logger.debug("finishing OIDC browser logout"); return response; } else if (userSession != null) { // non browser logout event.event(EventType.LOGOUT); - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true); event.user(userSession.getUser()).session(userSession).success(); } @@ -211,11 +206,11 @@ public class LogoutEndpoint { } } - return Cors.add(request, Response.noContent()).auth().allowedOrigins(uriInfo, client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build(); + return Cors.add(request, Response.noContent()).auth().allowedOrigins(session.getContext().getUri(), client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build(); } private void logout(UserSessionModel userSession, boolean offline) { - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true, offline); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true, offline); event.user(userSession.getUser()).session(userSession).success(); } @@ -230,7 +225,7 @@ public class LogoutEndpoint { } private void checkSsl() { - if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { + if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN); } } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index 9054ce0769..762dc558fe 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -99,7 +99,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; -import javax.ws.rs.core.UriInfo; import java.util.List; import java.util.Map; @@ -138,9 +137,6 @@ public class TokenEndpoint { @Context private HttpHeaders headers; - @Context - private UriInfo uriInfo; - @Context private ClientConnection clientConnection; @@ -211,7 +207,7 @@ public class TokenEndpoint { } private void checkSsl() { - if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { + if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new CorsErrorResponseException(cors.allowAllOrigins(), OAuthErrorException.INVALID_REQUEST, "HTTPS required", Response.Status.FORBIDDEN); } } @@ -227,7 +223,7 @@ public class TokenEndpoint { client = clientAuth.getClient(); clientAuthAttributes = clientAuth.getClientAuthAttributes(); - cors.allowedOrigins(uriInfo, client); + cors.allowedOrigins(session.getContext().getUri(), client); if (client.isBearerOnly()) { throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_CLIENT, "Bearer-only not allowed", Response.Status.BAD_REQUEST); @@ -452,7 +448,7 @@ public class TokenEndpoint { AccessTokenResponse res; try { // KEYCLOAK-6771 Certificate Bound Token - TokenManager.RefreshResult result = tokenManager.refreshAccessToken(session, uriInfo, clientConnection, realm, client, refreshToken, event, headers, request); + TokenManager.RefreshResult result = tokenManager.refreshAccessToken(session, session.getContext().getUri(), clientConnection, realm, client, refreshToken, event, headers, request); res = result.getResponse(); if (!result.isOfflineToken()) { @@ -530,7 +526,7 @@ public class TokenEndpoint { authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); authSession.setAction(AuthenticatedClientSessionModel.Action.AUTHENTICATE.name()); - authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope); AuthenticationFlowModel flow = AuthenticationFlowResolver.resolveDirectGrantFlow(authSession); @@ -542,7 +538,7 @@ public class TokenEndpoint { .setEventBuilder(event) .setRealm(realm) .setSession(session) - .setUriInfo(uriInfo) + .setUriInfo(session.getContext().getUri()) .setRequest(request); Response challenge = processor.authenticateOnly(); if (challenge != null) { @@ -619,7 +615,7 @@ public class TokenEndpoint { authSession.setAuthenticatedUser(clientUser); authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); - authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope); UserSessionModel userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, clientUser, clientUsername, @@ -665,7 +661,7 @@ public class TokenEndpoint { String subjectToken = formParams.getFirst(OAuth2Constants.SUBJECT_TOKEN); if (subjectToken != null) { String subjectTokenType = formParams.getFirst(OAuth2Constants.SUBJECT_TOKEN_TYPE); - String realmIssuerUrl = Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()); + String realmIssuerUrl = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()); String subjectIssuer = formParams.getFirst(OAuth2Constants.SUBJECT_ISSUER); if (subjectIssuer == null && OAuth2Constants.JWT_TOKEN_TYPE.equals(subjectTokenType)) { @@ -694,7 +690,7 @@ public class TokenEndpoint { } - AuthenticationManager.AuthResult authResult = AuthenticationManager.verifyIdentityToken(session, realm, uriInfo, clientConnection, true, true, false, subjectToken, headers); + AuthenticationManager.AuthResult authResult = AuthenticationManager.verifyIdentityToken(session, realm, session.getContext().getUri(), clientConnection, true, true, false, subjectToken, headers); if (authResult == null) { event.detail(Details.REASON, "subject_token validation failure"); event.error(Errors.INVALID_TOKEN); @@ -791,7 +787,7 @@ public class TokenEndpoint { event.error(Errors.NOT_ALLOWED); throw new CorsErrorResponseException(cors, OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN); } - Response response = ((ExchangeTokenToIdentityProviderToken)provider).exchangeFromToken(uriInfo, event, client, targetUserSession, targetUser, formParams); + Response response = ((ExchangeTokenToIdentityProviderToken)provider).exchangeFromToken(session.getContext().getUri(), event, client, targetUserSession, targetUser, formParams); return cors.builder(Response.fromResponse(response)).build(); } @@ -838,7 +834,7 @@ public class TokenEndpoint { authSession.setAuthenticatedUser(targetUser); authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); - authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope); event.session(targetUserSession); @@ -1044,7 +1040,7 @@ public class TokenEndpoint { session.getContext().setClient(client); - cors.allowedOrigins(uriInfo, client); + cors.allowedOrigins(session.getContext().getUri(), client); } String claimToken = null; diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenIntrospectionEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenIntrospectionEndpoint.java index f6c59c85d5..80d8ccdb13 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenIntrospectionEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenIntrospectionEndpoint.java @@ -56,9 +56,6 @@ public class TokenIntrospectionEndpoint { @Context private HttpHeaders headers; - @Context - private UriInfo uriInfo; - @Context private ClientConnection clientConnection; @@ -130,7 +127,7 @@ public class TokenIntrospectionEndpoint { } private void checkSsl() { - if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { + if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new ErrorResponseException("invalid_request", "HTTPS required", Status.FORBIDDEN); } } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java index df4c68552c..d681b3bfd9 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java @@ -45,8 +45,8 @@ import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.UserSessionCrossDCManager; import org.keycloak.services.resources.Cors; -import org.keycloak.services.util.MtlsHoKTokenUtil; import org.keycloak.services.util.DefaultClientSessionContext; +import org.keycloak.services.util.MtlsHoKTokenUtil; import org.keycloak.utils.MediaType; import javax.ws.rs.GET; @@ -56,11 +56,9 @@ import javax.ws.rs.Path; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.security.PrivateKey; import java.util.HashMap; import java.util.Map; -import java.util.Set; /** * @author pedroigor @@ -73,9 +71,6 @@ public class UserInfoEndpoint { @Context private HttpResponse response; - @Context - private UriInfo uriInfo; - @Context private KeycloakSession session; @@ -135,7 +130,7 @@ public class UserInfoEndpoint { AccessToken token = null; try { RSATokenVerifier verifier = RSATokenVerifier.create(tokenString) - .realmUrl(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + .realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); String kid = verifier.getHeader().getKeyId(); verifier.publicKey(session.keys().getRsaPublicKey(realm, kid)); token = verifier.verify().getToken(); @@ -194,7 +189,7 @@ public class UserInfoEndpoint { OIDCAdvancedConfigWrapper cfg = OIDCAdvancedConfigWrapper.fromClientModel(clientModel); if (cfg.isUserInfoSignatureRequired()) { - String issuerUrl = Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()); + String issuerUrl = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()); String audience = clientModel.getClientId(); claims.put("iss", issuerUrl); claims.put("aud", audience); diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java index b98727c52c..d3da17676a 100755 --- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java +++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java @@ -147,7 +147,7 @@ public class SamlService extends AuthorizationEndpointBase { StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject(); // validate destination - if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) { + if (statusResponse.getDestination() != null && !session.getContext().getUri().getAbsolutePath().toString().equals(statusResponse.getDestination())) { event.detail(Details.REASON, "invalid_destination"); event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE); return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST); @@ -179,7 +179,7 @@ public class SamlService extends AuthorizationEndpointBase { } session.getContext().setClient(client); logger.debug("logout response"); - Response response = authManager.browserLogout(session, realm, userSession, uriInfo, clientConnection, headers); + Response response = authManager.browserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers); event.success(); return response; } @@ -283,7 +283,7 @@ public class SamlService extends AuthorizationEndpointBase { String redirect; URI redirectUri = requestAbstractType.getAssertionConsumerServiceURL(); if (redirectUri != null && ! "null".equals(redirectUri.toString())) { // "null" is for testing purposes - redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client); + redirect = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri.toString(), realm, client); } else { if (bindingType.equals(SamlProtocol.SAML_POST_BINDING)) { redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE); @@ -386,12 +386,12 @@ public class SamlService extends AuthorizationEndpointBase { AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false); if (authResult != null) { String logoutBinding = getBindingType(); - String postBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, SamlProtocol.SAML_POST_BINDING); + String postBindingUri = SamlProtocol.getLogoutServiceUrl(session.getContext().getUri(), client, SamlProtocol.SAML_POST_BINDING); if (samlClient.forcePostBinding() && postBindingUri != null && ! postBindingUri.trim().isEmpty()) logoutBinding = SamlProtocol.SAML_POST_BINDING; boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding); - String bindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, logoutBinding); + String bindingUri = SamlProtocol.getLogoutServiceUrl(session.getContext().getUri(), client, logoutBinding); UserSessionModel userSession = authResult.getSession(); userSession.setNote(SamlProtocol.SAML_LOGOUT_BINDING_URI, bindingUri); if (samlClient.requiresRealmSignature()) { @@ -412,7 +412,7 @@ public class SamlService extends AuthorizationEndpointBase { clientSession.setAction(AuthenticationSessionModel.Action.LOGGED_OUT.name()); } logger.debug("browser Logout"); - return authManager.browserLogout(session, realm, userSession, uriInfo, clientConnection, headers); + return authManager.browserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers); } else if (logoutRequest.getSessionIndex() != null) { for (String sessionIndex : logoutRequest.getSessionIndex()) { @@ -426,7 +426,7 @@ public class SamlService extends AuthorizationEndpointBase { } try { - authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); + authManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true); } catch (Exception e) { logger.warn("Failure with backchannel logout", e); } @@ -438,12 +438,12 @@ public class SamlService extends AuthorizationEndpointBase { // default String logoutBinding = getBindingType(); - String logoutBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, logoutBinding); + String logoutBindingUri = SamlProtocol.getLogoutServiceUrl(session.getContext().getUri(), client, logoutBinding); String logoutRelayState = relayState; SAML2LogoutResponseBuilder builder = new SAML2LogoutResponseBuilder(); builder.logoutRequestID(logoutRequest.getID()); builder.destination(logoutBindingUri); - builder.issuer(RealmsResource.realmBaseUrl(uriInfo).build(realm.getName()).toString()); + builder.issuer(RealmsResource.realmBaseUrl(session.getContext().getUri()).build(realm.getName()).toString()); JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder().relayState(logoutRelayState); boolean postBinding = SamlProtocol.SAML_POST_BINDING.equals(logoutBinding); if (samlClient.requiresRealmSignature()) { @@ -466,7 +466,7 @@ public class SamlService extends AuthorizationEndpointBase { } private boolean checkSsl() { - if (uriInfo.getBaseUri().getScheme().equals("https")) { + if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) { return true; } else { return !realm.getSslRequired().isRequired(clientConnection); @@ -518,7 +518,7 @@ public class SamlService extends AuthorizationEndpointBase { } PublicKey publicKey = SamlProtocolUtils.getSignatureValidationKey(client); KeyLocator clientKeyLocator = new HardcodedKeyLocator(publicKey); - SamlProtocolUtils.verifyRedirectSignature(documentHolder, clientKeyLocator, uriInfo, GeneralConstants.SAML_REQUEST_KEY); + SamlProtocolUtils.verifyRedirectSignature(documentHolder, clientKeyLocator, session.getContext().getUri(), GeneralConstants.SAML_REQUEST_KEY); } @Override @@ -539,7 +539,7 @@ public class SamlService extends AuthorizationEndpointBase { } protected Response newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication) { - SamlProtocol samlProtocol = new SamlProtocol().setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(uriInfo); + SamlProtocol samlProtocol = new SamlProtocol().setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri()); return newBrowserAuthentication(authSession, isPassive, redirectToAuthentication, samlProtocol); } @@ -576,7 +576,7 @@ public class SamlService extends AuthorizationEndpointBase { @Produces(MediaType.APPLICATION_XML) @NoCache public String getDescriptor() throws Exception { - return getIDPMetadataDescriptor(uriInfo, session, realm); + return getIDPMetadataDescriptor(session.getContext().getUri(), session, realm); } @@ -708,7 +708,7 @@ public class SamlService extends AuthorizationEndpointBase { return true; // destination is optional } - URI expected = uriInfo.getAbsolutePath(); + URI expected = session.getContext().getUri().getAbsolutePath(); if (Objects.equals(expected, destination)) { return true; @@ -716,12 +716,12 @@ public class SamlService extends AuthorizationEndpointBase { Integer portByScheme = knownPorts.get(expected.getScheme()); if (expected.getPort() < 0 && portByScheme != null) { - return Objects.equals(uriInfo.getRequestUriBuilder().port(portByScheme).build(), destination); + return Objects.equals(session.getContext().getUri().getRequestUriBuilder().port(portByScheme).build(), destination); } String protocolByPort = knownProtocols.get(expected.getPort()); if (expected.getPort() >= 0 && Objects.equals(protocolByPort, expected.getScheme())) { - return Objects.equals(uriInfo.getRequestUriBuilder().port(-1).build(), destination); + return Objects.equals(session.getContext().getUri().getRequestUriBuilder().port(-1).build(), destination); } return false; diff --git a/services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java b/services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java index 56b804b2d6..3a1ae98f1b 100755 --- a/services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java +++ b/services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java @@ -70,7 +70,7 @@ public class SamlEcpProfileService extends SamlService { protected Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client) { // force passive authentication when executing this profile requestAbstractType.setIsPassive(true); - requestAbstractType.setDestination(uriInfo.getAbsolutePath()); + requestAbstractType.setDestination(session.getContext().getUri().getAbsolutePath()); return super.loginRequest(relayState, requestAbstractType, client); } }.execute(Soap.toSamlHttpPostMessage(inputStream), null, null); @@ -143,7 +143,7 @@ public class SamlEcpProfileService extends SamlService { protected Response buildLogoutResponse(UserSessionModel userSession, String logoutBindingUri, SAML2LogoutResponseBuilder builder, JaxrsSAML2BindingBuilder binding) throws ConfigurationException, ProcessingException, IOException { return Soap.createFault().reason("Logout not supported.").build(); } - }.setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(uriInfo); + }.setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri()); } @Override diff --git a/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java b/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java index 80ecdbd8df..68c9786b6f 100644 --- a/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java +++ b/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java @@ -8,14 +8,12 @@ import org.keycloak.Config; import org.keycloak.forms.login.freemarker.model.UrlBean; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakTransaction; -import org.keycloak.models.KeycloakTransactionManager; import org.keycloak.models.RealmModel; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.messages.Messages; import org.keycloak.services.util.LocaleHelper; import org.keycloak.theme.FreeMarkerUtil; import org.keycloak.theme.Theme; -import org.keycloak.theme.ThemeProvider; import org.keycloak.theme.beans.LocaleBean; import org.keycloak.theme.beans.MessageBean; import org.keycloak.theme.beans.MessageFormatterMethod; @@ -27,11 +25,13 @@ import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.ExceptionMapper; import javax.ws.rs.ext.Provider; import java.io.IOException; -import java.util.*; +import java.util.HashMap; +import java.util.Locale; +import java.util.Map; +import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -42,9 +42,6 @@ public class KeycloakErrorHandler implements ExceptionMapper { private static final Pattern realmNamePattern = Pattern.compile(".*/realms/([^/]+).*"); - @Context - private UriInfo uriInfo; - @Context private KeycloakSession session; @@ -103,7 +100,7 @@ public class KeycloakErrorHandler implements ExceptionMapper { } private RealmModel resolveRealm() { - String path = uriInfo.getPath(); + String path = session.getContext().getUri().getPath(); Matcher m = realmNamePattern.matcher(path); String realmName; if(m.matches()) { @@ -130,8 +127,8 @@ public class KeycloakErrorHandler implements ExceptionMapper { attributes.put("statusCode", statusCode); attributes.put("realm", realm); - attributes.put("url", new UrlBean(realm, theme, uriInfo.getBaseUri(), null)); - attributes.put("locale", new LocaleBean(realm, locale, uriInfo.getBaseUriBuilder(), messagesBundle)); + attributes.put("url", new UrlBean(realm, theme, session.getContext().getUri().getBaseUri(), null)); + attributes.put("locale", new LocaleBean(realm, locale, session.getContext().getUri().getBaseUriBuilder(), messagesBundle)); String errorKey = statusCode == 404 ? Messages.PAGE_NOT_FOUND : Messages.INTERNAL_SERVER_ERROR; diff --git a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java index 0f3a80ba04..b1918a72b8 100755 --- a/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java +++ b/services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java @@ -23,28 +23,22 @@ import org.keycloak.AbstractOAuthClient; import org.keycloak.OAuth2Constants; import org.keycloak.OAuthErrorException; import org.keycloak.common.ClientConnection; -import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.forms.login.LoginFormsProvider; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.Auth; -import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.messages.Messages; -import org.keycloak.services.util.CookieHelper; import org.keycloak.util.TokenUtil; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; -import javax.ws.rs.core.Cookie; import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; @@ -64,8 +58,6 @@ public abstract class AbstractSecuredLocalService { protected final ClientModel client; protected RealmModel realm; - @Context - protected UriInfo uriInfo; @Context protected HttpHeaders headers; @Context @@ -139,7 +131,7 @@ public abstract class AbstractSecuredLocalService { protected Response login(String path) { OAuthRedirect oauth = new OAuthRedirect(); - String authUrl = OIDCLoginProtocolService.authUrl(uriInfo).build(realm.getName()).toString(); + String authUrl = OIDCLoginProtocolService.authUrl(session.getContext().getUri()).build(realm.getName()).toString(); oauth.setAuthUrl(authUrl); oauth.setClientId(client.getClientId()); @@ -152,12 +144,12 @@ public abstract class AbstractSecuredLocalService { uriBuilder.queryParam("path", path); } - String referrer = uriInfo.getQueryParameters().getFirst("referrer"); + String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer"); if (referrer != null) { uriBuilder.queryParam("referrer", referrer); } - String referrerUri = uriInfo.getQueryParameters().getFirst("referrer_uri"); + String referrerUri = session.getContext().getUri().getQueryParameters().getFirst("referrer_uri"); if (referrerUri != null) { uriBuilder.queryParam("referrer_uri", referrerUri); } @@ -165,7 +157,7 @@ public abstract class AbstractSecuredLocalService { URI accountUri = uriBuilder.build(realm.getName()); oauth.setStateCookiePath(accountUri.getRawPath()); - return oauth.redirect(uriInfo, accountUri.toString()); + return oauth.redirect(session.getContext().getUri(), accountUri.toString()); } static class OAuthRedirect extends AbstractOAuthClient { diff --git a/services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java b/services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java index 5170bc2ced..636cb52e7b 100755 --- a/services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java +++ b/services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java @@ -45,7 +45,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.Providers; /** @@ -65,9 +64,6 @@ public class ClientsManagementService { @Context protected HttpHeaders headers; - @Context - private UriInfo uriInfo; - @Context private ClientConnection clientConnection; @@ -193,7 +189,7 @@ public class ClientsManagementService { private boolean checkSsl() { - if (uriInfo.getBaseUri().getScheme().equals("https")) { + if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) { return true; } else { return !realm.getSslRequired().isRequired(clientConnection); diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java index 0b61c2194c..6c7ea3fae4 100755 --- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java +++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java @@ -85,6 +85,17 @@ import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.sessions.RootAuthenticationSessionModel; import org.keycloak.util.JsonSerialization; +import javax.ws.rs.GET; +import javax.ws.rs.OPTIONS; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriBuilder; import java.io.IOException; import java.net.URI; import java.nio.charset.StandardCharsets; @@ -99,19 +110,6 @@ import java.util.Optional; import java.util.Set; import java.util.UUID; -import javax.ws.rs.GET; -import javax.ws.rs.OPTIONS; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; - /** *

* @@ -126,9 +124,6 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal private final RealmModel realmModel; - @Context - private UriInfo uriInfo; - @Context private KeycloakSession session; @@ -209,7 +204,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal this.event.event(EventType.CLIENT_INITIATED_ACCOUNT_LINKING); checkRealm(); ClientModel client = checkClient(clientId); - redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri, realmModel, client); + redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri, realmModel, client); if (redirectUri == null) { event.error(Errors.INVALID_REDIRECT_URI); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST); @@ -432,7 +427,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal try { AppAuthManager authManager = new AppAuthManager(); - AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(this.session, this.realmModel, this.uriInfo, this.clientConnection, this.request.getHttpHeaders()); + AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(this.session, this.realmModel, this.session.getContext().getUri(), this.clientConnection, this.request.getHttpHeaders()); if (authResult != null) { AccessToken token = authResult.getToken(); @@ -557,7 +552,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal SerializedBrokeredIdentityContext ctx = SerializedBrokeredIdentityContext.serialize(context); ctx.saveToAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE); - URI redirect = LoginActionsService.firstBrokerLoginProcessor(uriInfo) + URI redirect = LoginActionsService.firstBrokerLoginProcessor(session.getContext().getUri()) .queryParam(Constants.CLIENT_ID, authenticationSession.getClient().getClientId()) .queryParam(Constants.TAB_ID, authenticationSession.getTabId()) .build(realmModel.getName()); @@ -713,7 +708,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal authSession.setAuthNote(PostBrokerLoginConstants.PBL_AFTER_FIRST_BROKER_LOGIN, String.valueOf(wasFirstBrokerLogin)); - URI redirect = LoginActionsService.postBrokerLoginProcessor(uriInfo) + URI redirect = LoginActionsService.postBrokerLoginProcessor(session.getContext().getUri()) .queryParam(Constants.CLIENT_ID, authSession.getClient().getClientId()) .queryParam(Constants.TAB_ID, authSession.getTabId()) .build(realmModel.getName()); @@ -809,12 +804,12 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal AuthenticationManager.setClientScopesInSession(authSession); - String nextRequiredAction = AuthenticationManager.nextRequiredAction(session, authSession, clientConnection, request, uriInfo, event); + String nextRequiredAction = AuthenticationManager.nextRequiredAction(session, authSession, clientConnection, request, session.getContext().getUri(), event); if (nextRequiredAction != null) { - return AuthenticationManager.redirectToRequiredActions(session, realmModel, authSession, uriInfo, nextRequiredAction); + return AuthenticationManager.redirectToRequiredActions(session, realmModel, authSession, session.getContext().getUri(), nextRequiredAction); } else { event.detail(Details.CODE_ID, authSession.getParentSession().getId()); // todo This should be set elsewhere. find out why tests fail. Don't know where this is supposed to be set - return AuthenticationManager.finishedRequiredActions(session, authSession, null, clientConnection, request, uriInfo, event); + return AuthenticationManager.finishedRequiredActions(session, authSession, null, clientConnection, request, session.getContext().getUri(), event); } } @@ -992,7 +987,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal return ParsedCodeContext.response(staleCodeError); } - SessionCodeChecks checks = new SessionCodeChecks(realmModel, uriInfo, request, clientConnection, session, event, null, code, null, clientId, tabId, LoginActionsService.AUTHENTICATE_PATH); + SessionCodeChecks checks = new SessionCodeChecks(realmModel, session.getContext().getUri(), request, clientConnection, session, event, null, code, null, clientId, tabId, LoginActionsService.AUTHENTICATE_PATH); checks.initialVerify(); if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) { @@ -1075,11 +1070,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal encodedState = IdentityBrokerState.decoded(relayState, authSession.getClient().getClientId(), authSession.getTabId()); } - return new AuthenticationRequest(this.session, this.realmModel, authSession, this.request, this.uriInfo, encodedState, getRedirectUri(providerId)); + return new AuthenticationRequest(this.session, this.realmModel, authSession, this.request, this.session.getContext().getUri(), encodedState, getRedirectUri(providerId)); } private String getRedirectUri(String providerId) { - return Urls.identityProviderAuthnResponse(this.uriInfo.getBaseUri(), providerId, this.realmModel.getName()).toString(); + return Urls.identityProviderAuthnResponse(this.session.getContext().getUri().getBaseUri(), providerId, this.realmModel.getName()).toString(); } private Response redirectToErrorPage(AuthenticationSessionModel authSession, Response.Status status, String message, Object ... parameters) { @@ -1134,7 +1129,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal .setEventBuilder(event) .setRealm(realmModel) .setSession(session) - .setUriInfo(uriInfo) + .setUriInfo(session.getContext().getUri()) .setRequest(request); if (errorMessage != null) processor.setForwardedErrorMessage(new FormMessage(null, errorMessage)); @@ -1196,7 +1191,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal } private Response corsResponse(Response response, ClientModel clientModel) { - return Cors.add(this.request, Response.fromResponse(response)).auth().allowedOrigins(uriInfo, clientModel).build(); + return Cors.add(this.request, Response.fromResponse(response)).auth().allowedOrigins(session.getContext().getUri(), clientModel).build(); } private void fireErrorEvent(String message, Throwable throwable) { diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java index ccaadb5839..9723eb3b1d 100755 --- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java @@ -16,13 +16,21 @@ */ package org.keycloak.services.resources; -import org.keycloak.authentication.*; -import org.keycloak.authentication.actiontoken.DefaultActionTokenKey; import org.jboss.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.OAuth2Constants; import org.keycloak.TokenVerifier; -import org.keycloak.authentication.actiontoken.*; +import org.keycloak.authentication.AuthenticationFlowException; +import org.keycloak.authentication.AuthenticationProcessor; +import org.keycloak.authentication.ExplainedVerificationException; +import org.keycloak.authentication.RequiredActionContext; +import org.keycloak.authentication.RequiredActionContextResult; +import org.keycloak.authentication.RequiredActionFactory; +import org.keycloak.authentication.RequiredActionProvider; +import org.keycloak.authentication.actiontoken.ActionTokenContext; +import org.keycloak.authentication.actiontoken.ActionTokenHandler; +import org.keycloak.authentication.actiontoken.DefaultActionTokenKey; +import org.keycloak.authentication.actiontoken.ExplainedTokenVerificationException; import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler; import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator; import org.keycloak.authentication.authenticators.broker.util.PostBrokerLoginConstants; @@ -39,15 +47,12 @@ import org.keycloak.events.EventType; import org.keycloak.exceptions.TokenNotActiveException; import org.keycloak.models.ActionTokenKeyModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatedClientSessionModel; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientScopeModel; import org.keycloak.models.ClientSessionContext; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.ProtocolMapperModel; import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; import org.keycloak.models.UserConsentModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.AuthenticationFlowResolver; @@ -68,9 +73,9 @@ import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationSessionManager; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.messages.Messages; -import org.keycloak.services.util.CacheControlUtil; import org.keycloak.services.util.AuthenticationFlowURLHelper; import org.keycloak.services.util.BrowserHistoryHelper; +import org.keycloak.services.util.CacheControlUtil; import org.keycloak.sessions.AuthenticationSessionCompoundId; import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.sessions.RootAuthenticationSessionModel; @@ -87,12 +92,12 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriBuilderException; import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.Providers; import java.net.URI; import java.util.Map; -import javax.ws.rs.core.*; import static org.keycloak.authentication.actiontoken.DefaultActionToken.ACTION_TOKEN_BASIC_CHECKS; /** @@ -124,9 +129,6 @@ public class LoginActionsService { @Context protected HttpHeaders headers; - @Context - private UriInfo uriInfo; - @Context private ClientConnection clientConnection; @@ -178,7 +180,7 @@ public class LoginActionsService { } private boolean checkSsl() { - if (uriInfo.getBaseUri().getScheme().equals("https")) { + if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) { return true; } else { return !realm.getSslRequired().isRequired(clientConnection); @@ -186,14 +188,14 @@ public class LoginActionsService { } private SessionCodeChecks checksForCode(String authSessionId, String code, String execution, String clientId, String tabId, String flowPath) { - SessionCodeChecks res = new SessionCodeChecks(realm, uriInfo, request, clientConnection, session, event, authSessionId, code, execution, clientId, tabId, flowPath); + SessionCodeChecks res = new SessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, authSessionId, code, execution, clientId, tabId, flowPath); res.initialVerify(); return res; } protected URI getLastExecutionUrl(String flowPath, String executionId, String clientId, String tabId) { - return new AuthenticationFlowURLHelper(session, realm, uriInfo) + return new AuthenticationFlowURLHelper(session, realm, session.getContext().getUri()) .getLastExecutionUrl(flowPath, executionId, clientId, tabId); } @@ -209,7 +211,7 @@ public class LoginActionsService { @QueryParam(Constants.CLIENT_ID) String clientId, @QueryParam(Constants.TAB_ID) String tabId) { event.event(EventType.RESTART_AUTHENTICATION); - SessionCodeChecks checks = new SessionCodeChecks(realm, uriInfo, request, clientConnection, session, event, authSessionId, null, null, clientId, tabId, null); + SessionCodeChecks checks = new SessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, authSessionId, null, null, clientId, tabId, null); AuthenticationSessionModel authSession = checks.initialVerifyAuthSession(); if (authSession == null) { @@ -268,7 +270,7 @@ public class LoginActionsService { .setEventBuilder(event) .setRealm(realm) .setSession(session) - .setUriInfo(uriInfo) + .setUriInfo(session.getContext().getUri()) .setRequest(request); if (errorMessage != null) { processor.setForwardedErrorMessage(new FormMessage(null, errorMessage)); @@ -380,11 +382,11 @@ public class LoginActionsService { authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name()); //authSession.setNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true"); authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); - String redirectUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString(); + String redirectUri = Urls.accountBase(session.getContext().getUri().getBaseUri()).path("/").build(realm.getName()).toString(); authSession.setRedirectUri(redirectUri); authSession.setClientNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE); authSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri); - authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); + authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); return authSession; } @@ -479,7 +481,7 @@ public class LoginActionsService { .withChecks( // Token introspection checks TokenVerifier.IS_ACTIVE, - new TokenVerifier.RealmUrlCheck(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())), + new TokenVerifier.RealmUrlCheck(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())), ACTION_TOKEN_BASIC_CHECKS ) @@ -510,7 +512,7 @@ public class LoginActionsService { } // Now proceed with the verification and handle the token - tokenContext = new ActionTokenContext(session, realm, uriInfo, clientConnection, request, event, handler, execution, this::processFlow, this::brokerLoginFlow); + tokenContext = new ActionTokenContext(session, realm, session.getContext().getUri(), clientConnection, request, event, handler, execution, this::processFlow, this::brokerLoginFlow); try { String tokenAuthSessionCompoundId = handler.getAuthenticationSessionIdFromToken(token, tokenContext, authSession); @@ -667,7 +669,7 @@ public class LoginActionsService { AuthenticationSessionModel authSession = checks.getAuthenticationSession(); - AuthenticationManager.expireIdentityCookie(realm, uriInfo, clientConnection); + AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection); return processRegistration(checks.isActionRequest(), execution, authSession, null); } @@ -771,7 +773,7 @@ public class LoginActionsService { } private Response redirectToAfterBrokerLoginEndpoint(AuthenticationSessionModel authSession, boolean firstBrokerLogin) { - return redirectToAfterBrokerLoginEndpoint(session, realm, uriInfo, authSession, firstBrokerLogin); + return redirectToAfterBrokerLoginEndpoint(session, realm, session.getContext().getUri(), authSession, firstBrokerLogin); } public static Response redirectToAfterBrokerLoginEndpoint(KeycloakSession session, RealmModel realm, UriInfo uriInfo, AuthenticationSessionModel authSession, boolean firstBrokerLogin) { @@ -800,8 +802,8 @@ public class LoginActionsService { public Response processConsent(final MultivaluedMap formData) { event.event(EventType.LOGIN); String code = formData.getFirst(SESSION_CODE); - String clientId = uriInfo.getQueryParameters().getFirst(Constants.CLIENT_ID); - String tabId = uriInfo.getQueryParameters().getFirst(Constants.TAB_ID); + String clientId = session.getContext().getUri().getQueryParameters().getFirst(Constants.CLIENT_ID); + String tabId = session.getContext().getUri().getQueryParameters().getFirst(Constants.TAB_ID); SessionCodeChecks checks = checksForCode(null, code, null, clientId, tabId, REQUIRED_ACTION); if (!checks.verifyRequiredAction(AuthenticationSessionModel.Action.OAUTH_GRANT.name())) { return checks.getResponse(); @@ -819,7 +821,7 @@ public class LoginActionsService { LoginProtocol protocol = session.getProvider(LoginProtocol.class, authSession.getProtocol()); protocol.setRealm(realm) .setHttpHeaders(headers) - .setUriInfo(uriInfo) + .setUriInfo(session.getContext().getUri()) .setEventBuilder(event); Response response = protocol.sendError(authSession, Error.CONSENT_DENIED); event.error(Errors.REJECTED_BY_USER); @@ -847,7 +849,7 @@ public class LoginActionsService { event.success(); ClientSessionContext clientSessionCtx = AuthenticationProcessor.attachSession(authSession, null, session, realm, clientConnection, event); - return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, clientSessionCtx.getClientSession().getUserSession(), clientSessionCtx, request, uriInfo, clientConnection, event, authSession.getProtocol()); + return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, clientSessionCtx.getClientSession().getUserSession(), clientSessionCtx, request, session.getContext().getUri(), clientConnection, event, authSession.getProtocol()); } private void initLoginEvent(AuthenticationSessionModel authSession) { @@ -922,7 +924,7 @@ public class LoginActionsService { if (!checks.isActionRequest()) { initLoginEvent(authSession); event.event(EventType.CUSTOM_REQUIRED_ACTION); - return AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, uriInfo, event); + return AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, session.getContext().getUri(), event); } initLoginEvent(authSession); @@ -967,7 +969,7 @@ public class LoginActionsService { authSession.getAuthenticatedUser().removeRequiredAction(factory.getId()); authSession.removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION); - response = AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, uriInfo, event); + response = AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, session.getContext().getUri(), event); } else if (context.getStatus() == RequiredActionContext.Status.CHALLENGE) { response = context.getChallenge(); } else if (context.getStatus() == RequiredActionContext.Status.FAILURE) { diff --git a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java index 0bacdbb23b..baf768e864 100755 --- a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java +++ b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java @@ -26,7 +26,6 @@ import org.keycloak.models.RealmModel; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.representations.idm.PublishedRealmRepresentation; import org.keycloak.services.resources.account.AccountFormService; -import org.keycloak.services.resources.admin.AdminRoot; import javax.ws.rs.GET; import javax.ws.rs.OPTIONS; @@ -46,9 +45,6 @@ import javax.ws.rs.core.UriInfo; public class PublicRealmResource { protected static final Logger logger = Logger.getLogger(PublicRealmResource.class); - @Context - protected UriInfo uriInfo; - @Context protected HttpRequest request; @@ -85,7 +81,7 @@ public class PublicRealmResource { @Produces(MediaType.APPLICATION_JSON) public PublishedRealmRepresentation getRealm() { Cors.add(request).allowedOrigins(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD).auth().build(response); - return realmRep(session, realm, uriInfo); + return realmRep(session, realm, session.getContext().getUri()); } public static PublishedRealmRepresentation realmRep(KeycloakSession session, RealmModel realm, UriInfo uriInfo) { diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index 84ea21f396..7a95bb85c3 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -71,9 +71,6 @@ public class RealmsResource { @Context private HttpRequest request; - @Context - private UriInfo uriInfo; - public static UriBuilder realmBaseUrl(UriInfo uriInfo) { UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder(); return realmBaseUrl(baseUriBuilder); @@ -163,7 +160,7 @@ public class RealmsResource { if (client.getRootUrl() != null && (client.getBaseUrl() == null || client.getBaseUrl().isEmpty())) { targetUri = KeycloakUriBuilder.fromUri(client.getRootUrl()).build(); } else { - targetUri = KeycloakUriBuilder.fromUri(ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), client.getRootUrl(), client.getBaseUrl())).build(); + targetUri = KeycloakUriBuilder.fromUri(ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), client.getBaseUrl())).build(); } return Response.seeOther(targetUri).build(); diff --git a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java index f6e464e315..f80241e2b8 100755 --- a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java +++ b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java @@ -17,7 +17,6 @@ package org.keycloak.services.resources; import org.jboss.logging.Logger; -import org.keycloak.Config; import org.keycloak.common.ClientConnection; import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.MimeTypeUtil; @@ -32,7 +31,6 @@ import org.keycloak.services.util.CookieHelper; import org.keycloak.theme.BrowserSecurityHeaderSetup; import org.keycloak.theme.FreeMarkerUtil; import org.keycloak.theme.Theme; -import org.keycloak.theme.ThemeProvider; import org.keycloak.utils.MediaType; import javax.ws.rs.Consumes; @@ -49,7 +47,6 @@ import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.ResponseBuilder; import javax.ws.rs.core.Response.Status; -import javax.ws.rs.core.UriInfo; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; @@ -74,9 +71,6 @@ public class WelcomeResource { @Context protected HttpHeaders headers; - @Context - private UriInfo uriInfo; - @Context private KeycloakSession session; @@ -95,7 +89,7 @@ public class WelcomeResource { public Response getWelcomePage() throws URISyntaxException { checkBootstrap(); - String requestUri = uriInfo.getRequestUri().toString(); + String requestUri = session.getContext().getUri().getRequestUri().toString(); if (!requestUri.endsWith("/")) { return Response.seeOther(new URI(requestUri + "/")).build(); } else { @@ -243,15 +237,15 @@ public class WelcomeResource { private String setCsrfCookie() { String stateChecker = Base64Url.encode(KeycloakModelUtils.generateSecret()); - String cookiePath = uriInfo.getPath(); - boolean secureOnly = uriInfo.getRequestUri().getScheme().equalsIgnoreCase("https"); + String cookiePath = session.getContext().getUri().getPath(); + boolean secureOnly = session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https"); CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, stateChecker, cookiePath, null, null, 300, secureOnly, true); return stateChecker; } private void expireCsrfCookie() { - String cookiePath = uriInfo.getPath(); - boolean secureOnly = uriInfo.getRequestUri().getScheme().equalsIgnoreCase("https"); + String cookiePath = session.getContext().getUri().getPath(); + boolean secureOnly = session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https"); CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, "", cookiePath, null, null, 0, secureOnly, true); } diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java b/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java index 43ddc4ac67..d332fb79fe 100644 --- a/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java @@ -1,25 +1,40 @@ package org.keycloak.services.resources.account; +import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.common.Profile; import org.keycloak.common.Version; -import org.keycloak.models.*; +import org.keycloak.events.EventStoreProvider; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.protocol.oidc.utils.RedirectUtils; import org.keycloak.services.Urls; +import org.keycloak.services.managers.AppAuthManager; +import org.keycloak.services.managers.Auth; +import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientManager; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.util.LocaleHelper; +import org.keycloak.services.util.ResolveRelative; +import org.keycloak.services.validation.Validation; import org.keycloak.theme.BrowserSecurityHeaderSetup; import org.keycloak.theme.FreeMarkerException; import org.keycloak.theme.FreeMarkerUtil; import org.keycloak.theme.Theme; +import org.keycloak.theme.beans.MessageFormatterMethod; import org.keycloak.utils.MediaType; +import javax.json.Json; +import javax.json.JsonObjectBuilder; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.io.IOException; -import java.io.StringWriter; import java.net.URI; import java.net.URISyntaxException; import java.util.HashMap; @@ -28,23 +43,6 @@ import java.util.Map; import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; -import javax.json.Json; -import javax.json.JsonObjectBuilder; -import javax.json.JsonWriter; -import org.jboss.logging.Logger; -import org.keycloak.common.Profile; -import org.keycloak.events.EventStoreProvider; -import org.keycloak.forms.account.freemarker.model.FeaturesBean; -import org.keycloak.models.ClientModel; -import org.keycloak.protocol.oidc.utils.RedirectUtils; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.AppAuthManager; -import org.keycloak.services.managers.Auth; -import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.util.LocaleHelper; -import org.keycloak.services.util.ResolveRelative; -import org.keycloak.services.validation.Validation; -import org.keycloak.theme.beans.MessageFormatterMethod; /** * Created by st on 29/03/17. @@ -56,9 +54,7 @@ public class AccountConsole { @Context protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - + private final AppAuthManager authManager; private final RealmModel realm; private final ClientModel client; @@ -83,12 +79,12 @@ public class AccountConsole { @GET @NoCache public Response getMainPage() throws URISyntaxException, IOException, FreeMarkerException { - if (!uriInfo.getRequestUri().getPath().endsWith("/")) { - return Response.status(302).location(uriInfo.getRequestUriBuilder().path("/").build()).build(); + if (!session.getContext().getUri().getRequestUri().getPath().endsWith("/")) { + return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("/").build()).build(); } else { Map map = new HashMap<>(); - URI baseUri = uriInfo.getBaseUri(); + URI baseUri = session.getContext().getUri().getBaseUri(); map.put("authUrl", session.getContext().getContextPath()); map.put("baseUrl", session.getContext().getContextPath() + "/realms/" + realm.getName() + "/account"); @@ -189,19 +185,19 @@ public class AccountConsole { // TODO: took this code from elsewhere - refactor private String[] getReferrer() { - String referrer = uriInfo.getQueryParameters().getFirst("referrer"); + String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer"); if (referrer == null) { return null; } - String referrerUri = uriInfo.getQueryParameters().getFirst("referrer_uri"); + String referrerUri = session.getContext().getUri().getQueryParameters().getFirst("referrer_uri"); ClientModel referrerClient = realm.getClientByClientId(referrer); if (referrerClient != null) { if (referrerUri != null) { - referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient); + referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient); } else { - referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl()); + referrerUri = ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl()); } if (referrerUri != null) { @@ -214,7 +210,7 @@ public class AccountConsole { } else if (referrerUri != null) { referrerClient = realm.getClientByClientId(referrer); if (client != null) { - referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient); + referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient); if (referrerUri != null) { return new String[]{referrer, referrerUri}; diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java index 1355614d6d..c27c387c37 100755 --- a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java @@ -17,7 +17,6 @@ package org.keycloak.services.resources.account; import org.jboss.logging.Logger; -import org.keycloak.authentication.RequiredActionContext; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.PermissionTicket; import org.keycloak.authorization.model.Policy; @@ -54,7 +53,6 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.CredentialValidation; import org.keycloak.models.utils.FormMessage; -import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.protocol.oidc.utils.RedirectUtils; import org.keycloak.services.ErrorResponse; import org.keycloak.services.ForbiddenException; @@ -72,18 +70,23 @@ import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.util.ResolveRelative; import org.keycloak.services.validation.Validation; import org.keycloak.sessions.AuthenticationSessionModel; -import org.keycloak.sessions.RootAuthenticationSessionModel; import org.keycloak.storage.ReadOnlyException; import org.keycloak.util.JsonSerialization; -import javax.ws.rs.*; +import javax.ws.rs.Consumes; +import javax.ws.rs.FormParam; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; - import java.io.IOException; import java.lang.reflect.Method; import java.net.URI; @@ -133,7 +136,7 @@ public class AccountFormService extends AbstractSecuredLocalService { public void init() { eventStore = session.getProvider(EventStoreProvider.class); - account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(uriInfo).setHttpHeaders(headers); + account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(session.getContext().getUri()).setHttpHeaders(headers); AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm); if (authResult != null) { @@ -142,7 +145,7 @@ public class AccountFormService extends AbstractSecuredLocalService { account.setStateChecker(stateChecker); } - String requestOrigin = UriUtils.getOrigin(uriInfo.getBaseUri()); + String requestOrigin = UriUtils.getOrigin(session.getContext().getUri().getBaseUri()); String origin = headers.getRequestHeaders().getFirst("Origin"); if (origin != null && !requestOrigin.equals(origin)) { @@ -245,7 +248,7 @@ public class AccountFormService extends AbstractSecuredLocalService { @Path("totp") @GET public Response totpPage() { - account.setAttribute("mode", uriInfo.getQueryParameters().getFirst("mode")); + account.setAttribute("mode", session.getContext().getUri().getQueryParameters().getFirst("mode")); return forwardToPage("totp", AccountPages.TOTP); } @@ -383,11 +386,11 @@ public class AccountFormService extends AbstractSecuredLocalService { List userSessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel userSession : userSessions) { - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true); } - UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountFormService.class, "sessionsPage"); - String referrer = uriInfo.getQueryParameters().getFirst("referrer"); + UriBuilder builder = Urls.accountBase(session.getContext().getUri().getBaseUri()).path(AccountFormService.class, "sessionsPage"); + String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer"); if (referrer != null) { builder.queryParam("referrer", referrer); @@ -422,13 +425,13 @@ public class AccountFormService extends AbstractSecuredLocalService { new UserSessionManager(session).revokeOfflineToken(user, client); // Logout clientSessions for this user and client - AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, uriInfo, headers); + AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, session.getContext().getUri(), headers); event.event(EventType.REVOKE_GRANT).client(auth.getClient()).user(auth.getUser()).detail(Details.REVOKED_CLIENT, client.getClientId()).success(); setReferrerOnPage(); - UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountFormService.class, "applicationsPage"); - String referrer = uriInfo.getQueryParameters().getFirst("referrer"); + UriBuilder builder = Urls.accountBase(session.getContext().getUri().getBaseUri()).path(AccountFormService.class, "applicationsPage"); + String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer"); if (referrer != null) { builder.queryParam("referrer", referrer); @@ -458,7 +461,7 @@ public class AccountFormService extends AbstractSecuredLocalService { auth.require(AccountRoles.MANAGE_ACCOUNT); - account.setAttribute("mode", uriInfo.getQueryParameters().getFirst("mode")); + account.setAttribute("mode", session.getContext().getUri().getQueryParameters().getFirst("mode")); String action = formData.getFirst("submitAction"); if (action != null && action.equals("Cancel")) { @@ -591,7 +594,7 @@ public class AccountFormService extends AbstractSecuredLocalService { List sessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel s : sessions) { if (!s.getId().equals(auth.getSession().getId())) { - AuthenticationManager.backchannelLogout(session, realm, s, uriInfo, clientConnection, headers, true); + AuthenticationManager.backchannelLogout(session, realm, s, session.getContext().getUri(), clientConnection, headers, true); } } @@ -646,7 +649,7 @@ public class AccountFormService extends AbstractSecuredLocalService { switch (accountSocialAction) { case ADD: - String redirectUri = UriBuilder.fromUri(Urls.accountFederatedIdentityPage(uriInfo.getBaseUri(), realm.getName())).build().toString(); + String redirectUri = UriBuilder.fromUri(Urls.accountFederatedIdentityPage(session.getContext().getUri().getBaseUri(), realm.getName())).build().toString(); try { String nonce = UUID.randomUUID().toString(); @@ -654,7 +657,7 @@ public class AccountFormService extends AbstractSecuredLocalService { String input = nonce + auth.getSession().getId() + client.getClientId() + providerId; byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8)); String hash = Base64Url.encode(check); - URI linkUrl = Urls.identityProviderLinkRequest(this.uriInfo.getBaseUri(), providerId, realm.getName()); + URI linkUrl = Urls.identityProviderLinkRequest(this.session.getContext().getUri().getBaseUri(), providerId, realm.getName()); linkUrl = UriBuilder.fromUri(linkUrl) .queryParam("nonce", nonce) .queryParam("hash", hash) @@ -936,7 +939,7 @@ public class AccountFormService extends AbstractSecuredLocalService { @Override protected URI getBaseRedirectUri() { - return Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()); + return Urls.accountBase(session.getContext().getUri().getBaseUri()).path("/").build(realm.getName()); } public static boolean isPasswordSet(KeycloakSession session, RealmModel realm, UserModel user) { @@ -944,19 +947,19 @@ public class AccountFormService extends AbstractSecuredLocalService { } private String[] getReferrer() { - String referrer = uriInfo.getQueryParameters().getFirst("referrer"); + String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer"); if (referrer == null) { return null; } - String referrerUri = uriInfo.getQueryParameters().getFirst("referrer_uri"); + String referrerUri = session.getContext().getUri().getQueryParameters().getFirst("referrer_uri"); ClientModel referrerClient = realm.getClientByClientId(referrer); if (referrerClient != null) { if (referrerUri != null) { - referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient); + referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient); } else { - referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl()); + referrerUri = ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl()); } if (referrerUri != null) { @@ -969,7 +972,7 @@ public class AccountFormService extends AbstractSecuredLocalService { } else if (referrerUri != null) { referrerClient = realm.getClientByClientId(referrer); if (client != null) { - referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient); + referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient); if (referrerUri != null) { return new String[]{referrer, referrerUri}; diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java b/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java index 48e55eec0e..57b808c316 100755 --- a/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java @@ -35,6 +35,7 @@ import org.keycloak.representations.account.UserRepresentation; import org.keycloak.services.ErrorResponse; import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.AuthenticationManager; +import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.Cors; import org.keycloak.storage.ReadOnlyException; @@ -50,11 +51,9 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.util.LinkedList; import java.util.List; import java.util.Map; -import org.keycloak.services.messages.Messages; /** * @author Stian Thorgersen @@ -64,8 +63,6 @@ public class AccountRestService { @Context private HttpRequest request; @Context - protected UriInfo uriInfo; - @Context protected HttpHeaders headers; @Context protected ClientConnection clientConnection; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java index f74a2a1924..38c40d48c6 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java @@ -52,7 +52,6 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.Providers; import java.io.IOException; import java.net.URI; @@ -72,9 +71,6 @@ import java.util.Set; public class AdminConsole { protected static final Logger logger = Logger.getLogger(AdminConsole.class); - @Context - protected UriInfo uriInfo; - @Context protected ClientConnection clientConnection; @@ -177,7 +173,7 @@ public class AdminConsole { if (consoleApp == null) { throw new NotFoundException("Could not find admin console client"); } - return new ClientManager(new RealmManager(session)).toInstallationRepresentation(realm, consoleApp, keycloak.getBaseUri(uriInfo)); + return new ClientManager(new RealmManager(session)).toInstallationRepresentation(realm, consoleApp, keycloak.getBaseUri(session.getContext().getUri())); } @@ -193,7 +189,7 @@ public class AdminConsole { @NoCache public Response whoAmI(final @Context HttpHeaders headers) { RealmManager realmManager = new RealmManager(session); - AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, uriInfo, clientConnection, headers); + AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, session.getContext().getUri(), clientConnection, headers); if (authResult == null) { return Response.status(401).build(); } @@ -263,10 +259,10 @@ public class AdminConsole { @GET @NoCache public Response logout() { - URI redirect = AdminRoot.adminConsoleUrl(uriInfo).build(realm.getName()); + URI redirect = AdminRoot.adminConsoleUrl(session.getContext().getUri()).build(realm.getName()); return Response.status(302).location( - OIDCLoginProtocolService.logoutUrl(uriInfo).queryParam("redirect_uri", redirect.toString()).build(realm.getName()) + OIDCLoginProtocolService.logoutUrl(session.getContext().getUri()).queryParam("redirect_uri", redirect.toString()).build(realm.getName()) ).build(); } @@ -283,14 +279,14 @@ public class AdminConsole { @GET @NoCache public Response getMainPage() throws URISyntaxException, IOException, FreeMarkerException { - if (!uriInfo.getRequestUri().getPath().endsWith("/")) { - return Response.status(302).location(uriInfo.getRequestUriBuilder().path("/").build()).build(); + if (!session.getContext().getUri().getRequestUri().getPath().endsWith("/")) { + return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("/").build()).build(); } else { Theme theme = AdminRoot.getTheme(session, realm); Map map = new HashMap<>(); - URI baseUri = uriInfo.getBaseUri(); + URI baseUri = session.getContext().getUri().getBaseUri(); map.put("authUrl", session.getContext().getContextPath()); map.put("consoleBaseUrl", Urls.adminConsoleRoot(baseUri, realm.getName()).getPath()); @@ -310,7 +306,7 @@ public class AdminConsole { @GET @Path("{indexhtml: index.html}") // this expression is a hack to get around jaxdoclet generation bug. Doesn't like index.html public Response getIndexHtmlRedirect() { - return Response.status(302).location(uriInfo.getRequestUriBuilder().path("../").build()).build(); + return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("../").build()).build(); } @GET diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java index 8060095fa6..a2c11a8056 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java @@ -38,7 +38,6 @@ import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.admin.info.ServerInfoAdminResource; import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.theme.Theme; -import org.keycloak.theme.ThemeProvider; import javax.ws.rs.GET; import javax.ws.rs.HttpMethod; @@ -63,9 +62,6 @@ import java.util.Properties; public class AdminRoot { protected static final Logger logger = Logger.getLogger(AdminRoot.class); - @Context - protected UriInfo uriInfo; - @Context protected ClientConnection clientConnection; @@ -104,7 +100,7 @@ public class AdminRoot { public Response masterRealmAdminConsoleRedirect() { RealmModel master = new RealmManager(session).getKeycloakAdminstrationRealm(); return Response.status(302).location( - uriInfo.getBaseUriBuilder().path(AdminRoot.class).path(AdminRoot.class, "getAdminConsole").path("/").build(master.getName()) + session.getContext().getUri().getBaseUriBuilder().path(AdminRoot.class).path(AdminRoot.class, "getAdminConsole").path("/").build(master.getName()) ).build(); } @@ -172,7 +168,7 @@ public class AdminRoot { throw new UnauthorizedException("Unknown realm in token"); } session.getContext().setRealm(realm); - AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, uriInfo, clientConnection, headers); + AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, session.getContext().getUri(), clientConnection, headers); if (authResult == null) { logger.debug("Token not valid"); throw new UnauthorizedException("Bearer"); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java index 4db698f644..743e994638 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java @@ -18,7 +18,6 @@ package org.keycloak.services.resources.admin; import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; -import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.common.ClientConnection; import org.keycloak.common.util.Time; import org.keycloak.events.admin.OperationType; @@ -38,7 +37,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.UriInfo; import java.util.HashMap; import java.util.Map; @@ -58,9 +56,6 @@ public class AttackDetectionResource { @Context protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - @Context protected ClientConnection connection; @@ -137,7 +132,7 @@ public class AttackDetectionResource { UserLoginFailureModel model = session.sessions().getUserLoginFailure(realm, userId); if (model != null) { session.sessions().removeUserLoginFailure(realm, userId); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } } @@ -153,7 +148,7 @@ public class AttackDetectionResource { auth.users().requireManage(); session.sessions().removeAllUserLoginFailures(realm); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java index 86561f644e..d05f33b6f8 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java @@ -61,18 +61,15 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; import java.util.Collections; import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Optional; -import java.util.stream.Collectors; import static javax.ws.rs.core.Response.Status.NOT_FOUND; @@ -86,8 +83,6 @@ public class AuthenticationManagementResource { private final KeycloakSession session; private AdminPermissionEvaluator auth; private AdminEventBuilder adminEvent; - @Context - private UriInfo uriInfo; protected static final Logger logger = Logger.getLogger(AuthenticationManagementResource.class); @@ -223,8 +218,8 @@ public class AuthenticationManagementResource { AuthenticationFlowModel createdModel = realm.addAuthenticationFlow(RepresentationToModel.toModel(flow)); flow.setId(createdModel.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), createdModel.getId()).representation(flow).success(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(flow.getId()).build()).build(); } /** @@ -268,7 +263,7 @@ public class AuthenticationManagementResource { flow.setId(existingFlow.getId()); realm.updateAuthenticationFlow(RepresentationToModel.toModel(flow)); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(flow).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(flow).success(); return Response.accepted(flow).build(); } @@ -305,7 +300,7 @@ public class AuthenticationManagementResource { realm.removeAuthenticationFlow(flow); // Use just one event for top-level flow. Using separate events won't work properly for flows of depth 2 or bigger - if (isTopMostLevel) adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + if (isTopMostLevel) adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } /** @@ -336,7 +331,7 @@ public class AuthenticationManagementResource { AuthenticationFlowModel copy = copyFlow(realm, flow, newName); data.put("id", copy.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(data).success(); return Response.status(Response.Status.CREATED).build(); @@ -416,10 +411,10 @@ public class AuthenticationManagementResource { execution = realm.addAuthenticatorExecution(execution); data.put("id", execution.getId()); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION_FLOW).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION_FLOW).resourcePath(session.getContext().getUri()).representation(data).success(); String addExecutionPathSegment = UriBuilder.fromMethod(AuthenticationManagementResource.class, "addExecutionFlow").build(parentFlow.getAlias()).getPath(); - return Response.created(uriInfo.getBaseUriBuilder().path(uriInfo.getPath().replace(addExecutionPathSegment, "")).path("flows").path(newFlow.getId()).build()).build(); + return Response.created(session.getContext().getUri().getBaseUriBuilder().path(session.getContext().getUri().getPath().replace(addExecutionPathSegment, "")).path("flows").path(newFlow.getId()).build()).build(); } private int getNextPriority(AuthenticationFlowModel parentFlow) { @@ -472,10 +467,10 @@ public class AuthenticationManagementResource { execution = realm.addAuthenticatorExecution(execution); data.put("id", execution.getId()); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(data).success(); String addExecutionPathSegment = UriBuilder.fromMethod(AuthenticationManagementResource.class, "addExecutionToFlow").build(parentFlow.getAlias()).getPath(); - return Response.created(uriInfo.getBaseUriBuilder().path(uriInfo.getPath().replace(addExecutionPathSegment, "")).path("executions").path(execution.getId()).build()).build(); + return Response.created(session.getContext().getUri().getBaseUriBuilder().path(session.getContext().getUri().getPath().replace(addExecutionPathSegment, "")).path("executions").path(execution.getId()).build()).build(); } /** @@ -593,7 +588,7 @@ public class AuthenticationManagementResource { if (!model.getRequirement().name().equals(rep.getRequirement())) { model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement())); realm.updateAuthenticatorExecution(model); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(rep).success(); } } @@ -637,8 +632,8 @@ public class AuthenticationManagementResource { model.setPriority(getNextPriority(parentFlow)); model = realm.addAuthenticatorExecution(model); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo, model.getId()).representation(execution).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri(), model.getId()).representation(execution).success(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build(); } public AuthenticationFlowModel getParentFlow(AuthenticationExecutionModel model) { @@ -691,7 +686,7 @@ public class AuthenticationManagementResource { model.setPriority(tmp); realm.updateAuthenticatorExecution(model); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success(); } public List getSortedExecutions(AuthenticationFlowModel parentFlow) { @@ -736,7 +731,7 @@ public class AuthenticationManagementResource { next.setPriority(tmp); realm.updateAuthenticatorExecution(next); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success(); } @@ -769,7 +764,7 @@ public class AuthenticationManagementResource { realm.removeAuthenticatorExecution(model); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success(); } @@ -802,8 +797,8 @@ public class AuthenticationManagementResource { realm.updateAuthenticatorExecution(model); json.setId(config.getId()); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(json).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(json).success(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(config.getId()).build()).build(); } /** @@ -886,7 +881,7 @@ public class AuthenticationManagementResource { requiredAction = realm.addRequiredActionProvider(requiredAction); data.put("id", requiredAction.getId()); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).representation(data).success(); } private int getNextRequiredActionPriority() { @@ -972,7 +967,7 @@ public class AuthenticationManagementResource { update.setConfig(rep.getConfig()); realm.updateRequiredActionProvider(update); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).representation(rep).success(); } /** @@ -990,7 +985,7 @@ public class AuthenticationManagementResource { } realm.removeRequiredActionProvider(model); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -1024,7 +1019,7 @@ public class AuthenticationManagementResource { model.setPriority(tmp); realm.updateRequiredActionProvider(model); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -1058,7 +1053,7 @@ public class AuthenticationManagementResource { next.setPriority(tmp); realm.updateRequiredActionProvider(next); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -1135,8 +1130,8 @@ public class AuthenticationManagementResource { auth.realm().requireManageRealm(); AuthenticatorConfigModel config = realm.addAuthenticatorConfig(RepresentationToModel.toModel(rep)); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo, config.getId()).representation(rep).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri(), config.getId()).representation(rep).success(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(config.getId()).build()).build(); } /** @@ -1185,7 +1180,7 @@ public class AuthenticationManagementResource { realm.removeAuthenticatorConfig(config); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri()).success(); } /** @@ -1208,6 +1203,6 @@ public class AuthenticationManagementResource { exists.setAlias(rep.getAlias()); exists.setConfig(rep.getConfig()); realm.updateAuthenticatorConfig(exists); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri()).representation(rep).success(); } } \ No newline at end of file diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java index 8cd50c20d8..8f4ac530da 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java @@ -129,7 +129,6 @@ public class ClientAttributeCertificateResource { /** * Upload certificate and eventually private key * - * @param uriInfo * @param input * @return * @throws IOException @@ -138,7 +137,7 @@ public class ClientAttributeCertificateResource { @Path("upload") @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) - public CertificateRepresentation uploadJks(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { + public CertificateRepresentation uploadJks(MultipartFormDataInput input) throws IOException { auth.clients().requireConfigure(client); try { @@ -155,7 +154,6 @@ public class ClientAttributeCertificateResource { /** * Upload only certificate, not private key * - * @param uriInfo * @param input * @return information extracted from uploaded certificate - not necessarily the new state of certificate on the server * @throws IOException @@ -164,7 +162,7 @@ public class ClientAttributeCertificateResource { @Path("upload-certificate") @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) - public CertificateRepresentation uploadJksCertificate(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { + public CertificateRepresentation uploadJksCertificate(MultipartFormDataInput input) throws IOException { auth.clients().requireConfigure(client); try { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java index 609b9b0880..f6ddd11681 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java @@ -39,7 +39,6 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.util.LinkedList; import java.util.List; @@ -56,9 +55,6 @@ public class ClientInitialAccessResource { @Context protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - public ClientInitialAccessResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; @@ -83,15 +79,15 @@ public class ClientInitialAccessResource { ClientInitialAccessModel clientInitialAccessModel = session.realms().createClientInitialAccessModel(realm, expiration, count); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientInitialAccessModel.getId()).representation(config).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientInitialAccessModel.getId()).representation(config).success(); ClientInitialAccessPresentation rep = wrap(clientInitialAccessModel); - String token = ClientRegistrationTokenUtils.createInitialAccessToken(session, realm, uriInfo, clientInitialAccessModel); + String token = ClientRegistrationTokenUtils.createInitialAccessToken(session, realm, session.getContext().getUri(), clientInitialAccessModel); rep.setToken(token); response.setStatus(Response.Status.CREATED.getStatusCode()); - response.setHeader(HttpHeaders.LOCATION, uriInfo.getAbsolutePathBuilder().path(clientInitialAccessModel.getId()).build().toString()); + response.setHeader(HttpHeaders.LOCATION, session.getContext().getUri().getAbsolutePathBuilder().path(clientInitialAccessModel.getId()).build().toString()); return rep; } @@ -116,7 +112,7 @@ public class ClientInitialAccessResource { auth.clients().requireManage(); session.realms().removeClientInitialAccessModel(realm, id); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } private ClientInitialAccessPresentation wrap(ClientInitialAccessModel model) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientRegistrationPolicyResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientRegistrationPolicyResource.java index 92503267c8..2102061f0e 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientRegistrationPolicyResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientRegistrationPolicyResource.java @@ -17,16 +17,6 @@ package org.keycloak.services.resources.admin; -import java.util.List; -import java.util.stream.Collectors; - -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.UriInfo; - import org.jboss.resteasy.annotations.cache.NoCache; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.KeycloakSession; @@ -39,6 +29,14 @@ import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy; import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyFactory; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import java.util.List; +import java.util.stream.Collectors; + /** * @resource Client Registration Policy * @author Marek Posolda @@ -52,9 +50,6 @@ public class ClientRegistrationPolicyResource { @Context protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - public ClientRegistrationPolicyResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index 6d0b0ca404..a78a25545b 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -77,7 +77,6 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.util.ArrayList; import java.util.HashMap; import java.util.LinkedList; @@ -103,9 +102,6 @@ public class ClientResource { protected ClientModel client; protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakApplication keycloak; @@ -155,7 +151,7 @@ public class ClientResource { try { updateClientFromRep(rep, client, session); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success(); updateAuthorizationSettings(rep); return Response.noContent().build(); } catch (ModelDuplicateException e) { @@ -203,7 +199,7 @@ public class ClientResource { ClientInstallationProvider provider = session.getProvider(ClientInstallationProvider.class, providerId); if (provider == null) throw new NotFoundException("Unknown Provider"); - return provider.generateInstallation(session, realm, client, keycloak.getBaseUri(uriInfo)); + return provider.generateInstallation(session, realm, client, keycloak.getBaseUri(session.getContext().getUri())); } /** @@ -220,7 +216,7 @@ public class ClientResource { } new ClientManager(new RealmManager(session)).removeClient(realm, client); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } @@ -239,7 +235,7 @@ public class ClientResource { logger.debug("regenerateSecret"); UserCredentialModel cred = KeycloakModelUtils.generateSecret(client); CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success(); return rep; } @@ -255,12 +251,12 @@ public class ClientResource { public ClientRepresentation regenerateRegistrationAccessToken() { auth.clients().requireManage(client); - String token = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, realm, uriInfo, client, RegistrationAuth.AUTHENTICATED); + String token = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, realm, session.getContext().getUri(), client, RegistrationAuth.AUTHENTICATED); ClientRepresentation rep = ModelToRepresentation.toRepresentation(client); rep.setRegistrationAccessToken(token); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success(); return rep; } @@ -296,7 +292,7 @@ public class ClientResource { @Path("roles") public RoleContainerResource getRoleContainerResource() { - return new RoleContainerResource(session, uriInfo, realm, auth, client, adminEvent); + return new RoleContainerResource(session, session.getContext().getUri(), realm, auth, client, adminEvent); } @@ -343,7 +339,7 @@ public class ClientResource { } client.addClientScope(clientScope, defaultScope); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT).resourcePath(session.getContext().getUri()).success(); } @@ -359,7 +355,7 @@ public class ClientResource { } client.removeClientScope(clientScope); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT).resourcePath(session.getContext().getUri()).success(); } @@ -392,7 +388,7 @@ public class ClientResource { @Path("evaluate-scopes") public ClientScopeEvaluateResource clientScopeEvaluateResource() { - return new ClientScopeEvaluateResource(session, uriInfo, realm, auth, client, clientConnection); + return new ClientScopeEvaluateResource(session, session.getContext().getUri(), realm, auth, client, clientConnection); } /** @@ -431,8 +427,8 @@ public class ClientResource { public GlobalRequestResult pushRevocation() { auth.clients().requireConfigure(client); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).resource(ResourceType.CLIENT).success(); - return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).resource(ResourceType.CLIENT).success(); + return new ResourceAdminManager(session).pushClientRevocationPolicy(session.getContext().getUri().getRequestUri(), realm, client); } @@ -567,7 +563,7 @@ public class ClientResource { } if (logger.isDebugEnabled()) logger.debug("Register node: " + node); client.registerNode(node, Time.currentTime()); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo, node).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri(), node).success(); } /** @@ -588,7 +584,7 @@ public class ClientResource { throw new NotFoundException("Client does not have node "); } client.unregisterNode(node); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri()).success(); } /** @@ -606,8 +602,8 @@ public class ClientResource { auth.clients().requireConfigure(client); logger.debug("Test availability of cluster nodes"); - GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(uriInfo.getRequestUri(), realm, client); - adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).representation(result).success(); + GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(session.getContext().getUri().getRequestUri(), realm, client); + adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri()).representation(result).success(); return result; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientScopeResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientScopeResource.java index 8eed164941..f1877a5437 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientScopeResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientScopeResource.java @@ -59,9 +59,6 @@ public class ClientScopeResource { protected ClientScopeModel clientScope; protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - public ClientScopeResource(RealmModel realm, AdminPermissionEvaluator auth, ClientScopeModel clientScope, KeycloakSession session, AdminEventBuilder adminEvent) { this.realm = realm; this.auth = auth; @@ -107,7 +104,7 @@ public class ClientScopeResource { if (session.getTransactionManager().isActive()) { session.getTransactionManager().commit(); } - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success(); return Response.noContent().build(); } catch (ModelDuplicateException e) { return ErrorResponse.exists("Client Scope " + rep.getName() + " already exists"); @@ -141,7 +138,7 @@ public class ClientScopeResource { try { realm.removeClientScope(clientScope.getId()); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); return Response.noContent().build(); } catch (ModelException me) { return ErrorResponse.error(me.getMessage(), Response.Status.BAD_REQUEST); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java index 6df7748957..81b0c74326 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java @@ -41,7 +41,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.util.ArrayList; import java.util.List; @@ -61,9 +60,6 @@ public class ClientScopesResource { @Context protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - public ClientScopesResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { this.realm = realm; this.auth = auth; @@ -114,9 +110,9 @@ public class ClientScopesResource { try { ClientScopeModel clientModel = RepresentationToModel.createClientScope(session, realm, rep); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build(); } catch (ModelDuplicateException e) { return ErrorResponse.exists("Client Scope " + rep.getName() + " already exists"); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientStorageProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientStorageProviderResource.java index 6c8561cc6d..9304735f0a 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientStorageProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientStorageProviderResource.java @@ -21,30 +21,18 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.common.ClientConnection; import org.keycloak.component.ComponentModel; -import org.keycloak.events.admin.OperationType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; -import org.keycloak.services.ServicesLogger; -import org.keycloak.services.managers.UserStorageSyncManager; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.client.ClientStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; -import org.keycloak.storage.user.SynchronizationResult; -import javax.ws.rs.BadRequestException; import javax.ws.rs.GET; -import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.UriInfo; import java.util.HashMap; import java.util.Map; @@ -65,9 +53,6 @@ public class ClientStorageProviderResource { @Context protected ClientConnection clientConnection; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java index 580a0bc1fe..1ab8d3e587 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java @@ -155,13 +155,12 @@ public class ClientsResource { * * Client's client_id must be unique! * - * @param uriInfo * @param rep * @return */ @POST @Consumes(MediaType.APPLICATION_JSON) - public Response createClient(final @Context UriInfo uriInfo, final ClientRepresentation rep) { + public Response createClient(final ClientRepresentation rep) { auth.clients().requireManage(); ValidationMessages validationMessages = new ValidationMessages(); @@ -185,7 +184,7 @@ public class ClientsResource { } } - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success(); if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { @@ -196,12 +195,12 @@ public class ClientsResource { ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings(); if (authorizationSettings != null) { - authorizationService.resourceServer().importSettings(uriInfo, authorizationSettings); + authorizationService.resourceServer().importSettings(authorizationSettings); } } } - return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build(); } catch (ModelDuplicateException e) { return ErrorResponse.exists("Client " + rep.getClientId() + " already exists"); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java index c532245e15..27e16f5d51 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java @@ -54,8 +54,6 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - import java.text.MessageFormat; import java.util.Arrays; import java.util.Collections; @@ -81,9 +79,6 @@ public class ComponentResource { @Context protected ClientConnection clientConnection; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; @@ -139,8 +134,8 @@ public class ComponentResource { model = realm.addComponentModel(model); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), model.getId()).representation(StripSecretsUtils.strip(session, rep)).success(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build(); } catch (ComponentValidationException e) { return localizedErrorResponse(e); } catch (IllegalArgumentException e) { @@ -173,7 +168,7 @@ public class ComponentResource { throw new NotFoundException("Could not find component"); } RepresentationToModel.updateComponent(session, rep, model, false); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(StripSecretsUtils.strip(session, rep)).success(); realm.updateComponent(model); return Response.noContent().build(); } catch (ComponentValidationException e) { @@ -190,7 +185,7 @@ public class ComponentResource { if (model == null) { throw new NotFoundException("Could not find component"); } - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); realm.removeComponent(model); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java index 0c0ed89237..27c6852cd8 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java @@ -21,7 +21,6 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; -import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; @@ -31,6 +30,10 @@ import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.ManagementPermissionReference; import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.services.ErrorResponse; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; +import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; +import org.keycloak.services.resources.admin.permissions.AdminPermissions; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -40,20 +43,14 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.net.URI; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import org.keycloak.services.ErrorResponse; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; -import org.keycloak.services.resources.admin.permissions.AdminPermissions; /** * @resource Groups @@ -75,8 +72,6 @@ public class GroupResource { this.group = group; } - @Context private UriInfo uriInfo; - /** * * @@ -106,7 +101,7 @@ public class GroupResource { this.auth.groups().requireManage(group); updateGroup(rep, group); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success(); } @@ -116,7 +111,7 @@ public class GroupResource { this.auth.groups().requireManage(group); realm.removeGroup(group); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } @@ -151,8 +146,8 @@ public class GroupResource { } else { child = realm.createGroup(rep.getName()); updateGroup(rep, child); - URI uri = uriInfo.getBaseUriBuilder() - .path(uriInfo.getMatchedURIs().get(2)) + URI uri = session.getContext().getUri().getBaseUriBuilder() + .path(session.getContext().getUri().getMatchedURIs().get(2)) .path(child.getId()).build(); builder.status(201).location(uri); rep.setId(child.getId()); @@ -160,7 +155,7 @@ public class GroupResource { } realm.moveGroup(child, group); - adminEvent.resourcePath(uriInfo).representation(rep).success(); + adminEvent.resourcePath(session.getContext().getUri()).representation(rep).success(); GroupRepresentation childRep = ModelToRepresentation.toGroupHierarchy(child, true); return builder.type(MediaType.APPLICATION_JSON_TYPE).entity(childRep).build(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java index 15be7ae029..28f36be88e 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java @@ -16,7 +16,6 @@ */ package org.keycloak.services.resources.admin; -import org.apache.http.HttpStatus; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; @@ -28,21 +27,23 @@ import org.keycloak.models.RealmModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.services.ErrorResponse; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import javax.ws.rs.*; -import javax.ws.rs.core.Context; +import javax.ws.rs.Consumes; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.net.URI; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Objects; -import org.keycloak.services.ErrorResponse; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import twitter4j.JSONException; -import twitter4j.JSONObject; /** * @resource Groups @@ -63,8 +64,6 @@ public class GroupsResource { } - @Context private UriInfo uriInfo; - /** * Get group hierarchy. Only name and ids are returned. * @@ -153,16 +152,16 @@ public class GroupsResource { if (child == null) { throw new NotFoundException("Could not find child by id"); } - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()); } else { child = realm.createGroup(rep.getName()); GroupResource.updateGroup(rep, child); - URI uri = uriInfo.getAbsolutePathBuilder() + URI uri = session.getContext().getUri().getAbsolutePathBuilder() .path(child.getId()).build(); builder.status(201).location(uri); rep.setId(child.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, child.getId()); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), child.getId()); } realm.moveGroup(child, null); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java index 4d22005306..6a0171308c 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java @@ -86,8 +86,6 @@ public class IdentityProviderResource { private final IdentityProviderModel identityProviderModel; private final AdminEventBuilder adminEvent; - @Context private UriInfo uriInfo; - public IdentityProviderResource(AdminPermissionEvaluator auth, RealmModel realm, KeycloakSession session, IdentityProviderModel identityProviderModel, AdminEventBuilder adminEvent) { this.realm = realm; this.session = session; @@ -137,7 +135,7 @@ public class IdentityProviderResource { this.realm.removeIdentityProviderMapper(mapper); } - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); return Response.noContent().build(); } @@ -161,7 +159,7 @@ public class IdentityProviderResource { try { updateIdpFromRep(providerRep, realm, session); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(providerRep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(providerRep).success(); return Response.noContent().build(); } catch (ModelDuplicateException e) { @@ -235,14 +233,13 @@ public class IdentityProviderResource { /** * Export public broker configuration for identity provider * - * @param uriInfo * @param format Format to use * @return */ @GET @Path("export") @NoCache - public Response export(@Context UriInfo uriInfo, @QueryParam("format") String format) { + public Response export(@QueryParam("format") String format) { this.auth.realm().requireViewIdentityProviders(); if (identityProviderModel == null) { @@ -251,7 +248,7 @@ public class IdentityProviderResource { try { IdentityProviderFactory factory = getIdentityProviderFactory(); - return factory.create(session, identityProviderModel).export(uriInfo, realm, format); + return factory.create(session, identityProviderModel).export(session.getContext().getUri(), realm, format); } catch (Exception e) { return ErrorResponse.error("Could not export public broker configuration for identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.NOT_FOUND); } @@ -339,10 +336,10 @@ public class IdentityProviderResource { return ErrorResponse.error("Failed to add mapper '" + model.getName() + "' to identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.BAD_REQUEST); } - adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo, model.getId()) + adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri(), model.getId()) .representation(mapper).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build(); } @@ -389,7 +386,7 @@ public class IdentityProviderResource { if (model == null) throw new NotFoundException("Model not found"); model = RepresentationToModel.toModel(rep); realm.updateIdentityProviderMapper(model); - adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri()).representation(rep).success(); } @@ -411,7 +408,7 @@ public class IdentityProviderResource { IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id); if (model == null) throw new NotFoundException("Model not found"); realm.removeIdentityProviderMapper(model); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri()).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java index 646b46364c..bc3e78e3b9 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java @@ -46,10 +46,8 @@ import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; @@ -98,7 +96,6 @@ public class IdentityProvidersResource { /** * Import identity provider from uploaded JSON file * - * @param uriInfo * @param input * @return * @throws IOException @@ -107,7 +104,7 @@ public class IdentityProvidersResource { @Path("import-config") @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) - public Map importFrom(@Context UriInfo uriInfo, MultipartFormDataInput input) throws IOException { + public Map importFrom(MultipartFormDataInput input) throws IOException { this.auth.realm().requireManageIdentityProviders(); Map> formDataMap = input.getFormDataMap(); if (!(formDataMap.containsKey("providerId") && formDataMap.containsKey("file"))) { @@ -124,7 +121,6 @@ public class IdentityProvidersResource { /** * Import identity provider from JSON body * - * @param uriInfo * @param data JSON body * @return * @throws IOException @@ -133,7 +129,7 @@ public class IdentityProvidersResource { @Path("import-config") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Map importFrom(@Context UriInfo uriInfo, Map data) throws IOException { + public Map importFrom(Map data) throws IOException { this.auth.realm().requireManageIdentityProviders(); if (!(data.containsKey("providerId") && data.containsKey("fromUrl"))) { throw new BadRequestException(); @@ -177,14 +173,13 @@ public class IdentityProvidersResource { /** * Create a new identity provider * - * @param uriInfo * @param representation JSON body * @return */ @POST @Path("instances") @Consumes(MediaType.APPLICATION_JSON) - public Response create(@Context UriInfo uriInfo, IdentityProviderRepresentation representation) { + public Response create(IdentityProviderRepresentation representation) { this.auth.realm().requireManageIdentityProviders(); try { @@ -192,10 +187,10 @@ public class IdentityProvidersResource { this.realm.addIdentityProvider(identityProvider); representation.setInternalId(identityProvider.getInternalId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, identityProvider.getAlias()) + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), identityProvider.getAlias()) .representation(StripSecretsUtils.strip(representation)).success(); - return Response.created(uriInfo.getAbsolutePathBuilder().path(representation.getAlias()).build()).build(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(representation.getAlias()).build()).build(); } catch (ModelDuplicateException e) { return ErrorResponse.exists("Identity Provider " + representation.getAlias() + " already exists"); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java index 709197dd74..c6e4be69d4 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java @@ -46,7 +46,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.text.MessageFormat; import java.util.LinkedList; import java.util.List; @@ -72,9 +71,6 @@ public class ProtocolMappersResource { protected AdminEventBuilder adminEvent; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; @@ -128,13 +124,13 @@ public class ProtocolMappersResource { model = RepresentationToModel.toModel(rep); validateModel(model); model = client.addProtocolMapper(model); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(rep).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), model.getId()).representation(rep).success(); } catch (ModelDuplicateException e) { return ErrorResponse.exists("Protocol mapper exists with same name"); } - return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build(); } /** * Create multiple mappers @@ -153,7 +149,7 @@ public class ProtocolMappersResource { validateModel(model); model = client.addProtocolMapper(model); } - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(reps).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(reps).success(); } /** @@ -213,7 +209,7 @@ public class ProtocolMappersResource { validateModel(model); client.updateProtocolMapper(model); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success(); } /** @@ -230,7 +226,7 @@ public class ProtocolMappersResource { ProtocolMapperModel model = client.getProtocolMapperById(id); if (model == null) throw new NotFoundException("Model not found"); client.removeProtocolMapper(model); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index dee4147d4e..585e287967 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -24,11 +24,6 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.Config; import org.keycloak.KeyPairVerifier; -import org.keycloak.models.ClientScopeModel; -import org.keycloak.representations.idm.ClientScopeRepresentation; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; -import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.common.ClientConnection; import org.keycloak.common.VerificationException; import org.keycloak.common.util.PemUtils; @@ -47,6 +42,7 @@ import org.keycloak.exportimport.util.ExportOptions; import org.keycloak.exportimport.util.ExportUtils; import org.keycloak.keys.PublicKeyStorageProvider; import org.keycloak.models.ClientModel; +import org.keycloak.models.ClientScopeModel; import org.keycloak.models.Constants; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; @@ -68,6 +64,7 @@ import org.keycloak.provider.ProviderFactory; import org.keycloak.representations.adapters.action.GlobalRequestResult; import org.keycloak.representations.idm.AdminEventRepresentation; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.ClientScopeRepresentation; import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.GroupRepresentation; @@ -81,6 +78,9 @@ import org.keycloak.services.managers.LDAPConnectionTestManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.managers.UserStorageSyncManager; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; +import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; +import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.storage.UserStorageProviderModel; import javax.ws.rs.Consumes; @@ -98,7 +98,6 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; -import javax.ws.rs.core.UriInfo; import java.security.cert.X509Certificate; import java.text.ParseException; import java.text.SimpleDateFormat; @@ -129,9 +128,6 @@ public class RealmAdminResource { @Context protected KeycloakSession session; - @Context - protected UriInfo uriInfo; - @Context protected ClientConnection connection; @@ -261,7 +257,7 @@ public class RealmAdminResource { } realm.addDefaultClientScope(clientScope, defaultScope); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT_SCOPE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT_SCOPE).resourcePath(session.getContext().getUri()).success(); } @@ -277,7 +273,7 @@ public class RealmAdminResource { } realm.removeDefaultClientScope(clientScope); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT_SCOPE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT_SCOPE).resourcePath(session.getContext().getUri()).success(); } @@ -346,7 +342,7 @@ public class RealmAdminResource { */ @Path("roles") public RoleContainerResource getRoleContainerResource() { - return new RoleContainerResource(session, uriInfo, realm, auth, realm, adminEvent); + return new RoleContainerResource(session, session.getContext().getUri(), realm, auth, realm, adminEvent); } /** @@ -555,8 +551,8 @@ public class RealmAdminResource { public GlobalRequestResult pushRevocation() { auth.realm().requireManageRealm(); - GlobalRequestResult result = new ResourceAdminManager(session).pushRealmRevocationPolicy(uriInfo.getRequestUri(), realm); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(result).success(); + GlobalRequestResult result = new ResourceAdminManager(session).pushRealmRevocationPolicy(session.getContext().getUri().getRequestUri(), realm); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(result).success(); return result; } @@ -571,8 +567,8 @@ public class RealmAdminResource { auth.users().requireManage(); session.sessions().removeUserSessions(realm); - GlobalRequestResult result = new ResourceAdminManager(session).logoutAll(uriInfo.getRequestUri(), realm); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(result).success(); + GlobalRequestResult result = new ResourceAdminManager(session).logoutAll(session.getContext().getUri().getRequestUri(), realm); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(result).success(); return result; } @@ -589,8 +585,8 @@ public class RealmAdminResource { UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId); if (userSession == null) throw new NotFoundException("Sesssion not found"); - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, connection, headers, true); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath(uriInfo).success(); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), connection, headers, true); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath(session.getContext().getUri()).success(); } @@ -1007,7 +1003,7 @@ public class RealmAdminResource { } realm.addDefaultGroup(group); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath(session.getContext().getUri()).success(); } @DELETE @@ -1022,7 +1018,7 @@ public class RealmAdminResource { } realm.removeDefaultGroup(group); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath(session.getContext().getUri()).success(); } @@ -1099,7 +1095,7 @@ public class RealmAdminResource { cache.clear(); } - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -1116,7 +1112,7 @@ public class RealmAdminResource { cache.clear(); } - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -1133,7 +1129,7 @@ public class RealmAdminResource { cache.clearCache(); } - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } @Path("keys") diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java index 76fb999e49..cda6494ae9 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java @@ -21,7 +21,6 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.common.ClientConnection; -import org.keycloak.policy.PasswordPolicyNotMetException; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; @@ -29,6 +28,7 @@ import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.utils.ModelToRepresentation; +import org.keycloak.policy.PasswordPolicyNotMetException; import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.ErrorResponse; @@ -49,7 +49,6 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.net.URI; import java.util.ArrayList; import java.util.List; @@ -125,13 +124,12 @@ public class RealmsAdminResource { * * Imports a realm from a full representation of that realm. Realm name must be unique. * - * @param uriInfo * @param rep JSON representation of the realm * @return */ @POST @Consumes(MediaType.APPLICATION_JSON) - public Response importRealm(@Context final UriInfo uriInfo, final RealmRepresentation rep) { + public Response importRealm(final RealmRepresentation rep) { RealmManager realmManager = new RealmManager(session); realmManager.setContextPath(keycloak.getContextPath()); AdminPermissions.realms(session, auth).requireCreateRealm(); @@ -142,7 +140,7 @@ public class RealmsAdminResource { RealmModel realm = realmManager.importRealm(rep); grantPermissionsToRealmCreator(realm); - URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build(); + URI location = AdminRoot.realmsUrl(session.getContext().getUri()).path(realm.getName()).build(); logger.debugv("imported realm success, sending back: {0}", location.toString()); return Response.created(location).build(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java index b2ae6ad776..87f3951d55 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java @@ -19,19 +19,17 @@ package org.keycloak.services.resources.admin; import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; -import org.keycloak.services.resources.admin.permissions.AdminPermissions; -import org.keycloak.services.resources.admin.permissions.RolePermissionManagement; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; -import org.keycloak.models.UserModel; import org.keycloak.representations.idm.ManagementPermissionReference; import org.keycloak.representations.idm.RoleRepresentation; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; +import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; +import org.keycloak.services.resources.admin.permissions.AdminPermissions; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -43,10 +41,7 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.UriInfo; -import java.util.HashMap; import java.util.List; -import java.util.Map; import java.util.Set; /** @@ -65,9 +60,6 @@ public class RoleByIdResource extends RoleResource { @Context private KeycloakSession session; - @Context - private UriInfo uriInfo; - public RoleByIdResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { super(realm); @@ -120,7 +112,7 @@ public class RoleByIdResource extends RoleResource { adminEvent.resource(ResourceType.REALM_ROLE); } - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } /** @@ -143,7 +135,7 @@ public class RoleByIdResource extends RoleResource { adminEvent.resource(ResourceType.REALM_ROLE); } - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success(); } /** @@ -158,7 +150,7 @@ public class RoleByIdResource extends RoleResource { public void addComposites(final @PathParam("role-id") String id, List roles) { RoleModel role = getRoleModel(id); auth.roles().requireManage(role); - addComposites(auth, adminEvent, uriInfo, roles, role); + addComposites(auth, adminEvent, session.getContext().getUri(), roles, role); } /** @@ -233,7 +225,7 @@ public class RoleByIdResource extends RoleResource { public void deleteComposites(final @PathParam("role-id") String id, List roles) { RoleModel role = getRoleModel(id); auth.roles().requireManage(role); - deleteComposites(adminEvent, uriInfo, roles, role); + deleteComposites(adminEvent, session.getContext().getUri(), roles, role); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java index addf33c53d..8ad922b7a0 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java @@ -19,10 +19,6 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; -import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; -import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; @@ -38,11 +34,13 @@ import org.keycloak.representations.idm.ManagementPermissionReference; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.ErrorResponse; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; +import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; +import org.keycloak.services.resources.admin.permissions.AdminPermissions; import javax.ws.rs.BadRequestException; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; -import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.PUT; @@ -50,7 +48,6 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; @@ -284,8 +281,7 @@ public class RoleContainerResource extends RoleResource { @GET @NoCache @Produces(MediaType.APPLICATION_JSON) - public Set getClientRoleComposites(@Context final UriInfo uriInfo, - final @PathParam("role-name") String roleName, + public Set getClientRoleComposites(final @PathParam("role-name") String roleName, final @PathParam("client") String client) { auth.roles().requireView(roleContainer); RoleModel role = roleContainer.getRole(roleName); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java index b785b1ae7f..dccad2b4c1 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java @@ -19,7 +19,6 @@ package org.keycloak.services.resources.admin; import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.common.ClientConnection; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; @@ -34,8 +33,8 @@ import org.keycloak.representations.idm.ClientMappingsRepresentation; import org.keycloak.representations.idm.MappingsRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.services.ErrorResponseException; -import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -48,7 +47,6 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; import java.text.MessageFormat; import java.util.ArrayList; import java.util.HashMap; @@ -83,9 +81,6 @@ public class RoleMapperResource { @Context protected ClientConnection clientConnection; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; @@ -236,7 +231,7 @@ public class RoleMapperResource { roleMapper.grantRole(roleModel); } - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success(); } /** @@ -279,7 +274,7 @@ public class RoleMapperResource { } - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success(); } @@ -293,7 +288,7 @@ public class RoleMapperResource { if (clientModel == null) { throw new NotFoundException("Client not found"); } - ClientRoleMappingsResource resource = new ClientRoleMappingsResource(uriInfo, session, realm, auth, roleMapper, + ClientRoleMappingsResource resource = new ClientRoleMappingsResource(session.getContext().getUri(), session, realm, auth, roleMapper, clientModel, adminEvent, managePermission, viewPermission); return resource; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java index 4df22ec286..7d537ca38e 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java @@ -50,7 +50,6 @@ import org.keycloak.models.UserLoginFailureModel; import org.keycloak.models.UserManager; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; -import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.protocol.oidc.OIDCLoginProtocol; @@ -92,7 +91,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; import java.net.URI; import java.text.MessageFormat; import java.util.ArrayList; @@ -126,9 +124,6 @@ public class UserResource { @Context protected ClientConnection clientConnection; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; @@ -171,7 +166,7 @@ public class UserResource { updateUserFromRep(user, rep, attrsToRemove, realm, session, true); RepresentationToModel.createCredentials(rep, session, realm, user, true); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success(); if (session.getTransactionManager().isActive()) { session.getTransactionManager().commit(); @@ -278,15 +273,15 @@ public class UserResource { if (authenticatedRealm.getId().equals(realm.getId())) { sameRealm = true; UserSessionModel userSession = session.sessions().getUserSession(authenticatedRealm, auth.adminAuth().getToken().getSessionState()); - AuthenticationManager.expireIdentityCookie(realm, uriInfo, clientConnection); - AuthenticationManager.expireRememberMeCookie(realm, uriInfo, clientConnection); - AuthenticationManager.backchannelLogout(session, authenticatedRealm, userSession, uriInfo, clientConnection, headers, true); + AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection); + AuthenticationManager.expireRememberMeCookie(realm, session.getContext().getUri(), clientConnection); + AuthenticationManager.backchannelLogout(session, authenticatedRealm, userSession, session.getContext().getUri(), clientConnection, headers, true); } EventBuilder event = new EventBuilder(realm, session, clientConnection); UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null); - AuthenticationManager.createLoginCookie(session, realm, userSession.getUser(), userSession, uriInfo, clientConnection); - URI redirect = AccountFormService.accountServiceApplicationPage(uriInfo).build(realm.getName()); + AuthenticationManager.createLoginCookie(session, realm, userSession.getUser(), userSession, session.getContext().getUri(), clientConnection); + URI redirect = AccountFormService.accountServiceApplicationPage(session.getContext().getUri()).build(realm.getName()); Map result = new HashMap<>(); result.put("sameRealm", sameRealm); result.put("redirect", redirect.toString()); @@ -403,7 +398,7 @@ public class UserResource { FederatedIdentityModel socialLink = new FederatedIdentityModel(provider, rep.getUserId(), rep.getUserName()); session.users().addFederatedIdentity(realm, user, socialLink); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(rep).success(); return Response.noContent().build(); } @@ -420,7 +415,7 @@ public class UserResource { if (!session.users().removeFederatedIdentity(realm, user, provider)) { throw new NotFoundException("Link not found"); } - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); } /** @@ -490,13 +485,13 @@ public class UserResource { if (revokedConsent) { // Logout clientSessions for this user and client - AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, uriInfo, headers); + AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, session.getContext().getUri(), headers); } if (!revokedConsent && !revokedOfflineToken) { throw new NotFoundException("Consent nor offline token not found"); } - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -514,9 +509,9 @@ public class UserResource { List userSessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel userSession : userSessions) { - AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); + AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true); } - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -529,7 +524,7 @@ public class UserResource { boolean removed = new UserManager(session).removeUser(realm, user); if (removed) { - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success(); return Response.noContent().build(); } else { return ErrorResponse.error("User couldn't be deleted", Status.BAD_REQUEST); @@ -598,7 +593,7 @@ public class UserResource { } if (pass.isTemporary() != null && pass.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -612,7 +607,7 @@ public class UserResource { auth.users().requireManage(user); session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); } /** @@ -688,7 +683,7 @@ public class UserResource { String redirect; if (redirectUri != null) { - redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri, realm, client); + redirect = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri, realm, client); if (redirect == null) { throw new WebApplicationException( ErrorResponse.error("Invalid redirect uri.", Status.BAD_REQUEST)); @@ -702,8 +697,8 @@ public class UserResource { ExecuteActionsActionToken token = new ExecuteActionsActionToken(user.getId(), expiration, actions, redirectUri, clientId); try { - UriBuilder builder = LoginActionsService.actionTokenProcessor(uriInfo); - builder.queryParam("key", token.serialize(session, realm, uriInfo)); + UriBuilder builder = LoginActionsService.actionTokenProcessor(session.getContext().getUri()); + builder.queryParam("key", token.serialize(session, realm, session.getContext().getUri())); String link = builder.build(realm.getName()).toString(); @@ -715,7 +710,7 @@ public class UserResource { //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success(); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success(); return Response.ok().build(); } catch (EmailException e) { @@ -772,7 +767,7 @@ public class UserResource { try { if (user.isMemberOf(group)){ user.leaveGroup(group); - adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success(); } } catch (ModelException me) { Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale()); @@ -793,7 +788,7 @@ public class UserResource { auth.groups().requireManageMembership(group); if (!user.isMemberOf(group)){ user.joinGroup(group); - adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success(); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java index d9ec881a34..672822b6c0 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java @@ -43,7 +43,6 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.UriInfo; import java.util.HashMap; import java.util.Map; @@ -64,9 +63,6 @@ public class UserStorageProviderResource { @Context protected ClientConnection clientConnection; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; @@ -153,7 +149,7 @@ public class UserStorageProviderResource { Map eventRep = new HashMap<>(); eventRep.put("action", action); eventRep.put("result", syncResult); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(eventRep).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(eventRep).success(); return syncResult; } @@ -241,7 +237,7 @@ public class UserStorageProviderResource { Map eventRep = new HashMap<>(); eventRep.put("action", direction); eventRep.put("result", syncResult); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(eventRep).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(eventRep).success(); return syncResult; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index d591581c8b..6c15f68b49 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -20,7 +20,6 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.common.ClientConnection; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; @@ -34,7 +33,8 @@ import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.ErrorResponse; -import org.keycloak.services.*; +import org.keycloak.services.ForbiddenException; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -77,9 +77,6 @@ public class UsersResource { @Context protected ClientConnection clientConnection; - @Context - protected UriInfo uriInfo; - @Context protected KeycloakSession session; @@ -97,13 +94,12 @@ public class UsersResource { * * Username must be unique. * - * @param uriInfo * @param rep * @return */ @POST @Consumes(MediaType.APPLICATION_JSON) - public Response createUser(final @Context UriInfo uriInfo, final UserRepresentation rep) { + public Response createUser(final UserRepresentation rep) { auth.users().requireManage(); // Double-check duplicated username and email here due to federation @@ -120,13 +116,13 @@ public class UsersResource { UserResource.updateUserFromRep(user, rep, emptySet, realm, session, false); RepresentationToModel.createCredentials(rep, session, realm, user, true); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success(); + adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success(); if (session.getTransactionManager().isActive()) { session.getTransactionManager().commit(); } - return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getId()).build()).build(); + return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(user.getId()).build()).build(); } catch (ModelDuplicateException e) { if (session.getTransactionManager().isActive()) { session.getTransactionManager().setRollbackOnly(); diff --git a/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java b/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java index b8d6c3aa20..e8e5196430 100755 --- a/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java +++ b/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java @@ -22,8 +22,8 @@ import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.provider.AbstractIdentityProvider; import org.keycloak.broker.provider.AuthenticationRequest; import org.keycloak.broker.provider.BrokeredIdentityContext; -import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken; +import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.util.IdentityBrokerState; import org.keycloak.broker.social.SocialIdentityProvider; @@ -173,11 +173,6 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider