libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-7967 Remove injection of UriInfo

Browse source
This commit is contained in:
stianst 2018-07-30 20:26:34 +02:00 committed by Marek Posolda
parent a2afe7c205
commit ae47b7fa80
61 changed files with 453 additions and 627 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java
View file

@ -40,6 +40,7 @@ import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
@ -55,6 +56,8 @@ import org.keycloak.util.JsonSerialization;
*/
public class PolicyResourceService {
@Context
private KeycloakSession session;
private final Policy policy;
protected final ResourceServer resourceServer;
protected final AuthorizationProvider authorization;
@ -73,7 +76,7 @@ public class PolicyResourceService {
@Consumes("application/json")
@Produces("application/json")
@NoCache
public Response update(@Context UriInfo uriInfo, String payload) {
public Response update(String payload) {
if (auth != null) {
this.auth.realm().requireManageAuthorization();
}
@ -89,13 +92,13 @@ public class PolicyResourceService {
RepresentationToModel.toModel(representation, authorization, policy);
audit(uriInfo, representation, OperationType.UPDATE);
audit(representation, OperationType.UPDATE);
return Response.status(Status.CREATED).build();
}
@DELETE
public Response delete(@Context UriInfo uriInfo) {
public Response delete() {
if (auth != null) {
this.auth.realm().requireManageAuthorization();
}
@ -113,7 +116,7 @@ public class PolicyResourceService {
policyStore.delete(policy.getId());
if (authorization.getRealm().isAdminEventsEnabled()) {
audit(uriInfo, toRepresentation(policy, authorization), OperationType.DELETE);
audit(toRepresentation(policy, authorization), OperationType.DELETE);
}
return Response.noContent().build();
@ -255,9 +258,9 @@ public class PolicyResourceService {
return policy;
}
private void audit(@Context UriInfo uriInfo, AbstractPolicyRepresentation policy, OperationType operation) {
private void audit(AbstractPolicyRepresentation policy, OperationType operation) {
if (authorization.getRealm().isAdminEventsEnabled()) {
adminEvent.operation(operation).resourcePath(uriInfo).representation(policy).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(policy).success();
}
}
}

13
services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
View file

@ -57,6 +57,7 @@ import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
@ -71,6 +72,8 @@ import org.keycloak.util.JsonSerialization;
*/
public class PolicyService {
@Context
private KeycloakSession session;
protected final ResourceServer resourceServer;
protected final AuthorizationProvider authorization;
protected final AdminPermissionEvaluator auth;
@ -108,7 +111,7 @@ public class PolicyService {
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public Response create(@Context UriInfo uriInfo, String payload) {
public Response create(String payload) {
if (auth != null) {
this.auth.realm().requireManageAuthorization();
}
@ -118,7 +121,7 @@ public class PolicyService {
representation.setId(policy.getId());
audit(uriInfo, representation, representation.getId(), OperationType.CREATE);
audit(representation, representation.getId(), OperationType.CREATE);
return Response.status(Status.CREATED).entity(representation).build();
}
@ -325,12 +328,12 @@ public class PolicyService {
});
}
private void audit(@Context UriInfo uriInfo, AbstractPolicyRepresentation resource, String id, OperationType operation) {
private void audit(AbstractPolicyRepresentation resource, String id, OperationType operation) {
if (authorization.getRealm().isAdminEventsEnabled()) {
if (id != null) {
adminEvent.operation(operation).resourcePath(uriInfo, id).representation(resource).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success();
} else {
adminEvent.operation(operation).resourcePath(uriInfo).representation(resource).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success();
}
}
}

18
services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
View file

@ -27,7 +27,6 @@ import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
@ -68,9 +67,6 @@ public class ResourceServerService {
private ResourceServer resourceServer;
private final ClientModel client;
@Context
private UriInfo uriInfo;
public ResourceServerService(AuthorizationProvider authorization, ResourceServer resourceServer, ClientModel client, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.authorization = authorization;
this.session = authorization.getKeycloakSession();
@ -96,7 +92,7 @@ public class ResourceServerService {
this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId());
createDefaultRoles(serviceAccount);
createDefaultPermission(createDefaultResource(), createDefaultPolicy());
audit(OperationType.CREATE, uriInfo, newClient);
audit(OperationType.CREATE, session.getContext().getUri(), newClient);
return resourceServer;
}
@ -108,14 +104,14 @@ public class ResourceServerService {
this.auth.realm().requireManageAuthorization();
this.resourceServer.setAllowRemoteResourceManagement(server.isAllowRemoteResourceManagement());
this.resourceServer.setPolicyEnforcementMode(server.getPolicyEnforcementMode());
audit(OperationType.UPDATE, uriInfo, false);
audit(OperationType.UPDATE, session.getContext().getUri(), false);
return Response.noContent().build();
}
public void delete() {
this.auth.realm().requireManageAuthorization();
authorization.getStoreFactory().getResourceServerStore().delete(resourceServer.getId());
audit(OperationType.DELETE, uriInfo, false);
audit(OperationType.DELETE, session.getContext().getUri(), false);
}
@GET
@ -136,21 +132,21 @@ public class ResourceServerService {
@Path("/import")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response importSettings(@Context final UriInfo uriInfo, ResourceServerRepresentation rep) {
public Response importSettings(ResourceServerRepresentation rep) {
this.auth.realm().requireManageAuthorization();
rep.setClientId(client.getId());
RepresentationToModel.toModel(rep, authorization);
audit(OperationType.UPDATE, uriInfo, false);
audit(OperationType.UPDATE, session.getContext().getUri(), false);
return Response.noContent().build();
}
@Path("/resource")
public ResourceSetService getResourceSetResource() {
ResourceSetService resource = new ResourceSetService(this.resourceServer, this.authorization, this.auth, adminEvent);
ResourceSetService resource = new ResourceSetService(this.session, this.resourceServer, this.authorization, this.auth, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(resource);
@ -159,7 +155,7 @@ public class ResourceServerService {
@Path("/scope")
public ScopeService getScopeResource() {
ScopeService resource = new ScopeService(this.resourceServer, this.authorization, this.auth, adminEvent);
ScopeService resource = new ScopeService(this.session, this.resourceServer, this.authorization, this.auth, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(resource);

27
services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
View file

@ -61,6 +61,7 @@ import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
@ -79,9 +80,11 @@ public class ResourceSetService {
private final AuthorizationProvider authorization;
private final AdminPermissionEvaluator auth;
private final AdminEventBuilder adminEvent;
private KeycloakSession session;
private ResourceServer resourceServer;
public ResourceSetService(ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
public ResourceSetService(KeycloakSession session, ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.session = session;
this.resourceServer = resourceServer;
this.authorization = authorization;
this.auth = auth;
@ -92,14 +95,14 @@ public class ResourceSetService {
@NoCache
@Consumes("application/json")
@Produces("application/json")
public Response create(@Context UriInfo uriInfo, ResourceRepresentation resource) {
public Response createPost(ResourceRepresentation resource) {
if (resource == null) {
return Response.status(Status.BAD_REQUEST).build();
}
ResourceRepresentation newResource = create(resource);
audit(uriInfo, resource, resource.getId(), OperationType.CREATE);
audit(resource, resource.getId(), OperationType.CREATE);
return Response.status(Status.CREATED).entity(newResource).build();
}
@ -134,7 +137,7 @@ public class ResourceSetService {
@PUT
@Consumes("application/json")
@Produces("application/json")
public Response update(@Context UriInfo uriInfo, @PathParam("id") String id, ResourceRepresentation resource) {
public Response update(@PathParam("id") String id, ResourceRepresentation resource) {
requireManage();
resource.setId(id);
StoreFactory storeFactory = this.authorization.getStoreFactory();
@ -147,14 +150,14 @@ public class ResourceSetService {
toModel(resource, resourceServer, authorization);
audit(uriInfo, resource, OperationType.UPDATE);
audit(resource, OperationType.UPDATE);
return Response.noContent().build();
}
@Path("{id}")
@DELETE
public Response delete(@Context UriInfo uriInfo, @PathParam("id") String id) {
public Response delete(@PathParam("id") String id) {
requireManage();
StoreFactory storeFactory = authorization.getStoreFactory();
Resource resource = storeFactory.getResourceStore().findById(id, resourceServer.getId());
@ -166,7 +169,7 @@ public class ResourceSetService {
storeFactory.getResourceStore().delete(id);
if (authorization.getRealm().isAdminEventsEnabled()) {
audit(uriInfo, toRepresentation(resource, resourceServer, authorization), OperationType.DELETE);
audit(toRepresentation(resource, resourceServer, authorization), OperationType.DELETE);
}
return Response.noContent().build();
@ -465,16 +468,16 @@ public class ResourceSetService {
}
}
private void audit(@Context UriInfo uriInfo, ResourceRepresentation resource, OperationType operation) {
audit(uriInfo, resource, null, operation);
private void audit(ResourceRepresentation resource, OperationType operation) {
audit(resource, null, operation);
}
public void audit(@Context UriInfo uriInfo, ResourceRepresentation resource, String id, OperationType operation) {
public void audit(ResourceRepresentation resource, String id, OperationType operation) {
if (authorization.getRealm().isAdminEventsEnabled()) {
if (id != null) {
adminEvent.operation(operation).resourcePath(uriInfo, id).representation(resource).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success();
} else {
adminEvent.operation(operation).resourcePath(uriInfo).representation(resource).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success();
}
}
}

27
services/src/main/java/org/keycloak/authorization/admin/ScopeService.java
View file

@ -28,6 +28,7 @@ import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
@ -67,9 +68,11 @@ public class ScopeService {
private final AuthorizationProvider authorization;
private final AdminPermissionEvaluator auth;
private final AdminEventBuilder adminEvent;
private KeycloakSession session;
private ResourceServer resourceServer;
public ScopeService(ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
public ScopeService(KeycloakSession session, ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.session = session;
this.resourceServer = resourceServer;
this.authorization = authorization;
this.auth = auth;
@ -80,13 +83,13 @@ public class ScopeService {
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response create(@Context UriInfo uriInfo, ScopeRepresentation scope) {
public Response create(ScopeRepresentation scope) {
this.auth.realm().requireManageAuthorization();
Scope model = toModel(scope, this.resourceServer, authorization);
scope.setId(model.getId());
audit(uriInfo, scope, scope.getId(), OperationType.CREATE);
audit(scope, scope.getId(), OperationType.CREATE);
return Response.status(Status.CREATED).entity(scope).build();
}
@ -95,7 +98,7 @@ public class ScopeService {
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response update(@Context UriInfo uriInfo, @PathParam("id") String id, ScopeRepresentation scope) {
public Response update(@PathParam("id") String id, ScopeRepresentation scope) {
this.auth.realm().requireManageAuthorization();
scope.setId(id);
StoreFactory storeFactory = authorization.getStoreFactory();
@ -107,14 +110,14 @@ public class ScopeService {
toModel(scope, resourceServer, authorization);
audit(uriInfo, scope, OperationType.UPDATE);
audit(scope, OperationType.UPDATE);
return Response.noContent().build();
}
@Path("{id}")
@DELETE
public Response delete(@Context UriInfo uriInfo, @PathParam("id") String id) {
public Response delete(@PathParam("id") String id) {
this.auth.realm().requireManageAuthorization();
StoreFactory storeFactory = authorization.getStoreFactory();
List<Resource> resources = storeFactory.getResourceStore().findByScope(Arrays.asList(id), resourceServer.getId());
@ -143,7 +146,7 @@ public class ScopeService {
storeFactory.getScopeStore().delete(id);
if (authorization.getRealm().isAdminEventsEnabled()) {
audit(uriInfo, toRepresentation(scope), OperationType.DELETE);
audit(toRepresentation(scope), OperationType.DELETE);
}
return Response.noContent().build();
@ -260,16 +263,16 @@ public class ScopeService {
.build();
}
private void audit(@Context UriInfo uriInfo, ScopeRepresentation resource, OperationType operation) {
audit(uriInfo, resource, null, operation);
private void audit(ScopeRepresentation resource, OperationType operation) {
audit(resource, null, operation);
}
private void audit(@Context UriInfo uriInfo, ScopeRepresentation resource, String id, OperationType operation) {
private void audit(ScopeRepresentation resource, String id, OperationType operation) {
if (authorization.getRealm().isAdminEventsEnabled()) {
if (id != null) {
adminEvent.operation(operation).resourcePath(uriInfo, id).representation(resource).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success();
} else {
adminEvent.operation(operation).resourcePath(uriInfo).representation(resource).success();
adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success();
}
}
}

6
services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java
View file

@ -45,6 +45,8 @@ import org.keycloak.authorization.protection.policy.UserManagedPermissionService
*/
public class ProtectionService {
@Context
private KeycloakSession session;
private final AuthorizationProvider authorization;
@Context
@ -58,11 +60,11 @@ public class ProtectionService {
public Object resource() {
KeycloakIdentity identity = createIdentity(true);
ResourceServer resourceServer = getResourceServer(identity);
ResourceSetService resourceManager = new ResourceSetService(resourceServer, this.authorization, null, createAdminEventBuilder(identity, resourceServer));
ResourceSetService resourceManager = new ResourceSetService(this.session, resourceServer, this.authorization, null, createAdminEventBuilder(identity, resourceServer));
ResteasyProviderFactory.getInstance().injectProperties(resourceManager);
ResourceService resource = new ResourceService(resourceServer, identity, resourceManager);
ResourceService resource = new ResourceService(this.session, resourceServer, identity, resourceManager);
ResteasyProviderFactory.getInstance().injectProperties(resource);

10
services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java
View file

@ -74,7 +74,7 @@ public class UserManagedPermissionService {
@Path("{resourceId}")
@Consumes("application/json")
@Produces("application/json")
public Response create(@Context UriInfo uriInfo, @PathParam("resourceId") String resourceId, UmaPermissionRepresentation representation) {
public Response create(@PathParam("resourceId") String resourceId, UmaPermissionRepresentation representation) {
if (representation.getId() != null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Newly created uma policies should not have an id", Response.Status.BAD_REQUEST);
}
@ -91,7 +91,7 @@ public class UserManagedPermissionService {
@PUT
@Consumes("application/json")
@Produces("application/json")
public Response update(@Context UriInfo uriInfo, @PathParam("policyId") String policyId, String payload) {
public Response update(@PathParam("policyId") String policyId, String payload) {
UmaPermissionRepresentation representation;
try {
@ -102,14 +102,14 @@ public class UserManagedPermissionService {
checkRequest(getAssociatedResourceId(policyId), representation);
return PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).update(uriInfo, payload);
return PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).update(payload);
}
@Path("{policyId}")
@DELETE
public Response delete(@Context UriInfo uriInfo, @PathParam("policyId") String policyId) {
public Response delete(@PathParam("policyId") String policyId) {
checkRequest(getAssociatedResourceId(policyId), null);
PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).delete(uriInfo);
PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).delete();
return Response.noContent().build();
}

17
services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java
View file

@ -39,6 +39,7 @@ import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.services.ErrorResponseException;
@ -50,9 +51,11 @@ public class ResourceService {
private final ResourceServer resourceServer;
private final ResourceSetService resourceManager;
private final KeycloakSession session;
private final Identity identity;
public ResourceService(ResourceServer resourceServer, Identity identity, ResourceSetService resourceManager) {
public ResourceService(KeycloakSession session, ResourceServer resourceServer, Identity identity, ResourceSetService resourceManager) {
this.session = session;
this.identity = identity;
this.resourceServer = resourceServer;
this.resourceManager = resourceManager;
@ -61,7 +64,7 @@ public class ResourceService {
@POST
@Consumes("application/json")
@Produces("application/json")
public Response create(@Context UriInfo uriInfo, UmaResourceRepresentation resource) {
public Response create(UmaResourceRepresentation resource) {
checkResourceServerSettings();
if (resource == null) {
@ -85,7 +88,7 @@ public class ResourceService {
ResourceRepresentation newResource = resourceManager.create(resource);
resourceManager.audit(uriInfo, resource, resource.getId(), OperationType.CREATE);
resourceManager.audit(resource, resource.getId(), OperationType.CREATE);
return Response.status(Status.CREATED).entity(new UmaResourceRepresentation(newResource)).build();
}
@ -94,15 +97,15 @@ public class ResourceService {
@PUT
@Consumes("application/json")
@Produces("application/json")
public Response update(@Context UriInfo uriInfo, @PathParam("id") String id, ResourceRepresentation resource) {
return this.resourceManager.update(uriInfo, id, resource);
public Response update(@PathParam("id") String id, ResourceRepresentation resource) {
return this.resourceManager.update(id, resource);
}
@Path("/{id}")
@DELETE
public Response delete(@Context UriInfo uriInfo, @PathParam("id") String id) {
public Response delete(@PathParam("id") String id) {
checkResourceServerSettings();
return this.resourceManager.delete(uriInfo, id);
return this.resourceManager.delete(id);
}
@Path("/{id}")

5
services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
View file

@ -389,9 +389,6 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
@Context
protected HttpHeaders headers;
@Context
protected UriInfo uriInfo;
public Endpoint(AuthenticationCallback callback, RealmModel realm, EventBuilder event) {
this.callback = callback;
this.realm = realm;
@ -447,7 +444,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
.param(OAUTH2_PARAMETER_CODE, authorizationCode)
.param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
.param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret())
.param(OAUTH2_PARAMETER_REDIRECT_URI, uriInfo.getAbsolutePath().toString())
.param(OAUTH2_PARAMETER_REDIRECT_URI, session.getContext().getUri().getAbsolutePath().toString())
.param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE);
}
}

2
services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
View file

@ -104,7 +104,7 @@ public class KeycloakOIDCIdentityProvider extends OIDCIdentityProvider {
&& userSession.getState() != UserSessionModel.State.LOGGING_OUT
&& userSession.getState() != UserSessionModel.State.LOGGED_OUT
) {
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, false);
}
}

5
services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
View file

@ -101,8 +101,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
@GET
@Path("logout_response")
public Response logoutResponse(@Context UriInfo uriInfo,
@QueryParam("state") String state) {
public Response logoutResponse(@QueryParam("state") String state) {
UserSessionModel userSession = session.sessions().getUserSession(realm, state);
if (userSession == null) {
logger.error("no valid user session");
@ -118,7 +117,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
event.error(Errors.USER_SESSION_NOT_FOUND);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.SESSION_NOT_ACTIVE);
}
return AuthenticationManager.finishBrowserLogout(session, realm, userSession, uriInfo, clientConnection, headers);
return AuthenticationManager.finishBrowserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers);
}
}

21
services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
View file

@ -112,9 +112,6 @@ public class SAMLEndpoint {
protected IdentityProvider.AuthenticationCallback callback;
protected SAMLIdentityProvider provider;
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;
@ -136,7 +133,7 @@ public class SAMLEndpoint {
@NoCache
@Path("descriptor")
public Response getSPDescriptor() {
return provider.export(uriInfo, realm, null);
return provider.export(session.getContext().getUri(), realm, null);
}
@GET
@ -181,7 +178,7 @@ public class SAMLEndpoint {
protected abstract class Binding {
private boolean checkSsl() {
if (uriInfo.getBaseUri().getScheme().equals("https")) {
if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) {
return true;
} else {
return !realm.getSslRequired().isRequired(clientConnection);
@ -241,7 +238,7 @@ public class SAMLEndpoint {
SAMLDocumentHolder holder = extractRequestDocument(samlRequest);
RequestAbstractType requestAbstractType = (RequestAbstractType) holder.getSamlObject();
// validate destination
if (requestAbstractType.getDestination() != null && !uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
if (requestAbstractType.getDestination() != null && !session.getContext().getUri().getAbsolutePath().equals(requestAbstractType.getDestination())) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "invalid_destination");
event.error(Errors.INVALID_SAML_RESPONSE);
@ -280,7 +277,7 @@ public class SAMLEndpoint {
continue;
}
try {
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, false);
} catch (Exception e) {
logger.warn("failed to do backchannel logout for userSession", e);
}
@ -295,7 +292,7 @@ public class SAMLEndpoint {
continue;
}
try {
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, false);
} catch (Exception e) {
logger.warn("failed to do backchannel logout for userSession", e);
}
@ -303,7 +300,7 @@ public class SAMLEndpoint {
}
}
String issuerURL = getEntityId(uriInfo, realm);
String issuerURL = getEntityId(session.getContext().getUri(), realm);
SAML2LogoutResponseBuilder builder = new SAML2LogoutResponseBuilder();
builder.logoutRequestID(request.getID());
builder.destination(config.getSingleLogoutServiceUrl());
@ -459,7 +456,7 @@ public class SAMLEndpoint {
SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
StatusResponseType statusResponse = (StatusResponseType)holder.getSamlObject();
// validate destination
if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
if (statusResponse.getDestination() != null && !session.getContext().getUri().getAbsolutePath().toString().equals(statusResponse.getDestination())) {
event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
event.detail(Details.REASON, "invalid_destination");
event.error(Errors.INVALID_SAML_RESPONSE);
@ -506,7 +503,7 @@ public class SAMLEndpoint {
event.error(Errors.USER_SESSION_NOT_FOUND);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.SESSION_NOT_ACTIVE);
}
return AuthenticationManager.finishBrowserLogout(session, realm, userSession, uriInfo, clientConnection, headers);
return AuthenticationManager.finishBrowserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers);
}
@ -552,7 +549,7 @@ public class SAMLEndpoint {
@Override
protected void verifySignature(String key, SAMLDocumentHolder documentHolder) throws VerificationException {
KeyLocator locator = getIDPKeyLocator();
SamlProtocolUtils.verifyRedirectSignature(documentHolder, locator, uriInfo, key);
SamlProtocolUtils.verifyRedirectSignature(documentHolder, locator, session.getContext().getUri(), key);
}

8
services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java
View file

@ -61,8 +61,6 @@ public abstract class AuthorizationEndpointBase {
protected EventBuilder event;
protected AuthenticationManager authManager;
@Context
protected UriInfo uriInfo;
@Context
protected HttpHeaders headers;
@Context
@ -87,7 +85,7 @@ public abstract class AuthorizationEndpointBase {
.setEventBuilder(event)
.setRealm(realm)
.setSession(session)
.setUriInfo(uriInfo)
.setUriInfo(session.getContext().getUri())
.setRequest(httpRequest);
authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);
@ -136,7 +134,7 @@ public abstract class AuthorizationEndpointBase {
return processor.finishAuthentication(protocol);
} else {
try {
RestartLoginCookie.setRestartCookie(session, realm, clientConnection, uriInfo, authSession);
RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession);
if (redirectToAuthentication) {
return processor.redirectToFlow();
}
@ -152,7 +150,7 @@ public abstract class AuthorizationEndpointBase {
}
protected void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
event.error(Errors.SSL_REQUIRED);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED);
}

6
services/src/main/java/org/keycloak/protocol/docker/DockerEndpoint.java
View file

@ -43,7 +43,7 @@ public class DockerEndpoint extends AuthorizationEndpointBase {
public Response build() {
ProfileHelper.requireFeature(Profile.Feature.DOCKER);
final MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
final MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();
account = params.getFirst(DockerAuthV2Protocol.ACCOUNT_PARAM);
if (account == null) {
@ -72,7 +72,7 @@ public class DockerEndpoint extends AuthorizationEndpointBase {
// So back button doesn't work
CacheControlUtil.noBackButtonCacheControlHeader();
return handleBrowserAuthenticationRequest(authenticationSession, new DockerAuthV2Protocol(session, realm, uriInfo, headers, event.event(login)), false, false);
return handleBrowserAuthenticationRequest(authenticationSession, new DockerAuthV2Protocol(session, realm, session.getContext().getUri(), headers, event.event(login)), false, false);
}
private void updateAuthenticationSession() {
@ -83,7 +83,7 @@ public class DockerEndpoint extends AuthorizationEndpointBase {
authenticationSession.setClientNote(DockerAuthV2Protocol.ACCOUNT_PARAM, account);
authenticationSession.setClientNote(DockerAuthV2Protocol.SERVICE_PARAM, service);
authenticationSession.setClientNote(DockerAuthV2Protocol.SCOPE_PARAM, scope);
authenticationSession.setClientNote(DockerAuthV2Protocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authenticationSession.setClientNote(DockerAuthV2Protocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
}

3
services/src/main/java/org/keycloak/protocol/docker/DockerV2LoginProtocolService.java
View file

@ -22,9 +22,6 @@ public class DockerV2LoginProtocolService {
private final TokenManager tokenManager;
private final EventBuilder event;
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;

7
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
View file

@ -66,9 +66,6 @@ public class OIDCLoginProtocolService {
private TokenManager tokenManager;
private EventBuilder event;
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;
@ -244,8 +241,8 @@ public class OIDCLoginProtocolService {
@GET
@Path("delegated")
public Response kcinitBrowserLoginComplete(@QueryParam("error") boolean error) {
AuthenticationManager.expireIdentityCookie(realm, uriInfo, clientConnection);
AuthenticationManager.expireRememberMeCookie(realm, uriInfo, clientConnection);
AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection);
AuthenticationManager.expireRememberMeCookie(realm, session.getContext().getUri(), clientConnection);
if (error) {
LoginFormsProvider forms = session.getProvider(LoginFormsProvider.class);
return forms

12
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
View file

@ -105,7 +105,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
@GET
public Response buildGet() {
logger.trace("Processing @GET request");
return process(uriInfo.getQueryParameters());
return process(session.getContext().getUri().getQueryParameters());
}
private Response process(MultivaluedMap<String, String> params) {
@ -358,7 +358,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
event.detail(Details.REDIRECT_URI, redirectUriParam);
// redirect_uri parameter is required per OpenID Connect, but optional per OAuth2
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUriParam, realm, client, isOIDCRequest);
redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUriParam, realm, client, isOIDCRequest);
if (redirectUri == null) {
event.error(Errors.INVALID_REDIRECT_URI);
throw new ErrorPageException(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM);
@ -372,7 +372,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
authenticationSession.setClientNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, request.getResponseType());
authenticationSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, request.getRedirectUriParam());
authenticationSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authenticationSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
if (request.getState() != null) authenticationSession.setClientNote(OIDCLoginProtocol.STATE_PARAM, request.getState());
if (request.getNonce() != null) authenticationSession.setClientNote(OIDCLoginProtocol.NONCE_PARAM, request.getNonce());
@ -406,11 +406,11 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
this.event.event(EventType.LOGIN);
authenticationSession.setAuthNote(Details.AUTH_TYPE, CODE_AUTH_TYPE);
return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, uriInfo, headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false);
return handleBrowserAuthenticationRequest(authenticationSession, new OIDCLoginProtocol(session, realm, session.getContext().getUri(), headers, event), TokenUtil.hasPrompt(request.getPrompt(), OIDCLoginProtocol.PROMPT_VALUE_NONE), false);
}
private Response buildRegister() {
authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
authManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection);
AuthenticationFlowModel flow = realm.getRegistrationFlow();
String flowId = flow.getId();
@ -422,7 +422,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
}
private Response buildForgotCredential() {
authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
authManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection);
AuthenticationFlowModel flow = realm.getResetCredentialsFlow();
String flowId = flow.getId();

17
services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
View file

@ -48,7 +48,6 @@ import org.keycloak.util.TokenUtil;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
@ -57,7 +56,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -77,9 +75,6 @@ public class LogoutEndpoint {
@Context
private HttpHeaders headers;
@Context
private UriInfo uriInfo;
private TokenManager tokenManager;
private RealmModel realm;
private EventBuilder event;
@ -105,7 +100,7 @@ public class LogoutEndpoint {
String redirect = postLogoutRedirectUri != null ? postLogoutRedirectUri : redirectUri;
if (redirect != null) {
String validatedUri = RedirectUtils.verifyRealmRedirectUri(uriInfo, redirect, realm);
String validatedUri = RedirectUtils.verifyRealmRedirectUri(session.getContext().getUri(), redirect, realm);
if (validatedUri == null) {
event.event(EventType.LOGOUT);
event.detail(Details.REDIRECT_URI, redirect);
@ -135,12 +130,12 @@ public class LogoutEndpoint {
if (state != null) userSession.setNote(OIDCLoginProtocol.LOGOUT_STATE_PARAM, state);
userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, OIDCLoginProtocol.LOGIN_PROTOCOL);
logger.debug("Initiating OIDC browser logout");
Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers);
Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers);
logger.debug("finishing OIDC browser logout");
return response;
} else if (userSession != null) { // non browser logout
event.event(EventType.LOGOUT);
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true);
event.user(userSession.getUser()).session(userSession).success();
}
@ -211,11 +206,11 @@ public class LogoutEndpoint {
}
}
return Cors.add(request, Response.noContent()).auth().allowedOrigins(uriInfo, client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
return Cors.add(request, Response.noContent()).auth().allowedOrigins(session.getContext().getUri(), client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
}
private void logout(UserSessionModel userSession, boolean offline) {
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true, offline);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true, offline);
event.user(userSession.getUser()).session(userSession).success();
}
@ -230,7 +225,7 @@ public class LogoutEndpoint {
}
private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN);
}
}

26
services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
View file

@ -99,7 +99,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import java.util.List;
import java.util.Map;
@ -138,9 +137,6 @@ public class TokenEndpoint {
@Context
private HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private ClientConnection clientConnection;
@ -211,7 +207,7 @@ public class TokenEndpoint {
}
private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
throw new CorsErrorResponseException(cors.allowAllOrigins(), OAuthErrorException.INVALID_REQUEST, "HTTPS required", Response.Status.FORBIDDEN);
}
}
@ -227,7 +223,7 @@ public class TokenEndpoint {
client = clientAuth.getClient();
clientAuthAttributes = clientAuth.getClientAuthAttributes();
cors.allowedOrigins(uriInfo, client);
cors.allowedOrigins(session.getContext().getUri(), client);
if (client.isBearerOnly()) {
throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_CLIENT, "Bearer-only not allowed", Response.Status.BAD_REQUEST);
@ -452,7 +448,7 @@ public class TokenEndpoint {
AccessTokenResponse res;
try {
// KEYCLOAK-6771 Certificate Bound Token
TokenManager.RefreshResult result = tokenManager.refreshAccessToken(session, uriInfo, clientConnection, realm, client, refreshToken, event, headers, request);
TokenManager.RefreshResult result = tokenManager.refreshAccessToken(session, session.getContext().getUri(), clientConnection, realm, client, refreshToken, event, headers, request);
res = result.getResponse();
if (!result.isOfflineToken()) {
@ -530,7 +526,7 @@ public class TokenEndpoint {
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
authSession.setAction(AuthenticatedClientSessionModel.Action.AUTHENTICATE.name());
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
AuthenticationFlowModel flow = AuthenticationFlowResolver.resolveDirectGrantFlow(authSession);
@ -542,7 +538,7 @@ public class TokenEndpoint {
.setEventBuilder(event)
.setRealm(realm)
.setSession(session)
.setUriInfo(uriInfo)
.setUriInfo(session.getContext().getUri())
.setRequest(request);
Response challenge = processor.authenticateOnly();
if (challenge != null) {
@ -619,7 +615,7 @@ public class TokenEndpoint {
authSession.setAuthenticatedUser(clientUser);
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
UserSessionModel userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, clientUser, clientUsername,
@ -665,7 +661,7 @@ public class TokenEndpoint {
String subjectToken = formParams.getFirst(OAuth2Constants.SUBJECT_TOKEN);
if (subjectToken != null) {
String subjectTokenType = formParams.getFirst(OAuth2Constants.SUBJECT_TOKEN_TYPE);
String realmIssuerUrl = Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName());
String realmIssuerUrl = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName());
String subjectIssuer = formParams.getFirst(OAuth2Constants.SUBJECT_ISSUER);
if (subjectIssuer == null && OAuth2Constants.JWT_TOKEN_TYPE.equals(subjectTokenType)) {
@ -694,7 +690,7 @@ public class TokenEndpoint {
}
AuthenticationManager.AuthResult authResult = AuthenticationManager.verifyIdentityToken(session, realm, uriInfo, clientConnection, true, true, false, subjectToken, headers);
AuthenticationManager.AuthResult authResult = AuthenticationManager.verifyIdentityToken(session, realm, session.getContext().getUri(), clientConnection, true, true, false, subjectToken, headers);
if (authResult == null) {
event.detail(Details.REASON, "subject_token validation failure");
event.error(Errors.INVALID_TOKEN);
@ -791,7 +787,7 @@ public class TokenEndpoint {
event.error(Errors.NOT_ALLOWED);
throw new CorsErrorResponseException(cors, OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN);
}
Response response = ((ExchangeTokenToIdentityProviderToken)provider).exchangeFromToken(uriInfo, event, client, targetUserSession, targetUser, formParams);
Response response = ((ExchangeTokenToIdentityProviderToken)provider).exchangeFromToken(session.getContext().getUri(), event, client, targetUserSession, targetUser, formParams);
return cors.builder(Response.fromResponse(response)).build();
}
@ -838,7 +834,7 @@ public class TokenEndpoint {
authSession.setAuthenticatedUser(targetUser);
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
event.session(targetUserSession);
@ -1044,7 +1040,7 @@ public class TokenEndpoint {
session.getContext().setClient(client);
cors.allowedOrigins(uriInfo, client);
cors.allowedOrigins(session.getContext().getUri(), client);
}
String claimToken = null;

5
services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenIntrospectionEndpoint.java
View file

@ -56,9 +56,6 @@ public class TokenIntrospectionEndpoint {
@Context
private HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private ClientConnection clientConnection;
@ -130,7 +127,7 @@ public class TokenIntrospectionEndpoint {
}
private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
throw new ErrorResponseException("invalid_request", "HTTPS required", Status.FORBIDDEN);
}
}

11
services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
View file

@ -45,8 +45,8 @@ import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.UserSessionCrossDCManager;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.util.MtlsHoKTokenUtil;
import org.keycloak.services.util.DefaultClientSessionContext;
import org.keycloak.services.util.MtlsHoKTokenUtil;
import org.keycloak.utils.MediaType;
import javax.ws.rs.GET;
@ -56,11 +56,9 @@ import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author pedroigor
@ -73,9 +71,6 @@ public class UserInfoEndpoint {
@Context
private HttpResponse response;
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;
@ -135,7 +130,7 @@ public class UserInfoEndpoint {
AccessToken token = null;
try {
RSATokenVerifier verifier = RSATokenVerifier.create(tokenString)
.realmUrl(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
.realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
String kid = verifier.getHeader().getKeyId();
verifier.publicKey(session.keys().getRsaPublicKey(realm, kid));
token = verifier.verify().getToken();
@ -194,7 +189,7 @@ public class UserInfoEndpoint {
OIDCAdvancedConfigWrapper cfg = OIDCAdvancedConfigWrapper.fromClientModel(clientModel);
if (cfg.isUserInfoSignatureRequired()) {
String issuerUrl = Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName());
String issuerUrl = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName());
String audience = clientModel.getClientId();
claims.put("iss", issuerUrl);
claims.put("aud", audience);

32
services/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -147,7 +147,7 @@ public class SamlService extends AuthorizationEndpointBase {
StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject();
// validate destination
if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
if (statusResponse.getDestination() != null && !session.getContext().getUri().getAbsolutePath().toString().equals(statusResponse.getDestination())) {
event.detail(Details.REASON, "invalid_destination");
event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
@ -179,7 +179,7 @@ public class SamlService extends AuthorizationEndpointBase {
}
session.getContext().setClient(client);
logger.debug("logout response");
Response response = authManager.browserLogout(session, realm, userSession, uriInfo, clientConnection, headers);
Response response = authManager.browserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers);
event.success();
return response;
}
@ -283,7 +283,7 @@ public class SamlService extends AuthorizationEndpointBase {
String redirect;
URI redirectUri = requestAbstractType.getAssertionConsumerServiceURL();
if (redirectUri != null && ! "null".equals(redirectUri.toString())) { // "null" is for testing purposes
redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client);
redirect = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri.toString(), realm, client);
} else {
if (bindingType.equals(SamlProtocol.SAML_POST_BINDING)) {
redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE);
@ -386,12 +386,12 @@ public class SamlService extends AuthorizationEndpointBase {
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) {
String logoutBinding = getBindingType();
String postBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, SamlProtocol.SAML_POST_BINDING);
String postBindingUri = SamlProtocol.getLogoutServiceUrl(session.getContext().getUri(), client, SamlProtocol.SAML_POST_BINDING);
if (samlClient.forcePostBinding() && postBindingUri != null && ! postBindingUri.trim().isEmpty())
logoutBinding = SamlProtocol.SAML_POST_BINDING;
boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding);
String bindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, logoutBinding);
String bindingUri = SamlProtocol.getLogoutServiceUrl(session.getContext().getUri(), client, logoutBinding);
UserSessionModel userSession = authResult.getSession();
userSession.setNote(SamlProtocol.SAML_LOGOUT_BINDING_URI, bindingUri);
if (samlClient.requiresRealmSignature()) {
@ -412,7 +412,7 @@ public class SamlService extends AuthorizationEndpointBase {
clientSession.setAction(AuthenticationSessionModel.Action.LOGGED_OUT.name());
}
logger.debug("browser Logout");
return authManager.browserLogout(session, realm, userSession, uriInfo, clientConnection, headers);
return authManager.browserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers);
} else if (logoutRequest.getSessionIndex() != null) {
for (String sessionIndex : logoutRequest.getSessionIndex()) {
@ -426,7 +426,7 @@ public class SamlService extends AuthorizationEndpointBase {
}
try {
authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
authManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true);
} catch (Exception e) {
logger.warn("Failure with backchannel logout", e);
}
@ -438,12 +438,12 @@ public class SamlService extends AuthorizationEndpointBase {
// default
String logoutBinding = getBindingType();
String logoutBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, logoutBinding);
String logoutBindingUri = SamlProtocol.getLogoutServiceUrl(session.getContext().getUri(), client, logoutBinding);
String logoutRelayState = relayState;
SAML2LogoutResponseBuilder builder = new SAML2LogoutResponseBuilder();
builder.logoutRequestID(logoutRequest.getID());
builder.destination(logoutBindingUri);
builder.issuer(RealmsResource.realmBaseUrl(uriInfo).build(realm.getName()).toString());
builder.issuer(RealmsResource.realmBaseUrl(session.getContext().getUri()).build(realm.getName()).toString());
JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder().relayState(logoutRelayState);
boolean postBinding = SamlProtocol.SAML_POST_BINDING.equals(logoutBinding);
if (samlClient.requiresRealmSignature()) {
@ -466,7 +466,7 @@ public class SamlService extends AuthorizationEndpointBase {
}
private boolean checkSsl() {
if (uriInfo.getBaseUri().getScheme().equals("https")) {
if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) {
return true;
} else {
return !realm.getSslRequired().isRequired(clientConnection);
@ -518,7 +518,7 @@ public class SamlService extends AuthorizationEndpointBase {
}
PublicKey publicKey = SamlProtocolUtils.getSignatureValidationKey(client);
KeyLocator clientKeyLocator = new HardcodedKeyLocator(publicKey);
SamlProtocolUtils.verifyRedirectSignature(documentHolder, clientKeyLocator, uriInfo, GeneralConstants.SAML_REQUEST_KEY);
SamlProtocolUtils.verifyRedirectSignature(documentHolder, clientKeyLocator, session.getContext().getUri(), GeneralConstants.SAML_REQUEST_KEY);
}
@Override
@ -539,7 +539,7 @@ public class SamlService extends AuthorizationEndpointBase {
}
protected Response newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication) {
SamlProtocol samlProtocol = new SamlProtocol().setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(uriInfo);
SamlProtocol samlProtocol = new SamlProtocol().setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri());
return newBrowserAuthentication(authSession, isPassive, redirectToAuthentication, samlProtocol);
}
@ -576,7 +576,7 @@ public class SamlService extends AuthorizationEndpointBase {
@Produces(MediaType.APPLICATION_XML)
@NoCache
public String getDescriptor() throws Exception {
return getIDPMetadataDescriptor(uriInfo, session, realm);
return getIDPMetadataDescriptor(session.getContext().getUri(), session, realm);
}
@ -708,7 +708,7 @@ public class SamlService extends AuthorizationEndpointBase {
return true; // destination is optional
}
URI expected = uriInfo.getAbsolutePath();
URI expected = session.getContext().getUri().getAbsolutePath();
if (Objects.equals(expected, destination)) {
return true;
@ -716,12 +716,12 @@ public class SamlService extends AuthorizationEndpointBase {
Integer portByScheme = knownPorts.get(expected.getScheme());
if (expected.getPort() < 0 && portByScheme != null) {
return Objects.equals(uriInfo.getRequestUriBuilder().port(portByScheme).build(), destination);
return Objects.equals(session.getContext().getUri().getRequestUriBuilder().port(portByScheme).build(), destination);
}
String protocolByPort = knownProtocols.get(expected.getPort());
if (expected.getPort() >= 0 && Objects.equals(protocolByPort, expected.getScheme())) {
return Objects.equals(uriInfo.getRequestUriBuilder().port(-1).build(), destination);
return Objects.equals(session.getContext().getUri().getRequestUriBuilder().port(-1).build(), destination);
}
return false;

4
services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java
View file

@ -70,7 +70,7 @@ public class SamlEcpProfileService extends SamlService {
protected Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client) {
// force passive authentication when executing this profile
requestAbstractType.setIsPassive(true);
requestAbstractType.setDestination(uriInfo.getAbsolutePath());
requestAbstractType.setDestination(session.getContext().getUri().getAbsolutePath());
return super.loginRequest(relayState, requestAbstractType, client);
}
}.execute(Soap.toSamlHttpPostMessage(inputStream), null, null);
@ -143,7 +143,7 @@ public class SamlEcpProfileService extends SamlService {
protected Response buildLogoutResponse(UserSessionModel userSession, String logoutBindingUri, SAML2LogoutResponseBuilder builder, JaxrsSAML2BindingBuilder binding) throws ConfigurationException, ProcessingException, IOException {
return Soap.createFault().reason("Logout not supported.").build();
}
}.setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(uriInfo);
}.setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri());
}
@Override

17
services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java
View file

@ -8,14 +8,12 @@ import org.keycloak.Config;
import org.keycloak.forms.login.freemarker.model.UrlBean;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.KeycloakTransactionManager;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.util.LocaleHelper;
import org.keycloak.theme.FreeMarkerUtil;
import org.keycloak.theme.Theme;
import org.keycloak.theme.ThemeProvider;
import org.keycloak.theme.beans.LocaleBean;
import org.keycloak.theme.beans.MessageBean;
import org.keycloak.theme.beans.MessageFormatterMethod;
@ -27,11 +25,13 @@ import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import java.io.IOException;
import java.util.*;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -42,9 +42,6 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
private static final Pattern realmNamePattern = Pattern.compile(".*/realms/([^/]+).*");
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;
@ -103,7 +100,7 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
}
private RealmModel resolveRealm() {
String path = uriInfo.getPath();
String path = session.getContext().getUri().getPath();
Matcher m = realmNamePattern.matcher(path);
String realmName;
if(m.matches()) {
@ -130,8 +127,8 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
attributes.put("statusCode", statusCode);
attributes.put("realm", realm);
attributes.put("url", new UrlBean(realm, theme, uriInfo.getBaseUri(), null));
attributes.put("locale", new LocaleBean(realm, locale, uriInfo.getBaseUriBuilder(), messagesBundle));
attributes.put("url", new UrlBean(realm, theme, session.getContext().getUri().getBaseUri(), null));
attributes.put("locale", new LocaleBean(realm, locale, session.getContext().getUri().getBaseUriBuilder(), messagesBundle));
String errorKey = statusCode == 404 ? Messages.PAGE_NOT_FOUND : Messages.INTERNAL_SERVER_ERROR;

16
services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java
View file

@ -23,28 +23,22 @@ import org.keycloak.AbstractOAuthClient;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.util.TokenUtil;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
@ -64,8 +58,6 @@ public abstract class AbstractSecuredLocalService {
protected final ClientModel client;
protected RealmModel realm;
@Context
protected UriInfo uriInfo;
@Context
protected HttpHeaders headers;
@Context
@ -139,7 +131,7 @@ public abstract class AbstractSecuredLocalService {
protected Response login(String path) {
OAuthRedirect oauth = new OAuthRedirect();
String authUrl = OIDCLoginProtocolService.authUrl(uriInfo).build(realm.getName()).toString();
String authUrl = OIDCLoginProtocolService.authUrl(session.getContext().getUri()).build(realm.getName()).toString();
oauth.setAuthUrl(authUrl);
oauth.setClientId(client.getClientId());
@ -152,12 +144,12 @@ public abstract class AbstractSecuredLocalService {
uriBuilder.queryParam("path", path);
}
String referrer = uriInfo.getQueryParameters().getFirst("referrer");
String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer");
if (referrer != null) {
uriBuilder.queryParam("referrer", referrer);
}
String referrerUri = uriInfo.getQueryParameters().getFirst("referrer_uri");
String referrerUri = session.getContext().getUri().getQueryParameters().getFirst("referrer_uri");
if (referrerUri != null) {
uriBuilder.queryParam("referrer_uri", referrerUri);
}
@ -165,7 +157,7 @@ public abstract class AbstractSecuredLocalService {
URI accountUri = uriBuilder.build(realm.getName());
oauth.setStateCookiePath(accountUri.getRawPath());
return oauth.redirect(uriInfo, accountUri.toString());
return oauth.redirect(session.getContext().getUri(), accountUri.toString());
}
static class OAuthRedirect extends AbstractOAuthClient {

6
services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java
View file

@ -45,7 +45,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
/**
@ -65,9 +64,6 @@ public class ClientsManagementService {
@Context
protected HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private ClientConnection clientConnection;
@ -193,7 +189,7 @@ public class ClientsManagementService {
private boolean checkSsl() {
if (uriInfo.getBaseUri().getScheme().equals("https")) {
if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) {
return true;
} else {
return !realm.getSslRequired().isRequired(clientConnection);

51
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
View file

@ -85,6 +85,17 @@ import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
@ -99,19 +110,6 @@ import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
/**
* <p></p>
*
@ -126,9 +124,6 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
private final RealmModel realmModel;
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;
@ -209,7 +204,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.event.event(EventType.CLIENT_INITIATED_ACCOUNT_LINKING);
checkRealm();
ClientModel client = checkClient(clientId);
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri, realmModel, client);
redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri, realmModel, client);
if (redirectUri == null) {
event.error(Errors.INVALID_REDIRECT_URI);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
@ -432,7 +427,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
try {
AppAuthManager authManager = new AppAuthManager();
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(this.session, this.realmModel, this.uriInfo, this.clientConnection, this.request.getHttpHeaders());
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(this.session, this.realmModel, this.session.getContext().getUri(), this.clientConnection, this.request.getHttpHeaders());
if (authResult != null) {
AccessToken token = authResult.getToken();
@ -557,7 +552,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
SerializedBrokeredIdentityContext ctx = SerializedBrokeredIdentityContext.serialize(context);
ctx.saveToAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
URI redirect = LoginActionsService.firstBrokerLoginProcessor(uriInfo)
URI redirect = LoginActionsService.firstBrokerLoginProcessor(session.getContext().getUri())
.queryParam(Constants.CLIENT_ID, authenticationSession.getClient().getClientId())
.queryParam(Constants.TAB_ID, authenticationSession.getTabId())
.build(realmModel.getName());
@ -713,7 +708,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
authSession.setAuthNote(PostBrokerLoginConstants.PBL_AFTER_FIRST_BROKER_LOGIN, String.valueOf(wasFirstBrokerLogin));
URI redirect = LoginActionsService.postBrokerLoginProcessor(uriInfo)
URI redirect = LoginActionsService.postBrokerLoginProcessor(session.getContext().getUri())
.queryParam(Constants.CLIENT_ID, authSession.getClient().getClientId())
.queryParam(Constants.TAB_ID, authSession.getTabId())
.build(realmModel.getName());
@ -809,12 +804,12 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
AuthenticationManager.setClientScopesInSession(authSession);
String nextRequiredAction = AuthenticationManager.nextRequiredAction(session, authSession, clientConnection, request, uriInfo, event);
String nextRequiredAction = AuthenticationManager.nextRequiredAction(session, authSession, clientConnection, request, session.getContext().getUri(), event);
if (nextRequiredAction != null) {
return AuthenticationManager.redirectToRequiredActions(session, realmModel, authSession, uriInfo, nextRequiredAction);
return AuthenticationManager.redirectToRequiredActions(session, realmModel, authSession, session.getContext().getUri(), nextRequiredAction);
} else {
event.detail(Details.CODE_ID, authSession.getParentSession().getId()); // todo This should be set elsewhere. find out why tests fail. Don't know where this is supposed to be set
return AuthenticationManager.finishedRequiredActions(session, authSession, null, clientConnection, request, uriInfo, event);
return AuthenticationManager.finishedRequiredActions(session, authSession, null, clientConnection, request, session.getContext().getUri(), event);
}
}
@ -992,7 +987,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
return ParsedCodeContext.response(staleCodeError);
}
SessionCodeChecks checks = new SessionCodeChecks(realmModel, uriInfo, request, clientConnection, session, event, null, code, null, clientId, tabId, LoginActionsService.AUTHENTICATE_PATH);
SessionCodeChecks checks = new SessionCodeChecks(realmModel, session.getContext().getUri(), request, clientConnection, session, event, null, code, null, clientId, tabId, LoginActionsService.AUTHENTICATE_PATH);
checks.initialVerify();
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
@ -1075,11 +1070,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
encodedState = IdentityBrokerState.decoded(relayState, authSession.getClient().getClientId(), authSession.getTabId());
}
return new AuthenticationRequest(this.session, this.realmModel, authSession, this.request, this.uriInfo, encodedState, getRedirectUri(providerId));
return new AuthenticationRequest(this.session, this.realmModel, authSession, this.request, this.session.getContext().getUri(), encodedState, getRedirectUri(providerId));
}
private String getRedirectUri(String providerId) {
return Urls.identityProviderAuthnResponse(this.uriInfo.getBaseUri(), providerId, this.realmModel.getName()).toString();
return Urls.identityProviderAuthnResponse(this.session.getContext().getUri().getBaseUri(), providerId, this.realmModel.getName()).toString();
}
private Response redirectToErrorPage(AuthenticationSessionModel authSession, Response.Status status, String message, Object ... parameters) {
@ -1134,7 +1129,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
.setEventBuilder(event)
.setRealm(realmModel)
.setSession(session)
.setUriInfo(uriInfo)
.setUriInfo(session.getContext().getUri())
.setRequest(request);
if (errorMessage != null) processor.setForwardedErrorMessage(new FormMessage(null, errorMessage));
@ -1196,7 +1191,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
private Response corsResponse(Response response, ClientModel clientModel) {
return Cors.add(this.request, Response.fromResponse(response)).auth().allowedOrigins(uriInfo, clientModel).build();
return Cors.add(this.request, Response.fromResponse(response)).auth().allowedOrigins(session.getContext().getUri(), clientModel).build();
}
private void fireErrorEvent(String message, Throwable throwable) {

58
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -16,13 +16,21 @@
*/
package org.keycloak.services.resources;
import org.keycloak.authentication.*;
import org.keycloak.authentication.actiontoken.DefaultActionTokenKey;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.TokenVerifier;
import org.keycloak.authentication.actiontoken.*;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.ExplainedVerificationException;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionContextResult;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.authentication.actiontoken.ActionTokenContext;
import org.keycloak.authentication.actiontoken.ActionTokenHandler;
import org.keycloak.authentication.actiontoken.DefaultActionTokenKey;
import org.keycloak.authentication.actiontoken.ExplainedTokenVerificationException;
import org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler;
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
import org.keycloak.authentication.authenticators.broker.util.PostBrokerLoginConstants;
@ -39,15 +47,12 @@ import org.keycloak.events.EventType;
import org.keycloak.exceptions.TokenNotActiveException;
import org.keycloak.models.ActionTokenKeyModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.AuthenticationFlowResolver;
@ -68,9 +73,9 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.AuthenticationFlowURLHelper;
import org.keycloak.services.util.BrowserHistoryHelper;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.sessions.AuthenticationSessionCompoundId;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
@ -87,12 +92,12 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import java.net.URI;
import java.util.Map;
import javax.ws.rs.core.*;
import static org.keycloak.authentication.actiontoken.DefaultActionToken.ACTION_TOKEN_BASIC_CHECKS;
/**
@ -124,9 +129,6 @@ public class LoginActionsService {
@Context
protected HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private ClientConnection clientConnection;
@ -178,7 +180,7 @@ public class LoginActionsService {
}
private boolean checkSsl() {
if (uriInfo.getBaseUri().getScheme().equals("https")) {
if (session.getContext().getUri().getBaseUri().getScheme().equals("https")) {
return true;
} else {
return !realm.getSslRequired().isRequired(clientConnection);
@ -186,14 +188,14 @@ public class LoginActionsService {
}
private SessionCodeChecks checksForCode(String authSessionId, String code, String execution, String clientId, String tabId, String flowPath) {
SessionCodeChecks res = new SessionCodeChecks(realm, uriInfo, request, clientConnection, session, event, authSessionId, code, execution, clientId, tabId, flowPath);
SessionCodeChecks res = new SessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, authSessionId, code, execution, clientId, tabId, flowPath);
res.initialVerify();
return res;
}
protected URI getLastExecutionUrl(String flowPath, String executionId, String clientId, String tabId) {
return new AuthenticationFlowURLHelper(session, realm, uriInfo)
return new AuthenticationFlowURLHelper(session, realm, session.getContext().getUri())
.getLastExecutionUrl(flowPath, executionId, clientId, tabId);
}
@ -209,7 +211,7 @@ public class LoginActionsService {
@QueryParam(Constants.CLIENT_ID) String clientId,
@QueryParam(Constants.TAB_ID) String tabId) {
event.event(EventType.RESTART_AUTHENTICATION);
SessionCodeChecks checks = new SessionCodeChecks(realm, uriInfo, request, clientConnection, session, event, authSessionId, null, null, clientId, tabId, null);
SessionCodeChecks checks = new SessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, authSessionId, null, null, clientId, tabId, null);
AuthenticationSessionModel authSession = checks.initialVerifyAuthSession();
if (authSession == null) {
@ -268,7 +270,7 @@ public class LoginActionsService {
.setEventBuilder(event)
.setRealm(realm)
.setSession(session)
.setUriInfo(uriInfo)
.setUriInfo(session.getContext().getUri())
.setRequest(request);
if (errorMessage != null) {
processor.setForwardedErrorMessage(new FormMessage(null, errorMessage));
@ -380,11 +382,11 @@ public class LoginActionsService {
authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
//authSession.setNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
String redirectUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
String redirectUri = Urls.accountBase(session.getContext().getUri().getBaseUri()).path("/").build(realm.getName()).toString();
authSession.setRedirectUri(redirectUri);
authSession.setClientNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
authSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri);
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
return authSession;
}
@ -479,7 +481,7 @@ public class LoginActionsService {
.withChecks(
// Token introspection checks
TokenVerifier.IS_ACTIVE,
new TokenVerifier.RealmUrlCheck(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())),
new TokenVerifier.RealmUrlCheck(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())),
ACTION_TOKEN_BASIC_CHECKS
)
@ -510,7 +512,7 @@ public class LoginActionsService {
}
// Now proceed with the verification and handle the token
tokenContext = new ActionTokenContext(session, realm, uriInfo, clientConnection, request, event, handler, execution, this::processFlow, this::brokerLoginFlow);
tokenContext = new ActionTokenContext(session, realm, session.getContext().getUri(), clientConnection, request, event, handler, execution, this::processFlow, this::brokerLoginFlow);
try {
String tokenAuthSessionCompoundId = handler.getAuthenticationSessionIdFromToken(token, tokenContext, authSession);
@ -667,7 +669,7 @@ public class LoginActionsService {
AuthenticationSessionModel authSession = checks.getAuthenticationSession();
AuthenticationManager.expireIdentityCookie(realm, uriInfo, clientConnection);
AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection);
return processRegistration(checks.isActionRequest(), execution, authSession, null);
}
@ -771,7 +773,7 @@ public class LoginActionsService {
}
private Response redirectToAfterBrokerLoginEndpoint(AuthenticationSessionModel authSession, boolean firstBrokerLogin) {
return redirectToAfterBrokerLoginEndpoint(session, realm, uriInfo, authSession, firstBrokerLogin);
return redirectToAfterBrokerLoginEndpoint(session, realm, session.getContext().getUri(), authSession, firstBrokerLogin);
}
public static Response redirectToAfterBrokerLoginEndpoint(KeycloakSession session, RealmModel realm, UriInfo uriInfo, AuthenticationSessionModel authSession, boolean firstBrokerLogin) {
@ -800,8 +802,8 @@ public class LoginActionsService {
public Response processConsent(final MultivaluedMap<String, String> formData) {
event.event(EventType.LOGIN);
String code = formData.getFirst(SESSION_CODE);
String clientId = uriInfo.getQueryParameters().getFirst(Constants.CLIENT_ID);
String tabId = uriInfo.getQueryParameters().getFirst(Constants.TAB_ID);
String clientId = session.getContext().getUri().getQueryParameters().getFirst(Constants.CLIENT_ID);
String tabId = session.getContext().getUri().getQueryParameters().getFirst(Constants.TAB_ID);
SessionCodeChecks checks = checksForCode(null, code, null, clientId, tabId, REQUIRED_ACTION);
if (!checks.verifyRequiredAction(AuthenticationSessionModel.Action.OAUTH_GRANT.name())) {
return checks.getResponse();
@ -819,7 +821,7 @@ public class LoginActionsService {
LoginProtocol protocol = session.getProvider(LoginProtocol.class, authSession.getProtocol());
protocol.setRealm(realm)
.setHttpHeaders(headers)
.setUriInfo(uriInfo)
.setUriInfo(session.getContext().getUri())
.setEventBuilder(event);
Response response = protocol.sendError(authSession, Error.CONSENT_DENIED);
event.error(Errors.REJECTED_BY_USER);
@ -847,7 +849,7 @@ public class LoginActionsService {
event.success();
ClientSessionContext clientSessionCtx = AuthenticationProcessor.attachSession(authSession, null, session, realm, clientConnection, event);
return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, clientSessionCtx.getClientSession().getUserSession(), clientSessionCtx, request, uriInfo, clientConnection, event, authSession.getProtocol());
return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, clientSessionCtx.getClientSession().getUserSession(), clientSessionCtx, request, session.getContext().getUri(), clientConnection, event, authSession.getProtocol());
}
private void initLoginEvent(AuthenticationSessionModel authSession) {
@ -922,7 +924,7 @@ public class LoginActionsService {
if (!checks.isActionRequest()) {
initLoginEvent(authSession);
event.event(EventType.CUSTOM_REQUIRED_ACTION);
return AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, uriInfo, event);
return AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, session.getContext().getUri(), event);
}
initLoginEvent(authSession);
@ -967,7 +969,7 @@ public class LoginActionsService {
authSession.getAuthenticatedUser().removeRequiredAction(factory.getId());
authSession.removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
response = AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, uriInfo, event);
response = AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, session.getContext().getUri(), event);
} else if (context.getStatus() == RequiredActionContext.Status.CHALLENGE) {
response = context.getChallenge();
} else if (context.getStatus() == RequiredActionContext.Status.FAILURE) {

6
services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
View file

@ -26,7 +26,6 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
import org.keycloak.services.resources.account.AccountFormService;
import org.keycloak.services.resources.admin.AdminRoot;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
@ -46,9 +45,6 @@ import javax.ws.rs.core.UriInfo;
public class PublicRealmResource {
protected static final Logger logger = Logger.getLogger(PublicRealmResource.class);
@Context
protected UriInfo uriInfo;
@Context
protected HttpRequest request;
@ -85,7 +81,7 @@ public class PublicRealmResource {
@Produces(MediaType.APPLICATION_JSON)
public PublishedRealmRepresentation getRealm() {
Cors.add(request).allowedOrigins(Cors.ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD).auth().build(response);
return realmRep(session, realm, uriInfo);
return realmRep(session, realm, session.getContext().getUri());
}
public static PublishedRealmRepresentation realmRep(KeycloakSession session, RealmModel realm, UriInfo uriInfo) {

5
services/src/main/java/org/keycloak/services/resources/RealmsResource.java
View file

@ -71,9 +71,6 @@ public class RealmsResource {
@Context
private HttpRequest request;
@Context
private UriInfo uriInfo;
public static UriBuilder realmBaseUrl(UriInfo uriInfo) {
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
return realmBaseUrl(baseUriBuilder);
@ -163,7 +160,7 @@ public class RealmsResource {
if (client.getRootUrl() != null && (client.getBaseUrl() == null || client.getBaseUrl().isEmpty())) {
targetUri = KeycloakUriBuilder.fromUri(client.getRootUrl()).build();
} else {
targetUri = KeycloakUriBuilder.fromUri(ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), client.getRootUrl(), client.getBaseUrl())).build();
targetUri = KeycloakUriBuilder.fromUri(ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), client.getBaseUrl())).build();
}
return Response.seeOther(targetUri).build();

16
services/src/main/java/org/keycloak/services/resources/WelcomeResource.java
View file

@ -17,7 +17,6 @@
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.MimeTypeUtil;
@ -32,7 +31,6 @@ import org.keycloak.services.util.CookieHelper;
import org.keycloak.theme.BrowserSecurityHeaderSetup;
import org.keycloak.theme.FreeMarkerUtil;
import org.keycloak.theme.Theme;
import org.keycloak.theme.ThemeProvider;
import org.keycloak.utils.MediaType;
import javax.ws.rs.Consumes;
@ -49,7 +47,6 @@ import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
@ -74,9 +71,6 @@ public class WelcomeResource {
@Context
protected HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private KeycloakSession session;
@ -95,7 +89,7 @@ public class WelcomeResource {
public Response getWelcomePage() throws URISyntaxException {
checkBootstrap();
String requestUri = uriInfo.getRequestUri().toString();
String requestUri = session.getContext().getUri().getRequestUri().toString();
if (!requestUri.endsWith("/")) {
return Response.seeOther(new URI(requestUri + "/")).build();
} else {
@ -243,15 +237,15 @@ public class WelcomeResource {
private String setCsrfCookie() {
String stateChecker = Base64Url.encode(KeycloakModelUtils.generateSecret());
String cookiePath = uriInfo.getPath();
boolean secureOnly = uriInfo.getRequestUri().getScheme().equalsIgnoreCase("https");
String cookiePath = session.getContext().getUri().getPath();
boolean secureOnly = session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https");
CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, stateChecker, cookiePath, null, null, 300, secureOnly, true);
return stateChecker;
}
private void expireCsrfCookie() {
String cookiePath = uriInfo.getPath();
boolean secureOnly = uriInfo.getRequestUri().getScheme().equalsIgnoreCase("https");
String cookiePath = session.getContext().getUri().getPath();
boolean secureOnly = session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https");
CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, "", cookiePath, null, null, 0, secureOnly, true);
}

56
services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java
View file

@ -1,25 +1,40 @@
package org.keycloak.services.resources.account;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.Profile;
import org.keycloak.common.Version;
import org.keycloak.models.*;
import org.keycloak.events.EventStoreProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.util.LocaleHelper;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.services.validation.Validation;
import org.keycloak.theme.BrowserSecurityHeaderSetup;
import org.keycloak.theme.FreeMarkerException;
import org.keycloak.theme.FreeMarkerUtil;
import org.keycloak.theme.Theme;
import org.keycloak.theme.beans.MessageFormatterMethod;
import org.keycloak.utils.MediaType;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
@ -28,23 +43,6 @@ import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.json.JsonWriter;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.events.EventStoreProvider;
import org.keycloak.forms.account.freemarker.model.FeaturesBean;
import org.keycloak.models.ClientModel;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.util.LocaleHelper;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.services.validation.Validation;
import org.keycloak.theme.beans.MessageFormatterMethod;
/**
* Created by st on 29/03/17.
@ -56,8 +54,6 @@ public class AccountConsole {
@Context
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
private final AppAuthManager authManager;
private final RealmModel realm;
@ -83,12 +79,12 @@ public class AccountConsole {
@GET
@NoCache
public Response getMainPage() throws URISyntaxException, IOException, FreeMarkerException {
if (!uriInfo.getRequestUri().getPath().endsWith("/")) {
return Response.status(302).location(uriInfo.getRequestUriBuilder().path("/").build()).build();
if (!session.getContext().getUri().getRequestUri().getPath().endsWith("/")) {
return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("/").build()).build();
} else {
Map<String, Object> map = new HashMap<>();
URI baseUri = uriInfo.getBaseUri();
URI baseUri = session.getContext().getUri().getBaseUri();
map.put("authUrl", session.getContext().getContextPath());
map.put("baseUrl", session.getContext().getContextPath() + "/realms/" + realm.getName() + "/account");
@ -189,19 +185,19 @@ public class AccountConsole {
// TODO: took this code from elsewhere - refactor
private String[] getReferrer() {
String referrer = uriInfo.getQueryParameters().getFirst("referrer");
String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer");
if (referrer == null) {
return null;
}
String referrerUri = uriInfo.getQueryParameters().getFirst("referrer_uri");
String referrerUri = session.getContext().getUri().getQueryParameters().getFirst("referrer_uri");
ClientModel referrerClient = realm.getClientByClientId(referrer);
if (referrerClient != null) {
if (referrerUri != null) {
referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient);
referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient);
} else {
referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl());
referrerUri = ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl());
}
if (referrerUri != null) {
@ -214,7 +210,7 @@ public class AccountConsole {
} else if (referrerUri != null) {
referrerClient = realm.getClientByClientId(referrer);
if (client != null) {
referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient);
referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient);
if (referrerUri != null) {
return new String[]{referrer, referrerUri};

51
services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java
View file

@ -17,7 +17,6 @@
package org.keycloak.services.resources.account;
import org.jboss.logging.Logger;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.Policy;
@ -54,7 +53,6 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.CredentialValidation;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ForbiddenException;
@ -72,18 +70,23 @@ import org.keycloak.services.resources.RealmsResource;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.storage.ReadOnlyException;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.*;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
@ -133,7 +136,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
public void init() {
eventStore = session.getProvider(EventStoreProvider.class);
account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(uriInfo).setHttpHeaders(headers);
account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(session.getContext().getUri()).setHttpHeaders(headers);
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm);
if (authResult != null) {
@ -142,7 +145,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
account.setStateChecker(stateChecker);
}
String requestOrigin = UriUtils.getOrigin(uriInfo.getBaseUri());
String requestOrigin = UriUtils.getOrigin(session.getContext().getUri().getBaseUri());
String origin = headers.getRequestHeaders().getFirst("Origin");
if (origin != null && !requestOrigin.equals(origin)) {
@ -245,7 +248,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
@Path("totp")
@GET
public Response totpPage() {
account.setAttribute("mode", uriInfo.getQueryParameters().getFirst("mode"));
account.setAttribute("mode", session.getContext().getUri().getQueryParameters().getFirst("mode"));
return forwardToPage("totp", AccountPages.TOTP);
}
@ -383,11 +386,11 @@ public class AccountFormService extends AbstractSecuredLocalService {
List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
for (UserSessionModel userSession : userSessions) {
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true);
}
UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountFormService.class, "sessionsPage");
String referrer = uriInfo.getQueryParameters().getFirst("referrer");
UriBuilder builder = Urls.accountBase(session.getContext().getUri().getBaseUri()).path(AccountFormService.class, "sessionsPage");
String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer");
if (referrer != null) {
builder.queryParam("referrer", referrer);
@ -422,13 +425,13 @@ public class AccountFormService extends AbstractSecuredLocalService {
new UserSessionManager(session).revokeOfflineToken(user, client);
// Logout clientSessions for this user and client
AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, uriInfo, headers);
AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, session.getContext().getUri(), headers);
event.event(EventType.REVOKE_GRANT).client(auth.getClient()).user(auth.getUser()).detail(Details.REVOKED_CLIENT, client.getClientId()).success();
setReferrerOnPage();
UriBuilder builder = Urls.accountBase(uriInfo.getBaseUri()).path(AccountFormService.class, "applicationsPage");
String referrer = uriInfo.getQueryParameters().getFirst("referrer");
UriBuilder builder = Urls.accountBase(session.getContext().getUri().getBaseUri()).path(AccountFormService.class, "applicationsPage");
String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer");
if (referrer != null) {
builder.queryParam("referrer", referrer);
@ -458,7 +461,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
auth.require(AccountRoles.MANAGE_ACCOUNT);
account.setAttribute("mode", uriInfo.getQueryParameters().getFirst("mode"));
account.setAttribute("mode", session.getContext().getUri().getQueryParameters().getFirst("mode"));
String action = formData.getFirst("submitAction");
if (action != null && action.equals("Cancel")) {
@ -591,7 +594,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
List<UserSessionModel> sessions = session.sessions().getUserSessions(realm, user);
for (UserSessionModel s : sessions) {
if (!s.getId().equals(auth.getSession().getId())) {
AuthenticationManager.backchannelLogout(session, realm, s, uriInfo, clientConnection, headers, true);
AuthenticationManager.backchannelLogout(session, realm, s, session.getContext().getUri(), clientConnection, headers, true);
}
}
@ -646,7 +649,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
switch (accountSocialAction) {
case ADD:
String redirectUri = UriBuilder.fromUri(Urls.accountFederatedIdentityPage(uriInfo.getBaseUri(), realm.getName())).build().toString();
String redirectUri = UriBuilder.fromUri(Urls.accountFederatedIdentityPage(session.getContext().getUri().getBaseUri(), realm.getName())).build().toString();
try {
String nonce = UUID.randomUUID().toString();
@ -654,7 +657,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
String input = nonce + auth.getSession().getId() + client.getClientId() + providerId;
byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8));
String hash = Base64Url.encode(check);
URI linkUrl = Urls.identityProviderLinkRequest(this.uriInfo.getBaseUri(), providerId, realm.getName());
URI linkUrl = Urls.identityProviderLinkRequest(this.session.getContext().getUri().getBaseUri(), providerId, realm.getName());
linkUrl = UriBuilder.fromUri(linkUrl)
.queryParam("nonce", nonce)
.queryParam("hash", hash)
@ -936,7 +939,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
@Override
protected URI getBaseRedirectUri() {
return Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName());
return Urls.accountBase(session.getContext().getUri().getBaseUri()).path("/").build(realm.getName());
}
public static boolean isPasswordSet(KeycloakSession session, RealmModel realm, UserModel user) {
@ -944,19 +947,19 @@ public class AccountFormService extends AbstractSecuredLocalService {
}
private String[] getReferrer() {
String referrer = uriInfo.getQueryParameters().getFirst("referrer");
String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer");
if (referrer == null) {
return null;
}
String referrerUri = uriInfo.getQueryParameters().getFirst("referrer_uri");
String referrerUri = session.getContext().getUri().getQueryParameters().getFirst("referrer_uri");
ClientModel referrerClient = realm.getClientByClientId(referrer);
if (referrerClient != null) {
if (referrerUri != null) {
referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient);
referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient);
} else {
referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl());
referrerUri = ResolveRelative.resolveRelativeUri(session.getContext().getUri().getRequestUri(), client.getRootUrl(), referrerClient.getBaseUrl());
}
if (referrerUri != null) {
@ -969,7 +972,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
} else if (referrerUri != null) {
referrerClient = realm.getClientByClientId(referrer);
if (client != null) {
referrerUri = RedirectUtils.verifyRedirectUri(uriInfo, referrerUri, realm, referrerClient);
referrerUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), referrerUri, realm, referrerClient);
if (referrerUri != null) {
return new String[]{referrer, referrerUri};

5
services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java
View file

@ -35,6 +35,7 @@ import org.keycloak.representations.account.UserRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.Cors;
import org.keycloak.storage.ReadOnlyException;
@ -50,11 +51,9 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.keycloak.services.messages.Messages;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -64,8 +63,6 @@ public class AccountRestService {
@Context
private HttpRequest request;
@Context
protected UriInfo uriInfo;
@Context
protected HttpHeaders headers;
@Context
protected ClientConnection clientConnection;

20
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
View file

@ -52,7 +52,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import java.io.IOException;
import java.net.URI;
@ -72,9 +71,6 @@ import java.util.Set;
public class AdminConsole {
protected static final Logger logger = Logger.getLogger(AdminConsole.class);
@Context
protected UriInfo uriInfo;
@Context
protected ClientConnection clientConnection;
@ -177,7 +173,7 @@ public class AdminConsole {
if (consoleApp == null) {
throw new NotFoundException("Could not find admin console client");
}
return new ClientManager(new RealmManager(session)).toInstallationRepresentation(realm, consoleApp, keycloak.getBaseUri(uriInfo));
return new ClientManager(new RealmManager(session)).toInstallationRepresentation(realm, consoleApp, keycloak.getBaseUri(session.getContext().getUri()));
}
@ -193,7 +189,7 @@ public class AdminConsole {
@NoCache
public Response whoAmI(final @Context HttpHeaders headers) {
RealmManager realmManager = new RealmManager(session);
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, uriInfo, clientConnection, headers);
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, session.getContext().getUri(), clientConnection, headers);
if (authResult == null) {
return Response.status(401).build();
}
@ -263,10 +259,10 @@ public class AdminConsole {
@GET
@NoCache
public Response logout() {
URI redirect = AdminRoot.adminConsoleUrl(uriInfo).build(realm.getName());
URI redirect = AdminRoot.adminConsoleUrl(session.getContext().getUri()).build(realm.getName());
return Response.status(302).location(
OIDCLoginProtocolService.logoutUrl(uriInfo).queryParam("redirect_uri", redirect.toString()).build(realm.getName())
OIDCLoginProtocolService.logoutUrl(session.getContext().getUri()).queryParam("redirect_uri", redirect.toString()).build(realm.getName())
).build();
}
@ -283,14 +279,14 @@ public class AdminConsole {
@GET
@NoCache
public Response getMainPage() throws URISyntaxException, IOException, FreeMarkerException {
if (!uriInfo.getRequestUri().getPath().endsWith("/")) {
return Response.status(302).location(uriInfo.getRequestUriBuilder().path("/").build()).build();
if (!session.getContext().getUri().getRequestUri().getPath().endsWith("/")) {
return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("/").build()).build();
} else {
Theme theme = AdminRoot.getTheme(session, realm);
Map<String, Object> map = new HashMap<>();
URI baseUri = uriInfo.getBaseUri();
URI baseUri = session.getContext().getUri().getBaseUri();
map.put("authUrl", session.getContext().getContextPath());
map.put("consoleBaseUrl", Urls.adminConsoleRoot(baseUri, realm.getName()).getPath());
@ -310,7 +306,7 @@ public class AdminConsole {
@GET
@Path("{indexhtml: index.html}") // this expression is a hack to get around jaxdoclet generation bug. Doesn't like index.html
public Response getIndexHtmlRedirect() {
return Response.status(302).location(uriInfo.getRequestUriBuilder().path("../").build()).build();
return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("../").build()).build();
}
@GET

8
services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
View file

@ -38,7 +38,6 @@ import org.keycloak.services.resources.Cors;
import org.keycloak.services.resources.admin.info.ServerInfoAdminResource;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.theme.Theme;
import org.keycloak.theme.ThemeProvider;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
@ -63,9 +62,6 @@ import java.util.Properties;
public class AdminRoot {
protected static final Logger logger = Logger.getLogger(AdminRoot.class);
@Context
protected UriInfo uriInfo;
@Context
protected ClientConnection clientConnection;
@ -104,7 +100,7 @@ public class AdminRoot {
public Response masterRealmAdminConsoleRedirect() {
RealmModel master = new RealmManager(session).getKeycloakAdminstrationRealm();
return Response.status(302).location(
uriInfo.getBaseUriBuilder().path(AdminRoot.class).path(AdminRoot.class, "getAdminConsole").path("/").build(master.getName())
session.getContext().getUri().getBaseUriBuilder().path(AdminRoot.class).path(AdminRoot.class, "getAdminConsole").path("/").build(master.getName())
).build();
}
@ -172,7 +168,7 @@ public class AdminRoot {
throw new UnauthorizedException("Unknown realm in token");
}
session.getContext().setRealm(realm);
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, uriInfo, clientConnection, headers);
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(session, realm, session.getContext().getUri(), clientConnection, headers);
if (authResult == null) {
logger.debug("Token not valid");
throw new UnauthorizedException("Bearer");

9
services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
View file

@ -18,7 +18,6 @@ package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.Time;
import org.keycloak.events.admin.OperationType;
@ -38,7 +37,6 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
@ -58,9 +56,6 @@ public class AttackDetectionResource {
@Context
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
@Context
protected ClientConnection connection;
@ -137,7 +132,7 @@ public class AttackDetectionResource {
UserLoginFailureModel model = session.sessions().getUserLoginFailure(realm, userId);
if (model != null) {
session.sessions().removeUserLoginFailure(realm, userId);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
}
@ -153,7 +148,7 @@ public class AttackDetectionResource {
auth.users().requireManage();
session.sessions().removeAllUserLoginFailures(realm);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}

57
services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
View file

@ -61,18 +61,15 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import static javax.ws.rs.core.Response.Status.NOT_FOUND;
@ -86,8 +83,6 @@ public class AuthenticationManagementResource {
private final KeycloakSession session;
private AdminPermissionEvaluator auth;
private AdminEventBuilder adminEvent;
@Context
private UriInfo uriInfo;
protected static final Logger logger = Logger.getLogger(AuthenticationManagementResource.class);
@ -223,8 +218,8 @@ public class AuthenticationManagementResource {
AuthenticationFlowModel createdModel = realm.addAuthenticationFlow(RepresentationToModel.toModel(flow));
flow.setId(createdModel.getId());
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), createdModel.getId()).representation(flow).success();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(flow.getId()).build()).build();
}
/**
@ -268,7 +263,7 @@ public class AuthenticationManagementResource {
flow.setId(existingFlow.getId());
realm.updateAuthenticationFlow(RepresentationToModel.toModel(flow));
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(flow).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(flow).success();
return Response.accepted(flow).build();
}
@ -305,7 +300,7 @@ public class AuthenticationManagementResource {
realm.removeAuthenticationFlow(flow);
// Use just one event for top-level flow. Using separate events won't work properly for flows of depth 2 or bigger
if (isTopMostLevel) adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
if (isTopMostLevel) adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
/**
@ -336,7 +331,7 @@ public class AuthenticationManagementResource {
AuthenticationFlowModel copy = copyFlow(realm, flow, newName);
data.put("id", copy.getId());
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(data).success();
return Response.status(Response.Status.CREATED).build();
@ -416,10 +411,10 @@ public class AuthenticationManagementResource {
execution = realm.addAuthenticatorExecution(execution);
data.put("id", execution.getId());
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION_FLOW).resourcePath(uriInfo).representation(data).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION_FLOW).resourcePath(session.getContext().getUri()).representation(data).success();
String addExecutionPathSegment = UriBuilder.fromMethod(AuthenticationManagementResource.class, "addExecutionFlow").build(parentFlow.getAlias()).getPath();
return Response.created(uriInfo.getBaseUriBuilder().path(uriInfo.getPath().replace(addExecutionPathSegment, "")).path("flows").path(newFlow.getId()).build()).build();
return Response.created(session.getContext().getUri().getBaseUriBuilder().path(session.getContext().getUri().getPath().replace(addExecutionPathSegment, "")).path("flows").path(newFlow.getId()).build()).build();
}
private int getNextPriority(AuthenticationFlowModel parentFlow) {
@ -472,10 +467,10 @@ public class AuthenticationManagementResource {
execution = realm.addAuthenticatorExecution(execution);
data.put("id", execution.getId());
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(data).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(data).success();
String addExecutionPathSegment = UriBuilder.fromMethod(AuthenticationManagementResource.class, "addExecutionToFlow").build(parentFlow.getAlias()).getPath();
return Response.created(uriInfo.getBaseUriBuilder().path(uriInfo.getPath().replace(addExecutionPathSegment, "")).path("executions").path(execution.getId()).build()).build();
return Response.created(session.getContext().getUri().getBaseUriBuilder().path(session.getContext().getUri().getPath().replace(addExecutionPathSegment, "")).path("executions").path(execution.getId()).build()).build();
}
/**
@ -593,7 +588,7 @@ public class AuthenticationManagementResource {
if (!model.getRequirement().name().equals(rep.getRequirement())) {
model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement()));
realm.updateAuthenticatorExecution(model);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(rep).success();
}
}
@ -637,8 +632,8 @@ public class AuthenticationManagementResource {
model.setPriority(getNextPriority(parentFlow));
model = realm.addAuthenticatorExecution(model);
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo, model.getId()).representation(execution).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri(), model.getId()).representation(execution).success();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build();
}
public AuthenticationFlowModel getParentFlow(AuthenticationExecutionModel model) {
@ -691,7 +686,7 @@ public class AuthenticationManagementResource {
model.setPriority(tmp);
realm.updateAuthenticatorExecution(model);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success();
}
public List<AuthenticationExecutionModel> getSortedExecutions(AuthenticationFlowModel parentFlow) {
@ -736,7 +731,7 @@ public class AuthenticationManagementResource {
next.setPriority(tmp);
realm.updateAuthenticatorExecution(next);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success();
}
@ -769,7 +764,7 @@ public class AuthenticationManagementResource {
realm.removeAuthenticatorExecution(model);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success();
}
@ -802,8 +797,8 @@ public class AuthenticationManagementResource {
realm.updateAuthenticatorExecution(model);
json.setId(config.getId());
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(json).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(json).success();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(config.getId()).build()).build();
}
/**
@ -886,7 +881,7 @@ public class AuthenticationManagementResource {
requiredAction = realm.addRequiredActionProvider(requiredAction);
data.put("id", requiredAction.getId());
adminEvent.operation(OperationType.CREATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(data).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).representation(data).success();
}
private int getNextRequiredActionPriority() {
@ -972,7 +967,7 @@ public class AuthenticationManagementResource {
update.setConfig(rep.getConfig());
realm.updateRequiredActionProvider(update);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
}
/**
@ -990,7 +985,7 @@ public class AuthenticationManagementResource {
}
realm.removeRequiredActionProvider(model);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -1024,7 +1019,7 @@ public class AuthenticationManagementResource {
model.setPriority(tmp);
realm.updateRequiredActionProvider(model);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -1058,7 +1053,7 @@ public class AuthenticationManagementResource {
next.setPriority(tmp);
realm.updateRequiredActionProvider(next);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -1135,8 +1130,8 @@ public class AuthenticationManagementResource {
auth.realm().requireManageRealm();
AuthenticatorConfigModel config = realm.addAuthenticatorConfig(RepresentationToModel.toModel(rep));
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo, config.getId()).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri(), config.getId()).representation(rep).success();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(config.getId()).build()).build();
}
/**
@ -1185,7 +1180,7 @@ public class AuthenticationManagementResource {
realm.removeAuthenticatorConfig(config);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri()).success();
}
/**
@ -1208,6 +1203,6 @@ public class AuthenticationManagementResource {
exists.setAlias(rep.getAlias());
exists.setConfig(rep.getConfig());
realm.updateAuthenticatorConfig(exists);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri()).representation(rep).success();
}
}

6
services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
View file

@ -129,7 +129,6 @@ public class ClientAttributeCertificateResource {
/**
* Upload certificate and eventually private key
*
* @param uriInfo
* @param input
* @return
* @throws IOException
@ -138,7 +137,7 @@ public class ClientAttributeCertificateResource {
@Path("upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public CertificateRepresentation uploadJks(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
public CertificateRepresentation uploadJks(MultipartFormDataInput input) throws IOException {
auth.clients().requireConfigure(client);
try {
@ -155,7 +154,6 @@ public class ClientAttributeCertificateResource {
/**
* Upload only certificate, not private key
*
* @param uriInfo
* @param input
* @return information extracted from uploaded certificate - not necessarily the new state of certificate on the server
* @throws IOException
@ -164,7 +162,7 @@ public class ClientAttributeCertificateResource {
@Path("upload-certificate")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public CertificateRepresentation uploadJksCertificate(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
public CertificateRepresentation uploadJksCertificate(MultipartFormDataInput input) throws IOException {
auth.clients().requireConfigure(client);
try {

12
services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java
View file

@ -39,7 +39,6 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.LinkedList;
import java.util.List;
@ -56,9 +55,6 @@ public class ClientInitialAccessResource {
@Context
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
public ClientInitialAccessResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.auth = auth;
this.realm = realm;
@ -83,15 +79,15 @@ public class ClientInitialAccessResource {
ClientInitialAccessModel clientInitialAccessModel = session.realms().createClientInitialAccessModel(realm, expiration, count);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientInitialAccessModel.getId()).representation(config).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientInitialAccessModel.getId()).representation(config).success();
ClientInitialAccessPresentation rep = wrap(clientInitialAccessModel);
String token = ClientRegistrationTokenUtils.createInitialAccessToken(session, realm, uriInfo, clientInitialAccessModel);
String token = ClientRegistrationTokenUtils.createInitialAccessToken(session, realm, session.getContext().getUri(), clientInitialAccessModel);
rep.setToken(token);
response.setStatus(Response.Status.CREATED.getStatusCode());
response.setHeader(HttpHeaders.LOCATION, uriInfo.getAbsolutePathBuilder().path(clientInitialAccessModel.getId()).build().toString());
response.setHeader(HttpHeaders.LOCATION, session.getContext().getUri().getAbsolutePathBuilder().path(clientInitialAccessModel.getId()).build().toString());
return rep;
}
@ -116,7 +112,7 @@ public class ClientInitialAccessResource {
auth.clients().requireManage();
session.realms().removeClientInitialAccessModel(realm, id);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
private ClientInitialAccessPresentation wrap(ClientInitialAccessModel model) {

21
services/src/main/java/org/keycloak/services/resources/admin/ClientRegistrationPolicyResource.java
View file

@ -17,16 +17,6 @@
package org.keycloak.services.resources.admin;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
@ -39,6 +29,14 @@ import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyFactory;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import java.util.List;
import java.util.stream.Collectors;
/**
* @resource Client Registration Policy
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -52,9 +50,6 @@ public class ClientRegistrationPolicyResource {
@Context
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
public ClientRegistrationPolicyResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.auth = auth;
this.realm = realm;

36
services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
View file

@ -77,7 +77,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
@ -103,9 +102,6 @@ public class ClientResource {
protected ClientModel client;
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakApplication keycloak;
@ -155,7 +151,7 @@ public class ClientResource {
try {
updateClientFromRep(rep, client, session);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
updateAuthorizationSettings(rep);
return Response.noContent().build();
} catch (ModelDuplicateException e) {
@ -203,7 +199,7 @@ public class ClientResource {
ClientInstallationProvider provider = session.getProvider(ClientInstallationProvider.class, providerId);
if (provider == null) throw new NotFoundException("Unknown Provider");
return provider.generateInstallation(session, realm, client, keycloak.getBaseUri(uriInfo));
return provider.generateInstallation(session, realm, client, keycloak.getBaseUri(session.getContext().getUri()));
}
/**
@ -220,7 +216,7 @@ public class ClientResource {
}
new ClientManager(new RealmManager(session)).removeClient(realm, client);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
@ -239,7 +235,7 @@ public class ClientResource {
logger.debug("regenerateSecret");
UserCredentialModel cred = KeycloakModelUtils.generateSecret(client);
CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
return rep;
}
@ -255,12 +251,12 @@ public class ClientResource {
public ClientRepresentation regenerateRegistrationAccessToken() {
auth.clients().requireManage(client);
String token = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, realm, uriInfo, client, RegistrationAuth.AUTHENTICATED);
String token = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, realm, session.getContext().getUri(), client, RegistrationAuth.AUTHENTICATED);
ClientRepresentation rep = ModelToRepresentation.toRepresentation(client);
rep.setRegistrationAccessToken(token);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
return rep;
}
@ -296,7 +292,7 @@ public class ClientResource {
@Path("roles")
public RoleContainerResource getRoleContainerResource() {
return new RoleContainerResource(session, uriInfo, realm, auth, client, adminEvent);
return new RoleContainerResource(session, session.getContext().getUri(), realm, auth, client, adminEvent);
}
@ -343,7 +339,7 @@ public class ClientResource {
}
client.addClientScope(clientScope, defaultScope);
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT).resourcePath(session.getContext().getUri()).success();
}
@ -359,7 +355,7 @@ public class ClientResource {
}
client.removeClientScope(clientScope);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT).resourcePath(session.getContext().getUri()).success();
}
@ -392,7 +388,7 @@ public class ClientResource {
@Path("evaluate-scopes")
public ClientScopeEvaluateResource clientScopeEvaluateResource() {
return new ClientScopeEvaluateResource(session, uriInfo, realm, auth, client, clientConnection);
return new ClientScopeEvaluateResource(session, session.getContext().getUri(), realm, auth, client, clientConnection);
}
/**
@ -431,8 +427,8 @@ public class ClientResource {
public GlobalRequestResult pushRevocation() {
auth.clients().requireConfigure(client);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).resource(ResourceType.CLIENT).success();
return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client);
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).resource(ResourceType.CLIENT).success();
return new ResourceAdminManager(session).pushClientRevocationPolicy(session.getContext().getUri().getRequestUri(), realm, client);
}
@ -567,7 +563,7 @@ public class ClientResource {
}
if (logger.isDebugEnabled()) logger.debug("Register node: " + node);
client.registerNode(node, Time.currentTime());
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo, node).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri(), node).success();
}
/**
@ -588,7 +584,7 @@ public class ClientResource {
throw new NotFoundException("Client does not have node ");
}
client.unregisterNode(node);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri()).success();
}
/**
@ -606,8 +602,8 @@ public class ClientResource {
auth.clients().requireConfigure(client);
logger.debug("Test availability of cluster nodes");
GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(uriInfo.getRequestUri(), realm, client);
adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).representation(result).success();
GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(session.getContext().getUri().getRequestUri(), realm, client);
adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri()).representation(result).success();
return result;
}

7
services/src/main/java/org/keycloak/services/resources/admin/ClientScopeResource.java
View file

@ -59,9 +59,6 @@ public class ClientScopeResource {
protected ClientScopeModel clientScope;
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
public ClientScopeResource(RealmModel realm, AdminPermissionEvaluator auth, ClientScopeModel clientScope, KeycloakSession session, AdminEventBuilder adminEvent) {
this.realm = realm;
this.auth = auth;
@ -107,7 +104,7 @@ public class ClientScopeResource {
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().commit();
}
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
return Response.noContent().build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client Scope " + rep.getName() + " already exists");
@ -141,7 +138,7 @@ public class ClientScopeResource {
try {
realm.removeClientScope(clientScope.getId());
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
return Response.noContent().build();
} catch (ModelException me) {
return ErrorResponse.error(me.getMessage(), Response.Status.BAD_REQUEST);

8
services/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java
View file

@ -41,7 +41,6 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.List;
@ -61,9 +60,6 @@ public class ClientScopesResource {
@Context
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
public ClientScopesResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.realm = realm;
this.auth = auth;
@ -114,9 +110,9 @@ public class ClientScopesResource {
try {
ClientScopeModel clientModel = RepresentationToModel.createClientScope(session, realm, rep);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client Scope " + rep.getName() + " already exists");
}

15
services/src/main/java/org/keycloak/services/resources/admin/ClientStorageProviderResource.java
View file

@ -21,30 +21,18 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.common.ClientConnection;
import org.keycloak.component.ComponentModel;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.UserStorageSyncManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.client.ClientStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.user.SynchronizationResult;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
@ -65,9 +53,6 @@ public class ClientStorageProviderResource {
@Context
protected ClientConnection clientConnection;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;

9
services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
View file

@ -155,13 +155,12 @@ public class ClientsResource {
*
* Client's client_id must be unique!
*
* @param uriInfo
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createClient(final @Context UriInfo uriInfo, final ClientRepresentation rep) {
public Response createClient(final ClientRepresentation rep) {
auth.clients().requireManage();
ValidationMessages validationMessages = new ValidationMessages();
@ -185,7 +184,7 @@ public class ClientsResource {
}
}
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
@ -196,12 +195,12 @@ public class ClientsResource {
ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
if (authorizationSettings != null) {
authorizationService.resourceServer().importSettings(uriInfo, authorizationSettings);
authorizationService.resourceServer().importSettings(authorizationSettings);
}
}
}
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
}

13
services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
View file

@ -54,8 +54,6 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
@ -81,9 +79,6 @@ public class ComponentResource {
@Context
protected ClientConnection clientConnection;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;
@ -139,8 +134,8 @@ public class ComponentResource {
model = realm.addComponentModel(model);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), model.getId()).representation(StripSecretsUtils.strip(session, rep)).success();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build();
} catch (ComponentValidationException e) {
return localizedErrorResponse(e);
} catch (IllegalArgumentException e) {
@ -173,7 +168,7 @@ public class ComponentResource {
throw new NotFoundException("Could not find component");
}
RepresentationToModel.updateComponent(session, rep, model, false);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(StripSecretsUtils.strip(session, rep)).success();
realm.updateComponent(model);
return Response.noContent().build();
} catch (ComponentValidationException e) {
@ -190,7 +185,7 @@ public class ComponentResource {
if (model == null) {
throw new NotFoundException("Could not find component");
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
realm.removeComponent(model);
}

23
services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java
View file

@ -21,7 +21,6 @@ import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
@ -31,6 +30,10 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -40,20 +43,14 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
/**
* @resource Groups
@ -75,8 +72,6 @@ public class GroupResource {
this.group = group;
}
@Context private UriInfo uriInfo;
/**
*
*
@ -106,7 +101,7 @@ public class GroupResource {
this.auth.groups().requireManage(group);
updateGroup(rep, group);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
}
@ -116,7 +111,7 @@ public class GroupResource {
this.auth.groups().requireManage(group);
realm.removeGroup(group);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
@ -151,8 +146,8 @@ public class GroupResource {
} else {
child = realm.createGroup(rep.getName());
updateGroup(rep, child);
URI uri = uriInfo.getBaseUriBuilder()
.path(uriInfo.getMatchedURIs().get(2))
URI uri = session.getContext().getUri().getBaseUriBuilder()
.path(session.getContext().getUri().getMatchedURIs().get(2))
.path(child.getId()).build();
builder.status(201).location(uri);
rep.setId(child.getId());
@ -160,7 +155,7 @@ public class GroupResource {
}
realm.moveGroup(child, group);
adminEvent.resourcePath(uriInfo).representation(rep).success();
adminEvent.resourcePath(session.getContext().getUri()).representation(rep).success();
GroupRepresentation childRep = ModelToRepresentation.toGroupHierarchy(child, true);
return builder.type(MediaType.APPLICATION_JSON_TYPE).entity(childRep).build();

25
services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java
View file

@ -16,7 +16,6 @@
*/
package org.keycloak.services.resources.admin;
import org.apache.http.HttpStatus;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -28,21 +27,23 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import twitter4j.JSONException;
import twitter4j.JSONObject;
/**
* @resource Groups
@ -63,8 +64,6 @@ public class GroupsResource {
}
@Context private UriInfo uriInfo;
/**
* Get group hierarchy. Only name and ids are returned.
*
@ -153,16 +152,16 @@ public class GroupsResource {
if (child == null) {
throw new NotFoundException("Could not find child by id");
}
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo);
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri());
} else {
child = realm.createGroup(rep.getName());
GroupResource.updateGroup(rep, child);
URI uri = uriInfo.getAbsolutePathBuilder()
URI uri = session.getContext().getUri().getAbsolutePathBuilder()
.path(child.getId()).build();
builder.status(201).location(uri);
rep.setId(child.getId());
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, child.getId());
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), child.getId());
}
realm.moveGroup(child, null);

19
services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
View file

@ -86,8 +86,6 @@ public class IdentityProviderResource {
private final IdentityProviderModel identityProviderModel;
private final AdminEventBuilder adminEvent;
@Context private UriInfo uriInfo;
public IdentityProviderResource(AdminPermissionEvaluator auth, RealmModel realm, KeycloakSession session, IdentityProviderModel identityProviderModel, AdminEventBuilder adminEvent) {
this.realm = realm;
this.session = session;
@ -137,7 +135,7 @@ public class IdentityProviderResource {
this.realm.removeIdentityProviderMapper(mapper);
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
return Response.noContent().build();
}
@ -161,7 +159,7 @@ public class IdentityProviderResource {
try {
updateIdpFromRep(providerRep, realm, session);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(providerRep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(providerRep).success();
return Response.noContent().build();
} catch (ModelDuplicateException e) {
@ -235,14 +233,13 @@ public class IdentityProviderResource {
/**
* Export public broker configuration for identity provider
*
* @param uriInfo
* @param format Format to use
* @return
*/
@GET
@Path("export")
@NoCache
public Response export(@Context UriInfo uriInfo, @QueryParam("format") String format) {
public Response export(@QueryParam("format") String format) {
this.auth.realm().requireViewIdentityProviders();
if (identityProviderModel == null) {
@ -251,7 +248,7 @@ public class IdentityProviderResource {
try {
IdentityProviderFactory factory = getIdentityProviderFactory();
return factory.create(session, identityProviderModel).export(uriInfo, realm, format);
return factory.create(session, identityProviderModel).export(session.getContext().getUri(), realm, format);
} catch (Exception e) {
return ErrorResponse.error("Could not export public broker configuration for identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.NOT_FOUND);
}
@ -339,10 +336,10 @@ public class IdentityProviderResource {
return ErrorResponse.error("Failed to add mapper '" + model.getName() + "' to identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.BAD_REQUEST);
}
adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo, model.getId())
adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri(), model.getId())
.representation(mapper).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build();
}
@ -389,7 +386,7 @@ public class IdentityProviderResource {
if (model == null) throw new NotFoundException("Model not found");
model = RepresentationToModel.toModel(rep);
realm.updateIdentityProviderMapper(model);
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri()).representation(rep).success();
}
@ -411,7 +408,7 @@ public class IdentityProviderResource {
IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id);
if (model == null) throw new NotFoundException("Model not found");
realm.removeIdentityProviderMapper(model);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri()).success();
}

15
services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
View file

@ -46,10 +46,8 @@ import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
@ -98,7 +96,6 @@ public class IdentityProvidersResource {
/**
* Import identity provider from uploaded JSON file
*
* @param uriInfo
* @param input
* @return
* @throws IOException
@ -107,7 +104,7 @@ public class IdentityProvidersResource {
@Path("import-config")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public Map<String, String> importFrom(@Context UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
public Map<String, String> importFrom(MultipartFormDataInput input) throws IOException {
this.auth.realm().requireManageIdentityProviders();
Map<String, List<InputPart>> formDataMap = input.getFormDataMap();
if (!(formDataMap.containsKey("providerId") && formDataMap.containsKey("file"))) {
@ -124,7 +121,6 @@ public class IdentityProvidersResource {
/**
* Import identity provider from JSON body
*
* @param uriInfo
* @param data JSON body
* @return
* @throws IOException
@ -133,7 +129,7 @@ public class IdentityProvidersResource {
@Path("import-config")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Map<String, String> importFrom(@Context UriInfo uriInfo, Map<String, Object> data) throws IOException {
public Map<String, String> importFrom(Map<String, Object> data) throws IOException {
this.auth.realm().requireManageIdentityProviders();
if (!(data.containsKey("providerId") && data.containsKey("fromUrl"))) {
throw new BadRequestException();
@ -177,14 +173,13 @@ public class IdentityProvidersResource {
/**
* Create a new identity provider
*
* @param uriInfo
* @param representation JSON body
* @return
*/
@POST
@Path("instances")
@Consumes(MediaType.APPLICATION_JSON)
public Response create(@Context UriInfo uriInfo, IdentityProviderRepresentation representation) {
public Response create(IdentityProviderRepresentation representation) {
this.auth.realm().requireManageIdentityProviders();
try {
@ -192,10 +187,10 @@ public class IdentityProvidersResource {
this.realm.addIdentityProvider(identityProvider);
representation.setInternalId(identityProvider.getInternalId());
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, identityProvider.getAlias())
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), identityProvider.getAlias())
.representation(StripSecretsUtils.strip(representation)).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(representation.getAlias()).build()).build();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(representation.getAlias()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Identity Provider " + representation.getAlias() + " already exists");
}

14
services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
View file

@ -46,7 +46,6 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.text.MessageFormat;
import java.util.LinkedList;
import java.util.List;
@ -72,9 +71,6 @@ public class ProtocolMappersResource {
protected AdminEventBuilder adminEvent;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;
@ -128,13 +124,13 @@ public class ProtocolMappersResource {
model = RepresentationToModel.toModel(rep);
validateModel(model);
model = client.addProtocolMapper(model);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(rep).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), model.getId()).representation(rep).success();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Protocol mapper exists with same name");
}
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build();
}
/**
* Create multiple mappers
@ -153,7 +149,7 @@ public class ProtocolMappersResource {
validateModel(model);
model = client.addProtocolMapper(model);
}
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(reps).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(reps).success();
}
/**
@ -213,7 +209,7 @@ public class ProtocolMappersResource {
validateModel(model);
client.updateProtocolMapper(model);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
}
/**
@ -230,7 +226,7 @@ public class ProtocolMappersResource {
ProtocolMapperModel model = client.getProtocolMapperById(id);
if (model == null) throw new NotFoundException("Model not found");
client.removeProtocolMapper(model);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}

42
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -24,11 +24,6 @@ import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.Config;
import org.keycloak.KeyPairVerifier;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.PemUtils;
@ -47,6 +42,7 @@ import org.keycloak.exportimport.util.ExportOptions;
import org.keycloak.exportimport.util.ExportUtils;
import org.keycloak.keys.PublicKeyStorageProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
@ -68,6 +64,7 @@ import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.idm.AdminEventRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
@ -81,6 +78,9 @@ import org.keycloak.services.managers.LDAPConnectionTestManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.managers.UserStorageSyncManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.storage.UserStorageProviderModel;
import javax.ws.rs.Consumes;
@ -98,7 +98,6 @@ import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
@ -129,9 +128,6 @@ public class RealmAdminResource {
@Context
protected KeycloakSession session;
@Context
protected UriInfo uriInfo;
@Context
protected ClientConnection connection;
@ -261,7 +257,7 @@ public class RealmAdminResource {
}
realm.addDefaultClientScope(clientScope, defaultScope);
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT_SCOPE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT_SCOPE).resourcePath(session.getContext().getUri()).success();
}
@ -277,7 +273,7 @@ public class RealmAdminResource {
}
realm.removeDefaultClientScope(clientScope);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT_SCOPE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT_SCOPE).resourcePath(session.getContext().getUri()).success();
}
@ -346,7 +342,7 @@ public class RealmAdminResource {
*/
@Path("roles")
public RoleContainerResource getRoleContainerResource() {
return new RoleContainerResource(session, uriInfo, realm, auth, realm, adminEvent);
return new RoleContainerResource(session, session.getContext().getUri(), realm, auth, realm, adminEvent);
}
/**
@ -555,8 +551,8 @@ public class RealmAdminResource {
public GlobalRequestResult pushRevocation() {
auth.realm().requireManageRealm();
GlobalRequestResult result = new ResourceAdminManager(session).pushRealmRevocationPolicy(uriInfo.getRequestUri(), realm);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(result).success();
GlobalRequestResult result = new ResourceAdminManager(session).pushRealmRevocationPolicy(session.getContext().getUri().getRequestUri(), realm);
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(result).success();
return result;
}
@ -571,8 +567,8 @@ public class RealmAdminResource {
auth.users().requireManage();
session.sessions().removeUserSessions(realm);
GlobalRequestResult result = new ResourceAdminManager(session).logoutAll(uriInfo.getRequestUri(), realm);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(result).success();
GlobalRequestResult result = new ResourceAdminManager(session).logoutAll(session.getContext().getUri().getRequestUri(), realm);
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(result).success();
return result;
}
@ -589,8 +585,8 @@ public class RealmAdminResource {
UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId);
if (userSession == null) throw new NotFoundException("Sesssion not found");
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, connection, headers, true);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath(uriInfo).success();
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), connection, headers, true);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath(session.getContext().getUri()).success();
}
@ -1007,7 +1003,7 @@ public class RealmAdminResource {
}
realm.addDefaultGroup(group);
adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath(session.getContext().getUri()).success();
}
@DELETE
@ -1022,7 +1018,7 @@ public class RealmAdminResource {
}
realm.removeDefaultGroup(group);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath(session.getContext().getUri()).success();
}
@ -1099,7 +1095,7 @@ public class RealmAdminResource {
cache.clear();
}
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -1116,7 +1112,7 @@ public class RealmAdminResource {
cache.clear();
}
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -1133,7 +1129,7 @@ public class RealmAdminResource {
cache.clearCache();
}
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
@Path("keys")

8
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -21,7 +21,6 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.common.ClientConnection;
import org.keycloak.policy.PasswordPolicyNotMetException;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
@ -29,6 +28,7 @@ import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.policy.PasswordPolicyNotMetException;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.ErrorResponse;
@ -49,7 +49,6 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
@ -125,13 +124,12 @@ public class RealmsAdminResource {
*
* Imports a realm from a full representation of that realm. Realm name must be unique.
*
* @param uriInfo
* @param rep JSON representation of the realm
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response importRealm(@Context final UriInfo uriInfo, final RealmRepresentation rep) {
public Response importRealm(final RealmRepresentation rep) {
RealmManager realmManager = new RealmManager(session);
realmManager.setContextPath(keycloak.getContextPath());
AdminPermissions.realms(session, auth).requireCreateRealm();
@ -142,7 +140,7 @@ public class RealmsAdminResource {
RealmModel realm = realmManager.importRealm(rep);
grantPermissionsToRealmCreator(realm);
URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build();
URI location = AdminRoot.realmsUrl(session.getContext().getUri()).path(realm.getName()).build();
logger.debugv("imported realm success, sending back: {0}", location.toString());
return Response.created(location).build();

22
services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
View file

@ -19,19 +19,17 @@ package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.services.resources.admin.permissions.RolePermissionManagement;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -43,10 +41,7 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
@ -65,9 +60,6 @@ public class RoleByIdResource extends RoleResource {
@Context
private KeycloakSession session;
@Context
private UriInfo uriInfo;
public RoleByIdResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
super(realm);
@ -120,7 +112,7 @@ public class RoleByIdResource extends RoleResource {
adminEvent.resource(ResourceType.REALM_ROLE);
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
/**
@ -143,7 +135,7 @@ public class RoleByIdResource extends RoleResource {
adminEvent.resource(ResourceType.REALM_ROLE);
}
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
}
/**
@ -158,7 +150,7 @@ public class RoleByIdResource extends RoleResource {
public void addComposites(final @PathParam("role-id") String id, List<RoleRepresentation> roles) {
RoleModel role = getRoleModel(id);
auth.roles().requireManage(role);
addComposites(auth, adminEvent, uriInfo, roles, role);
addComposites(auth, adminEvent, session.getContext().getUri(), roles, role);
}
/**
@ -233,7 +225,7 @@ public class RoleByIdResource extends RoleResource {
public void deleteComposites(final @PathParam("role-id") String id, List<RoleRepresentation> roles) {
RoleModel role = getRoleModel(id);
auth.roles().requireManage(role);
deleteComposites(adminEvent, uriInfo, roles, role);
deleteComposites(adminEvent, session.getContext().getUri(), roles, role);
}
/**

12
services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
View file

@ -19,10 +19,6 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
@ -38,11 +34,13 @@ import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
@ -50,7 +48,6 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
@ -284,8 +281,7 @@ public class RoleContainerResource extends RoleResource {
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Set<RoleRepresentation> getClientRoleComposites(@Context final UriInfo uriInfo,
final @PathParam("role-name") String roleName,
public Set<RoleRepresentation> getClientRoleComposites(final @PathParam("role-name") String roleName,
final @PathParam("client") String client) {
auth.roles().requireView(roleContainer);
RoleModel role = roleContainer.getRole(roleName);

13
services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java
View file

@ -19,7 +19,6 @@ package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
@ -34,8 +33,8 @@ import org.keycloak.representations.idm.ClientMappingsRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -48,7 +47,6 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
@ -83,9 +81,6 @@ public class RoleMapperResource {
@Context
protected ClientConnection clientConnection;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;
@ -236,7 +231,7 @@ public class RoleMapperResource {
roleMapper.grantRole(roleModel);
}
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
/**
@ -279,7 +274,7 @@ public class RoleMapperResource {
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
@ -293,7 +288,7 @@ public class RoleMapperResource {
if (clientModel == null) {
throw new NotFoundException("Client not found");
}
ClientRoleMappingsResource resource = new ClientRoleMappingsResource(uriInfo, session, realm, auth, roleMapper,
ClientRoleMappingsResource resource = new ClientRoleMappingsResource(session.getContext().getUri(), session, realm, auth, roleMapper,
clientModel, adminEvent,
managePermission, viewPermission);
return resource;

47
services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
View file

@ -50,7 +50,6 @@ import org.keycloak.models.UserLoginFailureModel;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
@ -92,7 +91,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.text.MessageFormat;
import java.util.ArrayList;
@ -126,9 +124,6 @@ public class UserResource {
@Context
protected ClientConnection clientConnection;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;
@ -171,7 +166,7 @@ public class UserResource {
updateUserFromRep(user, rep, attrsToRemove, realm, session, true);
RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().commit();
@ -278,15 +273,15 @@ public class UserResource {
if (authenticatedRealm.getId().equals(realm.getId())) {
sameRealm = true;
UserSessionModel userSession = session.sessions().getUserSession(authenticatedRealm, auth.adminAuth().getToken().getSessionState());
AuthenticationManager.expireIdentityCookie(realm, uriInfo, clientConnection);
AuthenticationManager.expireRememberMeCookie(realm, uriInfo, clientConnection);
AuthenticationManager.backchannelLogout(session, authenticatedRealm, userSession, uriInfo, clientConnection, headers, true);
AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection);
AuthenticationManager.expireRememberMeCookie(realm, session.getContext().getUri(), clientConnection);
AuthenticationManager.backchannelLogout(session, authenticatedRealm, userSession, session.getContext().getUri(), clientConnection, headers, true);
}
EventBuilder event = new EventBuilder(realm, session, clientConnection);
UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null);
AuthenticationManager.createLoginCookie(session, realm, userSession.getUser(), userSession, uriInfo, clientConnection);
URI redirect = AccountFormService.accountServiceApplicationPage(uriInfo).build(realm.getName());
AuthenticationManager.createLoginCookie(session, realm, userSession.getUser(), userSession, session.getContext().getUri(), clientConnection);
URI redirect = AccountFormService.accountServiceApplicationPage(session.getContext().getUri()).build(realm.getName());
Map<String, Object> result = new HashMap<>();
result.put("sameRealm", sameRealm);
result.put("redirect", redirect.toString());
@ -403,7 +398,7 @@ public class UserResource {
FederatedIdentityModel socialLink = new FederatedIdentityModel(provider, rep.getUserId(), rep.getUserName());
session.users().addFederatedIdentity(realm, user, socialLink);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(rep).success();
return Response.noContent().build();
}
@ -420,7 +415,7 @@ public class UserResource {
if (!session.users().removeFederatedIdentity(realm, user, provider)) {
throw new NotFoundException("Link not found");
}
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
/**
@ -490,13 +485,13 @@ public class UserResource {
if (revokedConsent) {
// Logout clientSessions for this user and client
AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, uriInfo, headers);
AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, session.getContext().getUri(), headers);
}
if (!revokedConsent && !revokedOfflineToken) {
throw new NotFoundException("Consent nor offline token not found");
}
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -514,9 +509,9 @@ public class UserResource {
List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
for (UserSessionModel userSession : userSessions) {
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true);
}
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -529,7 +524,7 @@ public class UserResource {
boolean removed = new UserManager(session).removeUser(realm, user);
if (removed) {
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
return Response.noContent().build();
} else {
return ErrorResponse.error("User couldn't be deleted", Status.BAD_REQUEST);
@ -598,7 +593,7 @@ public class UserResource {
}
if (pass.isTemporary() != null && pass.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -612,7 +607,7 @@ public class UserResource {
auth.users().requireManage(user);
session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
@ -688,7 +683,7 @@ public class UserResource {
String redirect;
if (redirectUri != null) {
redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri, realm, client);
redirect = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri, realm, client);
if (redirect == null) {
throw new WebApplicationException(
ErrorResponse.error("Invalid redirect uri.", Status.BAD_REQUEST));
@ -702,8 +697,8 @@ public class UserResource {
ExecuteActionsActionToken token = new ExecuteActionsActionToken(user.getId(), expiration, actions, redirectUri, clientId);
try {
UriBuilder builder = LoginActionsService.actionTokenProcessor(uriInfo);
builder.queryParam("key", token.serialize(session, realm, uriInfo));
UriBuilder builder = LoginActionsService.actionTokenProcessor(session.getContext().getUri());
builder.queryParam("key", token.serialize(session, realm, session.getContext().getUri()));
String link = builder.build(realm.getName()).toString();
@ -715,7 +710,7 @@ public class UserResource {
//audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
return Response.ok().build();
} catch (EmailException e) {
@ -772,7 +767,7 @@ public class UserResource {
try {
if (user.isMemberOf(group)){
user.leaveGroup(group);
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success();
}
} catch (ModelException me) {
Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
@ -793,7 +788,7 @@ public class UserResource {
auth.groups().requireManageMembership(group);
if (!user.isMemberOf(group)){
user.joinGroup(group);
adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success();
adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success();
}
}

8
services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java
View file

@ -43,7 +43,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
@ -64,9 +63,6 @@ public class UserStorageProviderResource {
@Context
protected ClientConnection clientConnection;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;
@ -153,7 +149,7 @@ public class UserStorageProviderResource {
Map<String, Object> eventRep = new HashMap<>();
eventRep.put("action", action);
eventRep.put("result", syncResult);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(eventRep).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(eventRep).success();
return syncResult;
}
@ -241,7 +237,7 @@ public class UserStorageProviderResource {
Map<String, Object> eventRep = new HashMap<>();
eventRep.put("action", direction);
eventRep.put("result", syncResult);
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(eventRep).success();
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(eventRep).success();
return syncResult;
}

14
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -20,7 +20,6 @@ import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
@ -34,7 +33,8 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.*;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
@ -77,9 +77,6 @@ public class UsersResource {
@Context
protected ClientConnection clientConnection;
@Context
protected UriInfo uriInfo;
@Context
protected KeycloakSession session;
@ -97,13 +94,12 @@ public class UsersResource {
*
* Username must be unique.
*
* @param uriInfo
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createUser(final @Context UriInfo uriInfo, final UserRepresentation rep) {
public Response createUser(final UserRepresentation rep) {
auth.users().requireManage();
// Double-check duplicated username and email here due to federation
@ -120,13 +116,13 @@ public class UsersResource {
UserResource.updateUserFromRep(user, rep, emptySet, realm, session, false);
RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success();
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success();
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().commit();
}
return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getId()).build()).build();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(user.getId()).build()).build();
} catch (ModelDuplicateException e) {
if (session.getTransactionManager().isActive()) {
session.getTransactionManager().setRollbackOnly();

7
services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java
View file

@ -22,8 +22,8 @@ import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.util.IdentityBrokerState;
import org.keycloak.broker.social.SocialIdentityProvider;
@ -173,11 +173,6 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
@Context
protected HttpHeaders headers;
@Context
protected UriInfo uriInfo;
public Endpoint(RealmModel realm, AuthenticationCallback callback, EventBuilder event) {
this.realm = realm;
this.callback = callback;