From 7b7fbd32572a279ddec9b98b497c5c1fd89ba806 Mon Sep 17 00:00:00 2001 From: Thomas Raehalme Date: Fri, 6 Nov 2015 09:52:41 +0200 Subject: [PATCH 1/3] Added sendError(int) to HttpFacade.Response. --- .../java/org/keycloak/adapters/spi/HttpFacade.java | 1 + .../main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java | 7 +++++++ .../keycloak/adapters/jetty/spi/JettyHttpFacade.java | 9 +++++++++ .../keycloak/adapters/servlet/ServletHttpFacade.java | 9 +++++++++ .../facade/WrappedHttpServletResponse.java | 9 +++++++++ .../keycloak/adapters/tomcat/CatalinaHttpFacade.java | 10 ++++++++++ .../keycloak/adapters/undertow/UndertowHttpFacade.java | 6 ++++++ 7 files changed, 51 insertions(+) diff --git a/integration/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java b/integration/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java index fb3804e299..cf6e0d5a4d 100755 --- a/integration/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java +++ b/integration/adapter-spi/src/main/java/org/keycloak/adapters/spi/HttpFacade.java @@ -56,6 +56,7 @@ public interface HttpFacade { void resetCookie(String name, String path); void setCookie(String name, String value, String path, String domain, int maxAge, boolean secure, boolean httpOnly); OutputStream getOutputStream(); + void sendError(int code); void sendError(int code, String message); /** diff --git a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java index cce85d541d..29f483b43c 100755 --- a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java +++ b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsHttpFacade.java @@ -132,6 +132,13 @@ public class JaxrsHttpFacade implements OIDCHttpFacade { throw new IllegalStateException("Not supported yet"); } + @Override + public void sendError(int code) { + javax.ws.rs.core.Response response = responseBuilder.status(code).build(); + requestContext.abortWith(response); + responseFinished = true; + } + @Override public void sendError(int code, String message) { javax.ws.rs.core.Response response = responseBuilder.status(code).entity(message).build(); diff --git a/integration/jetty/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java b/integration/jetty/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java index ea2b3afcbb..c1008fd3f3 100755 --- a/integration/jetty/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java +++ b/integration/jetty/jetty-adapter-spi/src/main/java/org/keycloak/adapters/jetty/spi/JettyHttpFacade.java @@ -170,6 +170,15 @@ public class JettyHttpFacade implements HttpFacade { } } + @Override + public void sendError(int code) { + try { + response.sendError(code); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + @Override public void sendError(int code, String message) { try { diff --git a/integration/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java b/integration/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java index 1550eaa745..eb487f5f9b 100755 --- a/integration/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java +++ b/integration/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/ServletHttpFacade.java @@ -156,6 +156,15 @@ public class ServletHttpFacade implements HttpFacade { } } + @Override + public void sendError(int code) { + try { + response.sendError(code); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + @Override public void sendError(int code, String message) { try { diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java index c6b352fd42..c356ebd22d 100644 --- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java +++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java @@ -95,6 +95,15 @@ class WrappedHttpServletResponse implements Response { } } + @Override + public void sendError(int code) { + try { + response.sendError(code); + } catch (IOException e) { + throw new RuntimeException("Unable to set HTTP status", e); + } + } + @Override public void sendError(int code, String message) { try { diff --git a/integration/tomcat/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java b/integration/tomcat/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java index cdac621243..ba0b3764d7 100755 --- a/integration/tomcat/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java +++ b/integration/tomcat/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/CatalinaHttpFacade.java @@ -167,6 +167,15 @@ public class CatalinaHttpFacade implements HttpFacade { } } + @Override + public void sendError(int code) { + try { + response.sendError(code); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + @Override public void sendError(int code, String message) { try { @@ -176,6 +185,7 @@ public class CatalinaHttpFacade implements HttpFacade { } } + @Override public void end() { ended = true; diff --git a/integration/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java b/integration/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java index 3d378777f6..f420533449 100755 --- a/integration/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java +++ b/integration/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java @@ -170,6 +170,12 @@ public class UndertowHttpFacade implements HttpFacade { return exchange.getOutputStream(); } + @Override + public void sendError(int code) { + exchange.setResponseCode(code); + exchange.endExchange(); + } + @Override public void sendError(int code, String message) { exchange.setResponseCode(code); From 68edf9ce488e83bc30d1fdbc963c5cf34f4cf19c Mon Sep 17 00:00:00 2001 From: Thomas Raehalme Date: Fri, 6 Nov 2015 10:48:36 +0200 Subject: [PATCH 2/3] Errors are now reported using sendError instead of setStatus. This change was made to enable the use of error pages defined in web.xml. --- .../adapters/AuthenticatedActionsHandler.java | 4 ++-- .../adapters/OAuthRequestAuthenticator.java | 20 ++----------------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java index 5e243de419..8083654967 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java @@ -57,7 +57,7 @@ public class AuthenticatedActionsHandler { protected boolean abortTokenResponse() { if (facade.getSecurityContext() == null) { log.debugv("Not logged in, sending back 401: {0}",facade.getRequest().getURI()); - facade.getResponse().setStatus(401); + facade.getResponse().sendError(401); facade.getResponse().end(); return true; } @@ -94,7 +94,7 @@ public class AuthenticatedActionsHandler { log.debugv("allowedOrigins did not contain origin"); } - facade.getResponse().setStatus(403); + facade.getResponse().sendError(403); facade.getResponse().end(); return true; } diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java index 908d2398aa..d34100311f 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java @@ -174,23 +174,7 @@ public class OAuthRequestAuthenticator { final String state = getStateCode(); final String redirect = getRedirectUri(state); if (redirect == null) { - return new AuthChallenge() { - @Override - public boolean challenge(HttpFacade exchange) { - exchange.getResponse().setStatus(403); - return true; - } - - @Override - public boolean errorPage() { - return true; - } - - @Override - public int getResponseCode() { - return 403; - } - }; + return challenge(403); } return new AuthChallenge() { @@ -283,7 +267,7 @@ public class OAuthRequestAuthenticator { @Override public boolean challenge(HttpFacade exchange) { - exchange.getResponse().setStatus(code); + exchange.getResponse().sendError(code); return true; } }; From 14292843ff53b62392d0a2fb16e2c25f1fc4a56c Mon Sep 17 00:00:00 2001 From: Thomas Darimont Date: Thu, 19 Nov 2015 13:54:18 +0100 Subject: [PATCH 3/3] Fix missing group in angular $scope in GroupMembersCtrl. Previously navigating to the group members tab of a group breaks other groups links (RoleMappings, Attributes etc.) because the groupId part of the url is missing. One sees: /auth/admin/master/console/#/realms/master/groups//role-mappings Instead of: /auth/admin/master/console/#/realms/master/groups/0f77aeed-7d16-4938-9fcc-c74b1125e5e0/role-mappings --- .../theme/base/admin/resources/js/controllers/groups.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/groups.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/groups.js index 811343beb5..93070ba152 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/groups.js +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/groups.js @@ -323,7 +323,7 @@ module.controller('GroupRoleMappingCtrl', function($scope, $http, realm, group, module.controller('GroupMembersCtrl', function($scope, realm, group, GroupMembership) { $scope.realm = realm; $scope.page = 0; - + $scope.group = group; $scope.query = { realm: realm.realm,