From c5dbab27404dac5fdb4c5ffbfb2fff307dfe95df Mon Sep 17 00:00:00 2001 From: Douglas Palmer Date: Tue, 23 Apr 2024 09:36:36 -0700 Subject: [PATCH] Remove Jetty SAML adapter Closes #28782 Signed-off-by: Douglas Palmer --- adapters/saml/jetty/jetty-core/pom.xml | 147 ------- .../saml/jetty/AbstractSamlAuthenticator.java | 401 ------------------ .../saml/jetty/JettySamlSessionStore.java | 191 --------- adapters/saml/jetty/jetty9.4/pom.xml | 152 ------- .../saml/jetty/Jetty9SamlSessionStore.java | 44 -- .../saml/jetty/Jetty9SessionManager.java | 49 --- .../saml/jetty/JettyAdapterSessionStore.java | 111 ----- .../saml/jetty/KeycloakSamlAuthenticator.java | 73 ---- adapters/saml/jetty/pom.xml | 37 -- adapters/saml/pom.xml | 1 - pom.xml | 18 +- .../servers/app-server/jetty/94/pom.xml | 4 - .../servers/app-server/jetty/common/pom.xml | 5 - 13 files changed, 1 insertion(+), 1232 deletions(-) delete mode 100755 adapters/saml/jetty/jetty-core/pom.xml delete mode 100755 adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java delete mode 100755 adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java delete mode 100644 adapters/saml/jetty/jetty9.4/pom.xml delete mode 100644 adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java delete mode 100755 adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SessionManager.java delete mode 100644 adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/JettyAdapterSessionStore.java delete mode 100644 adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/KeycloakSamlAuthenticator.java delete mode 100755 adapters/saml/jetty/pom.xml diff --git a/adapters/saml/jetty/jetty-core/pom.xml b/adapters/saml/jetty/jetty-core/pom.xml deleted file mode 100755 index 717c8ebf21..0000000000 --- a/adapters/saml/jetty/jetty-core/pom.xml +++ /dev/null @@ -1,147 +0,0 @@ - - - - - - keycloak-parent - org.keycloak - 999.0.0-SNAPSHOT - ../../../../pom.xml - - 4.0.0 - - keycloak-saml-jetty-adapter-core - Keycloak Jetty Core SAML Integration - - 8.1.17.v20150415 - - org.keycloak.adapters.jetty.core.* - - - org.eclipse.jetty.*;version="[8.1,10)";resolution:=optional, - javax.servlet.*;version="[2.5,4)";resolution:=optional, - org.keycloak.*;version="${project.version}", - *;resolution:=optional - - - - - - - org.jboss.logging - jboss-logging - - - org.jboss.logging - commons-logging-jboss-logging - runtime - - - org.keycloak - keycloak-adapter-spi - - - org.keycloak - keycloak-jetty-adapter-spi - - - org.keycloak - keycloak-saml-core - - - org.keycloak - keycloak-saml-adapter-api-public - - - org.keycloak - keycloak-saml-adapter-core - - - org.apache.httpcomponents - httpclient - - - org.bouncycastle - bcprov-jdk18on - - - org.eclipse.jetty - jetty-server - ${jetty9.version} - provided - - - - org.eclipse.jetty - jetty-util - ${jetty9.version} - provided - - - - org.eclipse.jetty - jetty-security - ${jetty9.version} - provided - - - - junit - junit - test - - - - - - - maven-jar-plugin - - - ${project.build.outputDirectory}/META-INF/MANIFEST.MF - - - - - org.apache.felix - maven-bundle-plugin - true - - - bundle-manifest - process-classes - - manifest - - - - - - . - ${project.name} - ${project.groupId}.${project.artifactId} - ${keycloak.osgi.import} - ${keycloak.osgi.export} - - - - - - - diff --git a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java b/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java deleted file mode 100755 index 415c9deaf2..0000000000 --- a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/AbstractSamlAuthenticator.java +++ /dev/null @@ -1,401 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.jetty; - -import org.eclipse.jetty.security.DefaultUserIdentity; -import org.eclipse.jetty.security.IdentityService; -import org.eclipse.jetty.security.LoginService; -import org.eclipse.jetty.security.ServerAuthException; -import org.eclipse.jetty.security.UserAuthentication; -import org.eclipse.jetty.security.authentication.DeferredAuthentication; -import org.eclipse.jetty.security.authentication.FormAuthenticator; -import org.eclipse.jetty.security.authentication.LoginAuthenticator; -import org.eclipse.jetty.server.Authentication; -import org.eclipse.jetty.server.Request; -import org.eclipse.jetty.server.UserIdentity; -import org.eclipse.jetty.server.handler.ContextHandler; -import org.jboss.logging.Logger; -import org.keycloak.adapters.jetty.spi.JettyHttpFacade; -import org.keycloak.adapters.jetty.spi.JettyUserSessionManagement; -import org.keycloak.adapters.saml.AdapterConstants; -import org.keycloak.adapters.saml.SamlAuthenticator; -import org.keycloak.adapters.saml.SamlConfigResolver; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlDeploymentContext; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder; -import org.keycloak.adapters.saml.config.parsers.ResourceLoader; -import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler; -import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler; -import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint; -import org.keycloak.adapters.spi.AdapterSessionStore; -import org.keycloak.adapters.spi.AuthChallenge; -import org.keycloak.adapters.spi.AuthOutcome; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.spi.InMemorySessionIdMapper; -import org.keycloak.adapters.spi.SessionIdMapper; -import org.keycloak.saml.common.exceptions.ParsingException; - -import javax.security.auth.Subject; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletResponse; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.util.HashSet; -import java.util.Set; -import java.util.regex.Pattern; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public abstract class AbstractSamlAuthenticator extends LoginAuthenticator { - public static final String TOKEN_STORE_NOTE = "TOKEN_STORE_NOTE"; - protected static final Logger log = Logger.getLogger(AbstractSamlAuthenticator.class); - protected SamlDeploymentContext deploymentContext; - protected SamlConfigResolver configResolver; - protected String errorPage; - protected SessionIdMapper idMapper = new InMemorySessionIdMapper(); - - public AbstractSamlAuthenticator() { - super(); - } - - private static InputStream getJSONFromServletContext(ServletContext servletContext) { - String json = servletContext.getInitParameter(AdapterConstants.AUTH_DATA_PARAM_NAME); - if (json == null) { - return null; - } - return new ByteArrayInputStream(json.getBytes()); - } - - public JettySamlSessionStore getTokenStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) { - JettySamlSessionStore store = (JettySamlSessionStore) request.getAttribute(TOKEN_STORE_NOTE); - if (store != null) { - return store; - } - store = createJettySamlSessionStore(request, facade, resolvedDeployment); - - request.setAttribute(TOKEN_STORE_NOTE, store); - return store; - } - - protected JettySamlSessionStore createJettySamlSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) { - JettySamlSessionStore store; - store = new JettySamlSessionStore(request, createSessionTokenStore(request, resolvedDeployment), facade, idMapper, createSessionManagement(request), resolvedDeployment); - return store; - } - - public abstract AdapterSessionStore createSessionTokenStore(Request request, SamlDeployment resolvedDeployment); - - public abstract JettyUserSessionManagement createSessionManagement(Request request); - - public void logoutCurrent(Request request) { - JettyHttpFacade facade = new JettyHttpFacade(request, null); - SamlDeployment deployment = deploymentContext.resolveDeployment(facade); - JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment); - tokenStore.logoutAccount(); - } - - private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:"); - - protected void forwardToLogoutPage(Request request, HttpServletResponse response, SamlDeployment deployment) { - final String location = deployment.getLogoutPage(); - - try { - //make sure the login page is never cached - response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); - response.setHeader("Pragma", "no-cache"); - response.setHeader("Expires", "0"); - - if (location == null) { - log.warn("Logout page not set."); - response.sendError(HttpServletResponse.SC_NOT_FOUND); - } else if (PROTOCOL_PATTERN.matcher(location).find()) { - response.sendRedirect(response.encodeRedirectURL(location)); - } else { - RequestDispatcher disp = request.getRequestDispatcher(location); - - disp.forward(request, response); - } - } catch (ServletException e) { - throw new RuntimeException(e); - } catch (IOException e) { - throw new RuntimeException(e); - } - - } - - private static class DummyLoginService implements LoginService { - @Override - public String getName() { - return null; - } - - @Override - public UserIdentity login(String username, Object credentials) { - return null; - } - - @Override - public boolean validate(UserIdentity user) { - return false; - } - - @Override - public IdentityService getIdentityService() { - return null; - } - - @Override - public void setIdentityService(IdentityService service) { - - } - - @Override - public void logout(UserIdentity user) { - - } - } - - - - @Override - public void setConfiguration(AuthConfiguration configuration) { - //super.setConfiguration(configuration); - initializeKeycloak(); - // need this so that getUserPrincipal does not throw NPE - _loginService = new DummyLoginService(); - String error = configuration.getInitParameter(FormAuthenticator.__FORM_ERROR_PAGE); - setErrorPage(error); - } - - private void setErrorPage(String path) { - if (path == null || path.trim().length() == 0) { - } else { - if (!path.startsWith("/")) { - path = "/" + path; - } - errorPage = path; - - if (errorPage.indexOf('?') > 0) - errorPage = errorPage.substring(0, errorPage.indexOf('?')); - } - } - - @Override - public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException { - return true; - } - - - - public SamlConfigResolver getConfigResolver() { - return configResolver; - } - - public void setConfigResolver(SamlConfigResolver configResolver) { - this.configResolver = configResolver; - } - - @SuppressWarnings("UseSpecificCatch") - public void initializeKeycloak() { - - ServletContext theServletContext = null; - ContextHandler.Context currentContext = ContextHandler.getCurrentContext(); - if (currentContext != null) { - String contextPath = currentContext.getContextPath(); - - if ("".equals(contextPath)) { - // This could be the case in osgi environment when deploying apps through pax whiteboard extension. - theServletContext = currentContext; - } else { - theServletContext = currentContext.getContext(contextPath); - } - } - - // Jetty 9.1.x servlet context will be null :( - if (configResolver == null && theServletContext != null) { - String configResolverClass = theServletContext.getInitParameter("keycloak.config.resolver"); - if (configResolverClass != null) { - try { - configResolver = (SamlConfigResolver) ContextHandler.getCurrentContext().getClassLoader().loadClass(configResolverClass).newInstance(); - log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass); - } catch (Exception ex) { - log.infov("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[]{configResolverClass, ex.getMessage()}); - } - } - } - - if (configResolver != null) { - //deploymentContext = new AdapterDeploymentContext(configResolver); - } else if (theServletContext != null) { - InputStream configInputStream = getConfigInputStream(theServletContext); - if (configInputStream != null) { - final ServletContext servletContext = theServletContext; - SamlDeployment deployment = null; - try { - deployment = new DeploymentBuilder().build(configInputStream, new ResourceLoader() { - @Override - public InputStream getResourceAsStream(String resource) { - return servletContext.getResourceAsStream(resource); - } - }); - } catch (ParsingException e) { - throw new RuntimeException(e); - } - deploymentContext = new SamlDeploymentContext(deployment); - } - } - if (theServletContext != null) - theServletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext); - } - - private InputStream getConfigInputStream(ServletContext servletContext) { - InputStream is = getJSONFromServletContext(servletContext); - if (is == null) { - String path = servletContext.getInitParameter("keycloak.config.file"); - if (path == null) { - is = servletContext.getResourceAsStream("/WEB-INF/keycloak-saml.xml"); - } else { - try { - is = new FileInputStream(path); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } - } - } - return is; - } - - @Override - public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { - if (log.isTraceEnabled()) { - log.trace("*** authenticate"); - } - Request request = resolveRequest(req); - JettyHttpFacade facade = new JettyHttpFacade(request, (HttpServletResponse) res); - SamlDeployment deployment = deploymentContext.resolveDeployment(facade); - if (deployment == null || !deployment.isConfigured()) { - log.debug("*** deployment isn't configured return false"); - return Authentication.UNAUTHENTICATED; - } - boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml"); - if (!mandatory && !isEndpoint) - return new DeferredAuthentication(this); - JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment); - - SamlAuthenticator authenticator = null; - if (isEndpoint) { - authenticator = new SamlAuthenticator(facade, deployment, tokenStore) { - @Override - protected void completeAuthentication(SamlSession account) { - - } - - @Override - protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - return new SamlEndpoint(facade, deployment, sessionStore); - } - }; - - } else { - authenticator = new SamlAuthenticator(facade, deployment, tokenStore) { - @Override - protected void completeAuthentication(SamlSession account) { - - } - - @Override - protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - return new BrowserHandler(facade, deployment, sessionStore); - } - }; - } - AuthOutcome outcome = authenticator.authenticate(); - if (outcome == AuthOutcome.AUTHENTICATED) { - if (facade.isEnded()) { - return Authentication.SEND_SUCCESS; - } - SamlSession samlSession = tokenStore.getAccount(); - Authentication authentication = register(request, samlSession); - return authentication; - - } - if (outcome == AuthOutcome.LOGGED_OUT) { - logoutCurrent(request); - if (deployment.getLogoutPage() != null) { - forwardToLogoutPage(request, (HttpServletResponse)res, deployment); - - } - return Authentication.SEND_CONTINUE; - } - - AuthChallenge challenge = authenticator.getChallenge(); - if (challenge != null) { - challenge.challenge(facade); - } - return Authentication.SEND_CONTINUE; - } - - - protected abstract Request resolveRequest(ServletRequest req); - - @Override - public String getAuthMethod() { - return "KEYCLOAK-SAML"; - } - - public static UserIdentity createIdentity(SamlSession samlSession) { - Set roles = samlSession.getRoles(); - if (roles == null) { - roles = new HashSet(); - } - Subject theSubject = new Subject(); - String[] theRoles = new String[roles.size()]; - roles.toArray(theRoles); - - return new DefaultUserIdentity(theSubject, samlSession.getPrincipal(), theRoles); - } - public Authentication register(Request request, SamlSession samlSession) { - Authentication authentication = request.getAuthentication(); - if (!(authentication instanceof KeycloakAuthentication)) { - UserIdentity userIdentity = createIdentity(samlSession); - authentication = createAuthentication(userIdentity, request); - request.setAuthentication(authentication); - } - return authentication; - } - - public abstract Authentication createAuthentication(UserIdentity userIdentity, Request request); - - public static abstract class KeycloakAuthentication extends UserAuthentication { - public KeycloakAuthentication(String method, UserIdentity userIdentity) { - super(method, userIdentity); - } - - } -} diff --git a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java b/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java deleted file mode 100755 index ad5bd30b1b..0000000000 --- a/adapters/saml/jetty/jetty-core/src/main/java/org/keycloak/adapters/saml/jetty/JettySamlSessionStore.java +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.jetty; - -import org.eclipse.jetty.server.Request; -import org.jboss.logging.Logger; -import org.keycloak.adapters.jetty.spi.JettyUserSessionManagement; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.SamlUtil; -import org.keycloak.adapters.spi.AdapterSessionStore; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.spi.SessionIdMapper; -import org.keycloak.common.util.KeycloakUriBuilder; - -import javax.servlet.http.HttpSession; -import java.util.LinkedList; -import java.util.List; -import java.util.Set; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class JettySamlSessionStore implements SamlSessionStore { - public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI"; - private static final Logger log = Logger.getLogger(JettySamlSessionStore.class); - protected Request request; - protected AdapterSessionStore sessionStore; - protected HttpFacade facade; - protected SessionIdMapper idMapper; - protected JettyUserSessionManagement sessionManagement; - protected final SamlDeployment deployment; - - public JettySamlSessionStore(Request request, AdapterSessionStore sessionStore, HttpFacade facade, - SessionIdMapper idMapper, JettyUserSessionManagement sessionManagement, SamlDeployment deployment) { - this.request = request; - this.sessionStore = sessionStore; - this.facade = facade; - this.idMapper = idMapper; - this.sessionManagement = sessionManagement; - this.deployment = deployment; - } - - @Override - public void setCurrentAction(CurrentAction action) { - if (action == CurrentAction.NONE && request.getSession(false) == null) return; - request.getSession().setAttribute(CURRENT_ACTION, action); - } - - @Override - public boolean isLoggingIn() { - HttpSession session = request.getSession(false); - if (session == null) return false; - CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION); - return action == CurrentAction.LOGGING_IN; - } - - @Override - public boolean isLoggingOut() { - HttpSession session = request.getSession(false); - if (session == null) return false; - CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION); - return action == CurrentAction.LOGGING_OUT; - } - - @Override - public void logoutAccount() { - HttpSession session = request.getSession(false); - if (session != null) { - SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName()); - if (samlSession != null) { - if (samlSession.getSessionIndex() != null) { - idMapper.removeSession(session.getId()); - } - session.removeAttribute(SamlSession.class.getName()); - } - session.removeAttribute(SAML_REDIRECT_URI); - } - } - - @Override - public void logoutByPrincipal(String principal) { - Set sessions = idMapper.getUserSessions(principal); - if (sessions != null) { - List ids = new LinkedList(); - ids.addAll(sessions); - logoutSessionIds(ids); - for (String id : ids) { - idMapper.removeSession(id); - } - } - - } - - @Override - public void logoutBySsoId(List ssoIds) { - if (ssoIds == null) return; - List sessionIds = new LinkedList(); - for (String id : ssoIds) { - String sessionId = idMapper.getSessionFromSSO(id); - if (sessionId != null) { - sessionIds.add(sessionId); - idMapper.removeSession(sessionId); - } - - } - logoutSessionIds(sessionIds); - } - - protected void logoutSessionIds(List sessionIds) { - if (sessionIds == null || sessionIds.isEmpty()) return; - sessionManagement.logoutHttpSessions(sessionIds); - } - - @Override - public boolean isLoggedIn() { - HttpSession session = request.getSession(false); - if (session == null) { - log.debug("session was null, returning false"); - return false; - } - SamlSession samlSession = SamlUtil.validateSamlSession(session.getAttribute(SamlSession.class.getName()), deployment); - if (samlSession == null) { - return false; - } - - restoreRequest(); - return true; - } - - @Override - public void saveAccount(SamlSession account) { - HttpSession session = request.getSession(true); - session.setAttribute(SamlSession.class.getName(), account); - - idMapper.map(account.getSessionIndex(), account.getPrincipal().getSamlSubject(), changeSessionId(session)); - - } - - protected String changeSessionId(HttpSession session) { - return session.getId(); - } - - @Override - public SamlSession getAccount() { - HttpSession session = request.getSession(true); - return (SamlSession)session.getAttribute(SamlSession.class.getName()); - } - - @Override - public String getRedirectUri() { - String redirect = (String)request.getSession(true).getAttribute(SAML_REDIRECT_URI); - if (redirect == null) { - String contextPath = request.getContextPath(); - String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString(); - return SamlUtil.getRedirectTo(facade, contextPath, baseUri); - } - return redirect; - } - - @Override - public void saveRequest() { - sessionStore.saveRequest(); - - request.getSession(true).setAttribute(SAML_REDIRECT_URI, facade.getRequest().getURI()); - - } - - @Override - public boolean restoreRequest() { - return sessionStore.restoreRequest(); - } - -} diff --git a/adapters/saml/jetty/jetty9.4/pom.xml b/adapters/saml/jetty/jetty9.4/pom.xml deleted file mode 100644 index 91e5589f0b..0000000000 --- a/adapters/saml/jetty/jetty9.4/pom.xml +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - keycloak-parent - org.keycloak - 999.0.0-SNAPSHOT - ../../../../pom.xml - - 4.0.0 - - keycloak-saml-jetty94-adapter - Keycloak Jetty 9.4.x SAML Integration - - ${jetty94.version} - - org.keycloak.adapters.jetty.* - - - org.eclipse.jetty.*;resolution:=optional, - javax.servlet.*;version="[3.0,4)";resolution:=optional, - org.keycloak.*;version="${project.version}", - *;resolution:=optional - - - - - - - org.jboss.logging - jboss-logging - - - org.keycloak - keycloak-common - - - org.bouncycastle - bcprov-jdk18on - - - org.keycloak - keycloak-saml-adapter-api-public - - - org.keycloak - keycloak-saml-adapter-core - - - org.keycloak - keycloak-adapter-spi - - - org.keycloak - keycloak-saml-jetty-adapter-core - - - org.eclipse.jetty - jetty-server - - - org.eclipse.jetty - jetty-util - - - org.eclipse.jetty - jetty-security - - - - - org.eclipse.jetty - jetty-server - ${jetty9.version} - provided - - - - org.eclipse.jetty - jetty-util - ${jetty9.version} - provided - - - - org.eclipse.jetty - jetty-security - ${jetty9.version} - provided - - - - junit - junit - test - - - - - - - maven-jar-plugin - - - ${project.build.outputDirectory}/META-INF/MANIFEST.MF - - - - - org.apache.felix - maven-bundle-plugin - true - - - bundle-manifest - process-classes - - manifest - - - - - - . - ${project.name} - ${project.groupId}.${project.artifactId} - ${keycloak.osgi.import} - ${keycloak.osgi.export} - - - - - - - diff --git a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java b/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java deleted file mode 100644 index fa618cb573..0000000000 --- a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SamlSessionStore.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.jetty; - -import org.eclipse.jetty.server.Request; -import org.keycloak.adapters.jetty.spi.JettyUserSessionManagement; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.spi.AdapterSessionStore; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.spi.SessionIdMapper; - -import javax.servlet.http.HttpSession; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class Jetty9SamlSessionStore extends JettySamlSessionStore { - public Jetty9SamlSessionStore(Request request, AdapterSessionStore sessionStore, HttpFacade facade, SessionIdMapper idMapper, JettyUserSessionManagement sessionManagement, SamlDeployment deployment) { - super(request, sessionStore, facade, idMapper, sessionManagement, deployment); - } - - @Override - protected String changeSessionId(HttpSession session) { - Request request = this.request; - if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId(); - else return session.getId(); - } -} diff --git a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SessionManager.java b/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SessionManager.java deleted file mode 100755 index bd560577b1..0000000000 --- a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/Jetty9SessionManager.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.jetty; - -import org.eclipse.jetty.server.session.Session; -import org.eclipse.jetty.server.session.SessionHandler; -import org.keycloak.adapters.jetty.spi.JettySessionManager; - -import javax.servlet.http.HttpSession; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class Jetty9SessionManager implements JettySessionManager { - protected SessionHandler sessionHandler; - - public Jetty9SessionManager(SessionHandler sessionHandler) { - this.sessionHandler = sessionHandler; - } - - @Override - public HttpSession getHttpSession(String extendedId) { - // inlined code from sessionHandler.getHttpSession(extendedId) since the method visibility changed to protected - - String id = sessionHandler.getSessionIdManager().getId(extendedId); - Session session = sessionHandler.getSession(id); - - if (session != null && !session.getExtendedId().equals(extendedId)) { - session.setIdChanged(true); - } - return session; - } -} diff --git a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/JettyAdapterSessionStore.java b/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/JettyAdapterSessionStore.java deleted file mode 100644 index 17246056c6..0000000000 --- a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/JettyAdapterSessionStore.java +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.jetty; - -import org.eclipse.jetty.security.authentication.FormAuthenticator; -import org.eclipse.jetty.server.Request; -import org.eclipse.jetty.util.MultiMap; -import org.keycloak.adapters.jetty.spi.JettyHttpFacade; -import org.keycloak.adapters.spi.AdapterSessionStore; -import org.keycloak.common.util.MultivaluedHashMap; - -import javax.servlet.http.HttpSession; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class JettyAdapterSessionStore implements AdapterSessionStore { - public static final String CACHED_FORM_PARAMETERS = "__CACHED_FORM_PARAMETERS"; - protected Request myRequest; - - public JettyAdapterSessionStore(Request request) { - this.myRequest = request; // for IDE/compilation purposes - } - - protected MultiMap extractFormParameters(Request base_request) { - MultiMap formParameters = new MultiMap(); - base_request.extractFormParameters(formParameters); - return formParameters; - } - protected void restoreFormParameters(MultiMap j_post, Request base_request) { - base_request.setContentParameters(j_post); - } - - public boolean restoreRequest() { - HttpSession session = myRequest.getSession(false); - if (session == null) return false; - synchronized (session) { - String j_uri = (String) session.getAttribute(FormAuthenticator.__J_URI); - if (j_uri != null) { - // check if the request is for the same url as the original and restore - // params if it was a post - StringBuffer buf = myRequest.getRequestURL(); - if (myRequest.getQueryString() != null) - buf.append("?").append(myRequest.getQueryString()); - if (j_uri.equals(buf.toString())) { - String method = (String)session.getAttribute(JettyHttpFacade.__J_METHOD); - myRequest.setMethod(method); - MultivaluedHashMap j_post = (MultivaluedHashMap) session.getAttribute(CACHED_FORM_PARAMETERS); - if (j_post != null) { - myRequest.setContentType("application/x-www-form-urlencoded"); - MultiMap map = new MultiMap(); - for (String key : j_post.keySet()) { - for (String val : j_post.getList(key)) { - map.add(key, val); - } - } - restoreFormParameters(map, myRequest); - } - session.removeAttribute(FormAuthenticator.__J_URI); - session.removeAttribute(JettyHttpFacade.__J_METHOD); - session.removeAttribute(FormAuthenticator.__J_POST); - } - return true; - } - } - return false; - } - - public void saveRequest() { - // remember the current URI - HttpSession session = myRequest.getSession(); - synchronized (session) { - // But only if it is not set already, or we save every uri that leads to a login form redirect - if (session.getAttribute(FormAuthenticator.__J_URI) == null) { - StringBuffer buf = myRequest.getRequestURL(); - if (myRequest.getQueryString() != null) - buf.append("?").append(myRequest.getQueryString()); - session.setAttribute(FormAuthenticator.__J_URI, buf.toString()); - session.setAttribute(JettyHttpFacade.__J_METHOD, myRequest.getMethod()); - - if ("application/x-www-form-urlencoded".equals(myRequest.getContentType()) && "POST".equalsIgnoreCase(myRequest.getMethod())) { - MultiMap formParameters = extractFormParameters(myRequest); - MultivaluedHashMap map = new MultivaluedHashMap(); - for (String key : formParameters.keySet()) { - for (Object value : formParameters.getValues(key)) { - map.add(key, (String) value); - } - } - session.setAttribute(CACHED_FORM_PARAMETERS, map); - } - } - } - } - -} diff --git a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/KeycloakSamlAuthenticator.java b/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/KeycloakSamlAuthenticator.java deleted file mode 100644 index 4ec71cd178..0000000000 --- a/adapters/saml/jetty/jetty9.4/src/main/java/org/keycloak/adapters/saml/jetty/KeycloakSamlAuthenticator.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.jetty; - -import org.eclipse.jetty.server.Authentication; -import org.eclipse.jetty.server.Request; -import org.eclipse.jetty.server.UserIdentity; -import org.keycloak.adapters.jetty.spi.JettyUserSessionManagement; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.spi.AdapterSessionStore; -import org.keycloak.adapters.spi.HttpFacade; - -import javax.servlet.ServletRequest; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class KeycloakSamlAuthenticator extends AbstractSamlAuthenticator { - - public KeycloakSamlAuthenticator() { - super(); - } - - - @Override - protected Request resolveRequest(ServletRequest req) { - return Request.getBaseRequest(req); - } - - @Override - public Authentication createAuthentication(UserIdentity userIdentity, final Request request) { - return new KeycloakAuthentication(getAuthMethod(), userIdentity) { - @Override - public Authentication logout(ServletRequest servletRequest) { - logoutCurrent((Request) servletRequest); - return super.logout(servletRequest); - } - }; - } - - @Override - public AdapterSessionStore createSessionTokenStore(Request request, SamlDeployment resolvedDeployment) { - return new JettyAdapterSessionStore(request); - } - - @Override - public JettyUserSessionManagement createSessionManagement(Request request) { - return new JettyUserSessionManagement(new Jetty9SessionManager(request.getSessionHandler())); - } - - @Override - protected JettySamlSessionStore createJettySamlSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) { - JettySamlSessionStore store; - store = new Jetty9SamlSessionStore(request, createSessionTokenStore(request, resolvedDeployment), facade, idMapper, createSessionManagement(request), resolvedDeployment); - return store; - } -} diff --git a/adapters/saml/jetty/pom.xml b/adapters/saml/jetty/pom.xml deleted file mode 100755 index dda79695de..0000000000 --- a/adapters/saml/jetty/pom.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - keycloak-parent - org.keycloak - 999.0.0-SNAPSHOT - ../../../pom.xml - - Keycloak SAML Jetty Integration - - 4.0.0 - - keycloak-saml-jetty-integration-pom - pom - - - jetty-core - jetty9.4 - - diff --git a/adapters/saml/pom.xml b/adapters/saml/pom.xml index ae89efd98d..6afd216808 100755 --- a/adapters/saml/pom.xml +++ b/adapters/saml/pom.xml @@ -34,7 +34,6 @@ core-public core core-jakarta - jetty undertow wildfly servlet-filter diff --git a/pom.xml b/pom.xml index eb9727c7a0..c58c053abf 100644 --- a/pom.xml +++ b/pom.xml @@ -1235,12 +1235,7 @@ ${project.version} zip - - org.keycloak - keycloak-saml-jetty-adapter-core - ${project.version} - - + org.keycloak keycloak-saml-wildfly-subsystem ${project.version} @@ -1250,11 +1245,6 @@ keycloak-saml-wildfly-jakarta-subsystem ${project.version} - - org.keycloak - keycloak-saml-jetty94-adapter - ${project.version} - org.keycloak keycloak-saml-undertow-adapter @@ -1433,12 +1423,6 @@ ${project.version} zip - - org.keycloak - keycloak-saml-jetty94-adapter-dist - ${project.version} - zip - org.keycloak keycloak-saml-as7-adapter-dist diff --git a/testsuite/integration-arquillian/servers/app-server/jetty/94/pom.xml b/testsuite/integration-arquillian/servers/app-server/jetty/94/pom.xml index 14fc2f005f..6f7e09ace4 100644 --- a/testsuite/integration-arquillian/servers/app-server/jetty/94/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jetty/94/pom.xml @@ -34,10 +34,6 @@ org.keycloak keycloak-jetty94-adapter - - org.keycloak - keycloak-saml-jetty94-adapter - org.jboss.arquillian.container arquillian-jetty-embedded-9 diff --git a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml index ffb12cebac..6894c525ce 100644 --- a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml @@ -34,11 +34,6 @@ keycloak-jetty94-adapter true - - org.keycloak - keycloak-saml-jetty94-adapter - true - org.keycloak keycloak-saml-servlet-filter-adapter