error screen
This commit is contained in:
Bill Burke
parent
3c91caf2b5
commit
cbd1e0aad5
5 changed files with 42 additions and 20 deletions
2
forms/src/main/java/org/keycloak/forms/TemplateBean.java
Normal file → Executable file
2
forms/src/main/java/org/keycloak/forms/TemplateBean.java
Normal file → Executable file
|
|
@ -40,7 +40,7 @@ public class TemplateBean {
|
||||||
private String formsPath;
|
private String formsPath;
|
||||||
|
|
||||||
|
|
||||||
public TemplateBean(RealmBean realm, String contextPath) {
|
public TemplateBean(String contextPath) {
|
||||||
formsPath = contextPath + "/forms";
|
formsPath = contextPath + "/forms";
|
||||||
|
|
||||||
// TODO Get theme name from realm
|
// TODO Get theme name from realm
|
||||||
|
|
|
||||||
|
|
@ -90,8 +90,7 @@ public class FormServiceImpl implements FormService {
|
||||||
attributes.put("message", new MessageBean(dataBean.getMessage(), dataBean.getMessageType(), rb));
|
attributes.put("message", new MessageBean(dataBean.getMessage(), dataBean.getMessageType(), rb));
|
||||||
}
|
}
|
||||||
|
|
||||||
RealmBean realm = new RealmBean(dataBean.getRealm());
|
attributes.put("template", new TemplateBean(dataBean.getContextPath()));
|
||||||
attributes.put("template", new TemplateBean(realm, dataBean.getContextPath()));
|
|
||||||
|
|
||||||
if (commandMap.containsKey(pageId)){
|
if (commandMap.containsKey(pageId)){
|
||||||
commandMap.get(pageId).exec(attributes, dataBean);
|
commandMap.get(pageId).exec(attributes, dataBean);
|
||||||
|
|
|
||||||
|
|
@ -85,11 +85,13 @@ public interface FormService {
|
||||||
this.message = message;
|
this.message = message;
|
||||||
|
|
||||||
socialProviders = new LinkedList<SocialProvider>();
|
socialProviders = new LinkedList<SocialProvider>();
|
||||||
Map<String, String> socialConfig = realm.getSocialConfig();
|
if (realm != null) {
|
||||||
if (socialConfig != null) {
|
Map<String, String> socialConfig = realm.getSocialConfig();
|
||||||
for (SocialProvider p : SocialLoader.load()) {
|
if (socialConfig != null) {
|
||||||
if (socialConfig.containsKey(p.getId() + ".key") && socialConfig.containsKey(p.getId() + ".secret")) {
|
for (SocialProvider p : SocialLoader.load()) {
|
||||||
socialProviders.add(p);
|
if (socialConfig.containsKey(p.getId() + ".key") && socialConfig.containsKey(p.getId() + ".secret")) {
|
||||||
|
socialProviders.add(p);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -117,6 +117,10 @@ public class TokenService {
|
||||||
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "loginPage");
|
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "loginPage");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static UriBuilder logoutUrl(UriInfo uriInfo) {
|
||||||
|
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "logout");
|
||||||
|
}
|
||||||
|
|
||||||
public static UriBuilder processLoginUrl(UriInfo uriInfo) {
|
public static UriBuilder processLoginUrl(UriInfo uriInfo) {
|
||||||
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "processLogin");
|
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "processLogin");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.services.resources.TokenService;
|
||||||
import org.keycloak.services.resources.flows.Flows;
|
import org.keycloak.services.resources.flows.Flows;
|
||||||
import org.keycloak.services.resources.flows.OAuthFlows;
|
import org.keycloak.services.resources.flows.OAuthFlows;
|
||||||
|
import org.keycloak.util.KeycloakUriBuilder;
|
||||||
|
|
||||||
import javax.ws.rs.BadRequestException;
|
import javax.ws.rs.BadRequestException;
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
|
@ -219,6 +220,22 @@ public class AdminService {
|
||||||
return oauth.redirect(uriInfo, redirectUri.toString(), path);
|
return oauth.redirect(uriInfo, redirectUri.toString(), path);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Path("login-error")
|
||||||
|
@GET
|
||||||
|
@NoCache
|
||||||
|
public Response errorOnLoginRedirect(@QueryParam ("error") String message) {
|
||||||
|
RealmManager realmManager = new RealmManager(session);
|
||||||
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
|
return Flows.forms(realm, request, uriInfo).setError(message).forwardToErrorPage();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected Response redirectOnLoginError(String message) {
|
||||||
|
URI uri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "errorOnLoginRedirect").queryParam("error", message).build();
|
||||||
|
URI logout = TokenService.logoutUrl(uriInfo).queryParam("redirect_uri", uri.toString()).build(Constants.ADMIN_REALM);
|
||||||
|
return Response.status(302).location(logout).build();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@Path("login-redirect")
|
@Path("login-redirect")
|
||||||
@GET
|
@GET
|
||||||
@NoCache
|
@NoCache
|
||||||
|
|
@ -232,28 +249,28 @@ public class AdminService {
|
||||||
logger.info("loginRedirect ********************** <---");
|
logger.info("loginRedirect ********************** <---");
|
||||||
if (error != null) {
|
if (error != null) {
|
||||||
logger.debug("error from oauth");
|
logger.debug("error from oauth");
|
||||||
throw new ForbiddenException("error");
|
return redirectOnLoginError(error);
|
||||||
}
|
}
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
if (!realm.isEnabled()) {
|
if (!realm.isEnabled()) {
|
||||||
logger.debug("realm not enabled");
|
logger.debug("realm not enabled");
|
||||||
throw new ForbiddenException();
|
return redirectOnLoginError("realm not enabled");
|
||||||
}
|
}
|
||||||
ApplicationModel adminConsole = realm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
|
ApplicationModel adminConsole = realm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||||
UserModel adminConsoleUser = adminConsole.getApplicationUser();
|
UserModel adminConsoleUser = adminConsole.getApplicationUser();
|
||||||
if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) {
|
if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) {
|
||||||
logger.debug("admin app not enabled");
|
logger.debug("admin app not enabled");
|
||||||
throw new ForbiddenException();
|
return redirectOnLoginError("admin app not enabled");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (code == null) {
|
if (code == null) {
|
||||||
logger.debug("code not specified");
|
logger.debug("code not specified");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
if (state == null) {
|
if (state == null) {
|
||||||
logger.debug("state not specified");
|
logger.debug("state not specified");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
|
String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
|
||||||
|
|
||||||
|
|
@ -266,34 +283,34 @@ public class AdminService {
|
||||||
}
|
}
|
||||||
if (!verifiedCode) {
|
if (!verifiedCode) {
|
||||||
logger.debug("unverified access code");
|
logger.debug("unverified access code");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
String key = input.readContentAsString();
|
String key = input.readContentAsString();
|
||||||
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
|
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
|
||||||
if (accessCode == null) {
|
if (accessCode == null) {
|
||||||
logger.debug("bad access code");
|
logger.debug("bad access code");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
if (accessCode.isExpired()) {
|
if (accessCode.isExpired()) {
|
||||||
logger.debug("access code expired");
|
logger.debug("access code expired");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
if (!accessCode.getToken().isActive()) {
|
if (!accessCode.getToken().isActive()) {
|
||||||
logger.debug("access token expired");
|
logger.debug("access token expired");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
if (!accessCode.getRealm().getId().equals(realm.getId())) {
|
if (!accessCode.getRealm().getId().equals(realm.getId())) {
|
||||||
logger.debug("bad realm");
|
logger.debug("bad realm");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
|
|
||||||
}
|
}
|
||||||
if (!adminConsoleUser.getLoginName().equals(accessCode.getClient().getLoginName())) {
|
if (!adminConsoleUser.getLoginName().equals(accessCode.getClient().getLoginName())) {
|
||||||
logger.debug("bad client");
|
logger.debug("bad client");
|
||||||
throw new BadRequestException();
|
return redirectOnLoginError("invalid login data");
|
||||||
}
|
}
|
||||||
if (!adminConsole.hasRole(accessCode.getUser(), Constants.ADMIN_CONSOLE_ADMIN_ROLE)) {
|
if (!adminConsole.hasRole(accessCode.getUser(), Constants.ADMIN_CONSOLE_ADMIN_ROLE)) {
|
||||||
logger.debug("not allowed");
|
logger.debug("not allowed");
|
||||||
throw new ForbiddenException();
|
return redirectOnLoginError("No permission to access console");
|
||||||
}
|
}
|
||||||
logger.debug("loginRedirect SUCCESS");
|
logger.debug("loginRedirect SUCCESS");
|
||||||
NewCookie cookie = authManager.createSaasIdentityCookie(realm, accessCode.getUser(), uriInfo);
|
NewCookie cookie = authManager.createSaasIdentityCookie(realm, accessCode.getUser(), uriInfo);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue