Merge branch 'ungarida-master'

integration/tomcat7/adapter/pom.xml

@@ -63,7 +63,7 @@
 		<dependency>
 			<groupId>org.apache.tomcat</groupId>
 			<artifactId>tomcat-catalina</artifactId>
-			<version>7.0.52</version>
+			<version>7.0.54</version>
 			<scope>provided</scope>
 		</dependency>
 

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java

@@ -1,5 +1,11 @@
 package org.keycloak.adapters.tomcat7;
 
+import java.io.IOException;
+import java.util.logging.Logger;
+
+import javax.management.ObjectName;
+import javax.servlet.ServletException;
+
 import org.apache.catalina.Container;
 import org.apache.catalina.Valve;
 import org.apache.catalina.connector.Request;
@@ -9,11 +15,6 @@ import org.keycloak.adapters.AdapterDeploymentContext;
 import org.keycloak.adapters.AuthenticatedActionsHandler;
 import org.keycloak.adapters.KeycloakDeployment;
 
-import javax.management.ObjectName;
-import javax.servlet.ServletException;
-import java.io.IOException;
-import java.util.logging.Logger;
-
 /**
  * Pre-installed actions that must be authenticated
  * <p/>
@@ -53,4 +54,4 @@ public class AuthenticatedActionsValve extends ValveBase {
     }
 
 
-}
+}

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java

@@ -54,7 +54,8 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
 
     @Override
     protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
-        Set<String> roles = getRolesFromToken(securityContext);
+        request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
+    	Set<String> roles = getRolesFromToken(securityContext);
         GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
         Session session = request.getSessionInternal(true);
         session.setPrincipal(principal);

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java

@@ -59,6 +59,17 @@ public class CatalinaSecurityContextHelper {
                 subjectGroup.addMember(role);
             }
         }
+        
+        // add the CallerPrincipal group if none has been added in getRoleSets
+//        Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
+//        callerGroup.addMember(identity);
+//        principals.add(callerGroup);
+//        SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+//        Principal userPrincipal = getPrincipal(subject);
+//        sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
+//        List<String> rolesAsStringList = new ArrayList<String>();
+//        rolesAsStringList.addAll(roleSet);
+//        
         Principal userPrincipal = getPrincipal(subject);
         List<String> rolesAsStringList = new ArrayList<String>();
         rolesAsStringList.addAll(roleSet);

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java

@@ -5,6 +5,7 @@ import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleEvent;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Session;
 import org.apache.catalina.authenticator.FormAuthenticator;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
@@ -20,6 +21,7 @@ import org.keycloak.adapters.KeycloakDeployment;
 import org.keycloak.adapters.KeycloakDeploymentBuilder;
 import org.keycloak.adapters.PreAuthActionsHandler;
 import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
+import org.keycloak.adapters.ServerRequest;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
@@ -32,11 +34,10 @@ import java.io.InputStream;
 import java.util.logging.Logger;
 
 /**
- * Web deployment whose security is managed by a remote OAuth Skeleton Key
- * authentication server
+ * Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server
  * <p/>
- * Redirects browser to remote authentication server if not logged in. Also
- * allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.
+ * Redirects browser to remote authentication server if not logged in.  Also allows OAuth Bearer Token requests
+ * that contain a Skeleton Key bearer tokens.
  * 
  * @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
  * @version $Revision: 1 $
@@ -48,13 +49,33 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
 
     @Override
     public void lifecycleEvent(LifecycleEvent event) {
-        if (event.getType() == Lifecycle.START_EVENT) {
+        if (Lifecycle.START_EVENT.equals(event.getType())) {
             try {
                 startDeployment();
             } catch (LifecycleException e) {
-                e.printStackTrace();
+            	log.severe("Error starting deployment. " + e.getMessage());
+            }
+        } else if (Lifecycle.AFTER_START_EVENT.equals(event.getType())) {
+        	initInternal();
+        }
+    }
+    
+    @Override
+    public void logout(Request request) throws ServletException {
+        KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
+        if (ksc != null) {
+            request.removeAttribute(KeycloakSecurityContext.class.getName());
+            Session session = request.getSessionInternal(false);
+            if (session != null) {
+                session.removeNote(KeycloakSecurityContext.class.getName());
+                try {
+                    ServerRequest.invokeLogout(deploymentContext.getDeployment(), ksc.getToken().getSessionState());
+                } catch (Exception e) {
+                	log.severe("failed to invoke remote logout. " + e.getMessage());
+                }
             }
         }
+        super.logout(request);
     }
 
     public void startDeployment() throws LifecycleException {
@@ -151,7 +172,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
      * @param request
      */
     protected void checkKeycloakSession(Request request, HttpFacade facade) {
-        if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
+        if (request.getSessionInternal(false) == null || request.getPrincipal() == null) return;
         RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
         if (session == null) return;
         // just in case session got serialized