Merge branch 'ungarida-master'
This commit is contained in:
commit
cdc6588ac1
5 changed files with 49 additions and 15 deletions
|
@ -63,7 +63,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.tomcat</groupId>
|
<groupId>org.apache.tomcat</groupId>
|
||||||
<artifactId>tomcat-catalina</artifactId>
|
<artifactId>tomcat-catalina</artifactId>
|
||||||
<version>7.0.52</version>
|
<version>7.0.54</version>
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
|
13
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
Executable file → Normal file
13
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
Executable file → Normal file
|
@ -1,5 +1,11 @@
|
||||||
package org.keycloak.adapters.tomcat7;
|
package org.keycloak.adapters.tomcat7;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.logging.Logger;
|
||||||
|
|
||||||
|
import javax.management.ObjectName;
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
|
||||||
import org.apache.catalina.Container;
|
import org.apache.catalina.Container;
|
||||||
import org.apache.catalina.Valve;
|
import org.apache.catalina.Valve;
|
||||||
import org.apache.catalina.connector.Request;
|
import org.apache.catalina.connector.Request;
|
||||||
|
@ -9,11 +15,6 @@ import org.keycloak.adapters.AdapterDeploymentContext;
|
||||||
import org.keycloak.adapters.AuthenticatedActionsHandler;
|
import org.keycloak.adapters.AuthenticatedActionsHandler;
|
||||||
import org.keycloak.adapters.KeycloakDeployment;
|
import org.keycloak.adapters.KeycloakDeployment;
|
||||||
|
|
||||||
import javax.management.ObjectName;
|
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.logging.Logger;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pre-installed actions that must be authenticated
|
* Pre-installed actions that must be authenticated
|
||||||
* <p/>
|
* <p/>
|
||||||
|
@ -53,4 +54,4 @@ public class AuthenticatedActionsValve extends ValveBase {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
|
@ -54,7 +54,8 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
|
protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
|
||||||
Set<String> roles = getRolesFromToken(securityContext);
|
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
|
||||||
|
Set<String> roles = getRolesFromToken(securityContext);
|
||||||
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
|
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
|
||||||
Session session = request.getSessionInternal(true);
|
Session session = request.getSessionInternal(true);
|
||||||
session.setPrincipal(principal);
|
session.setPrincipal(principal);
|
||||||
|
|
|
@ -59,6 +59,17 @@ public class CatalinaSecurityContextHelper {
|
||||||
subjectGroup.addMember(role);
|
subjectGroup.addMember(role);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// add the CallerPrincipal group if none has been added in getRoleSets
|
||||||
|
// Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
|
||||||
|
// callerGroup.addMember(identity);
|
||||||
|
// principals.add(callerGroup);
|
||||||
|
// SecurityContext sc = SecurityContextAssociation.getSecurityContext();
|
||||||
|
// Principal userPrincipal = getPrincipal(subject);
|
||||||
|
// sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
|
||||||
|
// List<String> rolesAsStringList = new ArrayList<String>();
|
||||||
|
// rolesAsStringList.addAll(roleSet);
|
||||||
|
//
|
||||||
Principal userPrincipal = getPrincipal(subject);
|
Principal userPrincipal = getPrincipal(subject);
|
||||||
List<String> rolesAsStringList = new ArrayList<String>();
|
List<String> rolesAsStringList = new ArrayList<String>();
|
||||||
rolesAsStringList.addAll(roleSet);
|
rolesAsStringList.addAll(roleSet);
|
||||||
|
|
|
@ -5,6 +5,7 @@ import org.apache.catalina.Lifecycle;
|
||||||
import org.apache.catalina.LifecycleEvent;
|
import org.apache.catalina.LifecycleEvent;
|
||||||
import org.apache.catalina.LifecycleException;
|
import org.apache.catalina.LifecycleException;
|
||||||
import org.apache.catalina.LifecycleListener;
|
import org.apache.catalina.LifecycleListener;
|
||||||
|
import org.apache.catalina.Session;
|
||||||
import org.apache.catalina.authenticator.FormAuthenticator;
|
import org.apache.catalina.authenticator.FormAuthenticator;
|
||||||
import org.apache.catalina.connector.Request;
|
import org.apache.catalina.connector.Request;
|
||||||
import org.apache.catalina.connector.Response;
|
import org.apache.catalina.connector.Response;
|
||||||
|
@ -20,6 +21,7 @@ import org.keycloak.adapters.KeycloakDeployment;
|
||||||
import org.keycloak.adapters.KeycloakDeploymentBuilder;
|
import org.keycloak.adapters.KeycloakDeploymentBuilder;
|
||||||
import org.keycloak.adapters.PreAuthActionsHandler;
|
import org.keycloak.adapters.PreAuthActionsHandler;
|
||||||
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
|
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
|
||||||
|
import org.keycloak.adapters.ServerRequest;
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
|
@ -32,11 +34,10 @@ import java.io.InputStream;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Web deployment whose security is managed by a remote OAuth Skeleton Key
|
* Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server
|
||||||
* authentication server
|
|
||||||
* <p/>
|
* <p/>
|
||||||
* Redirects browser to remote authentication server if not logged in. Also
|
* Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests
|
||||||
* allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.
|
* that contain a Skeleton Key bearer tokens.
|
||||||
*
|
*
|
||||||
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
|
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
|
@ -48,13 +49,33 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void lifecycleEvent(LifecycleEvent event) {
|
public void lifecycleEvent(LifecycleEvent event) {
|
||||||
if (event.getType() == Lifecycle.START_EVENT) {
|
if (Lifecycle.START_EVENT.equals(event.getType())) {
|
||||||
try {
|
try {
|
||||||
startDeployment();
|
startDeployment();
|
||||||
} catch (LifecycleException e) {
|
} catch (LifecycleException e) {
|
||||||
e.printStackTrace();
|
log.severe("Error starting deployment. " + e.getMessage());
|
||||||
|
}
|
||||||
|
} else if (Lifecycle.AFTER_START_EVENT.equals(event.getType())) {
|
||||||
|
initInternal();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void logout(Request request) throws ServletException {
|
||||||
|
KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
|
||||||
|
if (ksc != null) {
|
||||||
|
request.removeAttribute(KeycloakSecurityContext.class.getName());
|
||||||
|
Session session = request.getSessionInternal(false);
|
||||||
|
if (session != null) {
|
||||||
|
session.removeNote(KeycloakSecurityContext.class.getName());
|
||||||
|
try {
|
||||||
|
ServerRequest.invokeLogout(deploymentContext.getDeployment(), ksc.getToken().getSessionState());
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.severe("failed to invoke remote logout. " + e.getMessage());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
super.logout(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void startDeployment() throws LifecycleException {
|
public void startDeployment() throws LifecycleException {
|
||||||
|
@ -151,7 +172,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
|
||||||
* @param request
|
* @param request
|
||||||
*/
|
*/
|
||||||
protected void checkKeycloakSession(Request request, HttpFacade facade) {
|
protected void checkKeycloakSession(Request request, HttpFacade facade) {
|
||||||
if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
|
if (request.getSessionInternal(false) == null || request.getPrincipal() == null) return;
|
||||||
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
|
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
|
||||||
if (session == null) return;
|
if (session == null) return;
|
||||||
// just in case session got serialized
|
// just in case session got serialized
|
||||||
|
|
Loading…
Reference in a new issue