From a9770073b2a05f9fb1b08a57431c22a6af5bf868 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 31 Oct 2014 10:29:06 -0400 Subject: [PATCH 1/2] logout ffixes --- .../adapters/as7/CatalinaCookieTokenStore.java | 4 ---- .../adapters/as7/CatalinaSessionTokenStore.java | 4 ---- .../adapters/as7/KeycloakAuthenticatorValve.java | 3 +++ .../adapters/tomcat7/CatalinaCookieTokenStore.java | 5 ----- .../adapters/tomcat7/CatalinaSessionTokenStore.java | 4 ---- .../adapters/tomcat7/KeycloakAuthenticatorValve.java | 3 +++ .../adapters/undertow/UndertowCookieTokenStore.java | 1 - .../adapters/undertow/UndertowKeycloakAuthMech.java | 10 ++++++++-- .../adapters/undertow/UndertowSessionTokenStore.java | 3 --- 9 files changed, 14 insertions(+), 23 deletions(-) mode change 100644 => 100755 integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaCookieTokenStore.java mode change 100644 => 100755 integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSessionTokenStore.java mode change 100644 => 100755 integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaCookieTokenStore.java mode change 100644 => 100755 integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.java mode change 100644 => 100755 integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java mode change 100644 => 100755 integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaCookieTokenStore.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaCookieTokenStore.java old mode 100644 new mode 100755 index 26fd307826..406b78677b --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaCookieTokenStore.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaCookieTokenStore.java @@ -72,10 +72,6 @@ public class CatalinaCookieTokenStore implements AdapterTokenStore { public void logout() { CookieTokenStore.removeCookie(facade); - KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); - if (ksc instanceof RefreshableKeycloakSecurityContext) { - ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); - } } @Override diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSessionTokenStore.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSessionTokenStore.java old mode 100644 new mode 100755 index 6fe8c5999e..0146883605 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSessionTokenStore.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSessionTokenStore.java @@ -96,10 +96,6 @@ public class CatalinaSessionTokenStore implements AdapterTokenStore { Session session = request.getSessionInternal(false); if (session != null) { session.removeNote(KeycloakSecurityContext.class.getName()); - KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); - if (ksc instanceof RefreshableKeycloakSecurityContext) { - ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); - } } } diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java index 9d25e92267..c7d51d0cb7 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java @@ -72,6 +72,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif request.removeAttribute(KeycloakSecurityContext.class.getName()); CatalinaHttpFacade facade = new CatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); + if (ksc instanceof RefreshableKeycloakSecurityContext) { + ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); + } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaCookieTokenStore.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaCookieTokenStore.java old mode 100644 new mode 100755 index dec12b917d..8ce88dcf15 --- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaCookieTokenStore.java +++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaCookieTokenStore.java @@ -69,11 +69,6 @@ public class CatalinaCookieTokenStore implements AdapterTokenStore { @Override public void logout() { CookieTokenStore.removeCookie(facade); - - KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); - if (ksc instanceof RefreshableKeycloakSecurityContext) { - ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); - } } @Override diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.java old mode 100644 new mode 100755 index 81a765bb1c..99ef8595d7 --- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.java +++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.java @@ -94,10 +94,6 @@ public class CatalinaSessionTokenStore implements AdapterTokenStore { Session session = request.getSessionInternal(false); if (session != null) { session.removeNote(KeycloakSecurityContext.class.getName()); - KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); - if (ksc instanceof RefreshableKeycloakSecurityContext) { - ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); - } } } diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java index 48b3c4e0f8..408c4cea4f 100755 --- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java +++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java @@ -77,6 +77,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif request.removeAttribute(KeycloakSecurityContext.class.getName()); CatalinaHttpFacade facade = new CatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); + if (ksc instanceof RefreshableKeycloakSecurityContext) { + ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); + } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java old mode 100644 new mode 100755 index 50859190fb..4946ea5e92 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java @@ -69,7 +69,6 @@ public class UndertowCookieTokenStore implements AdapterTokenStore { if (principal == null) return; CookieTokenStore.removeCookie(facade); - principal.getKeycloakSecurityContext().logout(deployment); } @Override diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java index 1c875cbfb7..041b496858 100755 --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java @@ -25,6 +25,7 @@ import io.undertow.server.session.Session; import io.undertow.util.AttachmentKey; import io.undertow.util.Sessions; import org.keycloak.KeycloakPrincipal; +import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterTokenStore; import org.keycloak.adapters.AuthChallenge; @@ -70,9 +71,14 @@ public abstract class UndertowKeycloakAuthMech implements AuthenticationMechanis public void handleNotification(SecurityNotification notification) { if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return; - UndertowHttpFacade facade = new UndertowHttpFacade(notification.getExchange()); + HttpServerExchange exchange = notification.getExchange(); + UndertowHttpFacade facade = new UndertowHttpFacade(exchange); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); - AdapterTokenStore tokenStore = getTokenStore(notification.getExchange(), facade, deployment, securityContext); + KeycloakSecurityContext ksc = exchange.getAttachment(UndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY); + if (ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) { + ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); + } + AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext); tokenStore.logout(); } }; diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java old mode 100644 new mode 100755 index 92848847ec..6362e4319c --- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java +++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java @@ -78,9 +78,6 @@ public class UndertowSessionTokenStore implements AdapterTokenStore { KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); if (account == null) return; session.removeAttribute(KeycloakUndertowAccount.class.getName()); - if (account.getKeycloakSecurityContext() != null) { - account.getKeycloakSecurityContext().logout(deployment); - } } @Override From f209476a1b0622af3dd535a560b696cea4ac6a61 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 31 Oct 2014 10:45:35 -0400 Subject: [PATCH 2/2] merged --- .../org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java | 1 + .../keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java | 1 + 2 files changed, 2 insertions(+) diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java index 7b04d7c623..e63d43d9b2 100755 --- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java +++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java @@ -23,6 +23,7 @@ import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeploymentBuilder; import org.keycloak.adapters.NodesRegistrationManagement; import org.keycloak.adapters.PreAuthActionsHandler; +import org.keycloak.adapters.RefreshableKeycloakSecurityContext; import org.keycloak.enums.TokenStore; import javax.servlet.ServletContext; diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java index 80018f7921..d62e9b0dc7 100755 --- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java +++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java @@ -22,6 +22,7 @@ import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeploymentBuilder; import org.keycloak.adapters.NodesRegistrationManagement; import org.keycloak.adapters.PreAuthActionsHandler; +import org.keycloak.adapters.RefreshableKeycloakSecurityContext; import org.keycloak.enums.TokenStore; import javax.servlet.ServletContext;