Merge pull request #830 from patriot1burke/master

servlet logout fixes

integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaCookieTokenStore.java

@@ -78,10 +78,6 @@ public class CatalinaCookieTokenStore implements AdapterTokenStore {
     public void logout() {
         CookieTokenStore.removeCookie(facade);
 
-        KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
-        if (ksc instanceof RefreshableKeycloakSecurityContext) {
-            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
-        }
     }
 
     @Override

integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSessionTokenStore.java

@@ -105,10 +105,6 @@ public class CatalinaSessionTokenStore implements AdapterTokenStore {
         Session session = request.getSessionInternal(false);
         if (session != null) {
             session.removeNote(KeycloakSecurityContext.class.getName());
-            KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
-            if (ksc instanceof RefreshableKeycloakSecurityContext) {
-                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
-            }
         }
     }
 

integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java

@@ -23,6 +23,7 @@ import org.keycloak.adapters.KeycloakDeployment;
 import org.keycloak.adapters.KeycloakDeploymentBuilder;
 import org.keycloak.adapters.NodesRegistrationManagement;
 import org.keycloak.adapters.PreAuthActionsHandler;
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
 import org.keycloak.enums.TokenStore;
 
 import javax.servlet.ServletContext;
@@ -68,6 +69,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
         if (ksc != null) {
             CatalinaHttpFacade facade = new CatalinaHttpFacade(request, null);
             KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
+            if (ksc instanceof RefreshableKeycloakSecurityContext) {
+                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
+            }
 
             AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
             tokenStore.logout();

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaCookieTokenStore.java

@@ -75,11 +75,6 @@ public class CatalinaCookieTokenStore implements AdapterTokenStore {
     @Override
     public void logout() {
         CookieTokenStore.removeCookie(facade);
-
-        KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
-        if (ksc instanceof RefreshableKeycloakSecurityContext) {
-            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
-        }
     }
 
     @Override

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSessionTokenStore.java

@@ -103,10 +103,6 @@ public class CatalinaSessionTokenStore implements AdapterTokenStore {
         Session session = request.getSessionInternal(false);
         if (session != null) {
             session.removeNote(KeycloakSecurityContext.class.getName());
-            KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
-            if (ksc instanceof RefreshableKeycloakSecurityContext) {
-                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
-            }
         }
     }
 

integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java

@@ -22,6 +22,7 @@ import org.keycloak.adapters.KeycloakDeployment;
 import org.keycloak.adapters.KeycloakDeploymentBuilder;
 import org.keycloak.adapters.NodesRegistrationManagement;
 import org.keycloak.adapters.PreAuthActionsHandler;
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
 import org.keycloak.enums.TokenStore;
 
 import javax.servlet.ServletContext;
@@ -75,6 +76,9 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
         if (ksc != null) {
             CatalinaHttpFacade facade = new CatalinaHttpFacade(request, null);
             KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
+            if (ksc instanceof RefreshableKeycloakSecurityContext) {
+                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
+            }
 
             AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
             tokenStore.logout();

integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowCookieTokenStore.java

@@ -74,7 +74,6 @@ public class UndertowCookieTokenStore implements AdapterTokenStore {
         if (principal == null) return;
 
         CookieTokenStore.removeCookie(facade);
-        principal.getKeycloakSecurityContext().logout(deployment);
     }
 
     @Override

integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java

@@ -25,6 +25,7 @@ import io.undertow.server.session.Session;
 import io.undertow.util.AttachmentKey;
 import io.undertow.util.Sessions;
 import org.keycloak.KeycloakPrincipal;
+import org.keycloak.KeycloakSecurityContext;
 import org.keycloak.adapters.AdapterDeploymentContext;
 import org.keycloak.adapters.AdapterTokenStore;
 import org.keycloak.adapters.AuthChallenge;
@@ -70,9 +71,14 @@ public abstract class UndertowKeycloakAuthMech implements AuthenticationMechanis
             public void handleNotification(SecurityNotification notification) {
                 if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return;
 
-                UndertowHttpFacade facade = new UndertowHttpFacade(notification.getExchange());
+                HttpServerExchange exchange = notification.getExchange();
+                UndertowHttpFacade facade = new UndertowHttpFacade(exchange);
                 KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
-                AdapterTokenStore tokenStore = getTokenStore(notification.getExchange(), facade, deployment, securityContext);
+                KeycloakSecurityContext ksc = exchange.getAttachment(UndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
+                if (ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
+                    ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
+                }
+                AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
                 tokenStore.logout();
             }
         };

integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowSessionTokenStore.java

@@ -84,9 +84,6 @@ public class UndertowSessionTokenStore implements AdapterTokenStore {
         KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
         if (account == null) return;
         session.removeAttribute(KeycloakUndertowAccount.class.getName());
-        if (account.getKeycloakSecurityContext() != null) {
-            account.getKeycloakSecurityContext().logout(deployment);
-        }
     }
 
     @Override