libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Fix k_query_bearer_token endpoint in proxy

Browse source 
`org.keycloak.adapters.AuthenticatedActionsHandler` which handles token
requests performs blocking IO. However, the exchange is in non-blocking
mode when it reaches this handler in Keycloak proxy.
This commit is contained in:
Martin Schmied 2016-03-24 09:32:43 +01:00
parent 973619d7c0
commit d7fbfc05e8
2 changed files with 29 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
View file

@ -240,8 +240,7 @@ public class ProxyServerBuilder {
} }
private HttpHandler addSecurity(final HttpHandler toWrap) { private HttpHandler addSecurity(final HttpHandler toWrap) {
HttpHandler handler = toWrap; HttpHandler handler = new UndertowAuthenticatedActionsHandler(deploymentContext, toWrap);
handler = new UndertowAuthenticatedActionsHandler(deploymentContext, toWrap);
if (errorPage != null) { if (errorPage != null) {
if (base.endsWith("/")) { if (base.endsWith("/")) {
errorPage = base + errorPage; errorPage = base + errorPage;
@ -249,6 +248,7 @@ public class ProxyServerBuilder {
errorPage = base + "/" + errorPage; errorPage = base + "/" + errorPage;
} }
} }
handler = new TokenRequestPreHandler(handler);
handler = new ConstraintAuthorizationHandler(handler, errorPage, sendAccessToken, headerNameConfig); handler = new ConstraintAuthorizationHandler(handler, errorPage, sendAccessToken, headerNameConfig);
handler = new ProxyAuthenticationCallHandler(handler); handler = new ProxyAuthenticationCallHandler(handler);
handler = new ConstraintMatcherHandler(matches, handler, toWrap, errorPage); handler = new ConstraintMatcherHandler(matches, handler, toWrap, errorPage);

27
proxy/proxy-server/src/main/java/org/keycloak/proxy/TokenRequestPreHandler.java Normal file
View file

@ -0,0 +1,27 @@
package org.keycloak.proxy;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import org.keycloak.constants.AdapterConstants;
/**
* Dispatches requests for k_query_bearer_token through a worker thread (handler for this
* resource performs blocking IO).
*/
public class TokenRequestPreHandler implements HttpHandler {
private final HttpHandler next;
public TokenRequestPreHandler(HttpHandler next) {
this.next = next;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
if (exchange.getRequestURI().endsWith(AdapterConstants.K_QUERY_BEARER_TOKEN)) {
exchange.dispatch(next);
} else {
next.handleRequest(exchange);
}
}
}