From dda365e0025cb95f67bebe68b88832060d71353e Mon Sep 17 00:00:00 2001 From: Frank Schmager Date: Tue, 14 Aug 2018 11:25:36 -0400 Subject: [PATCH] initial exposing of BasicAuthRequestAuthenticator to make extensible --- .gitignore | 3 +++ .../BasicAuthRequestAuthenticator.java | 2 +- .../RequestAuthenticatorFactory.java | 13 ++++++++++++ ...ingSecurityRequestAuthenticatorFactor.java | 17 ++++++++++++++++ ...eycloakAuthenticationProcessingFilter.java | 20 ++++++++++++++----- 5 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/RequestAuthenticatorFactory.java create mode 100644 adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/SpringSecurityRequestAuthenticatorFactor.java diff --git a/.gitignore b/.gitignore index 443e12ad50..359d76de02 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,9 @@ .project .settings .classpath +bin +.factorypath + # NetBeans # ############ diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java index fbe01aab18..6e7c885884 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java @@ -85,7 +85,7 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat return authenticateToken(exchange, atr.getToken()); } - private AccessTokenResponse getToken(String username, String password) throws Exception { + protected AccessTokenResponse getToken(String username, String password) throws Exception { AccessTokenResponse tokenResponse=null; HttpClient client = deployment.getClient(); diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/RequestAuthenticatorFactory.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/RequestAuthenticatorFactory.java new file mode 100644 index 0000000000..e6af3893a6 --- /dev/null +++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/RequestAuthenticatorFactory.java @@ -0,0 +1,13 @@ +package org.keycloak.adapters.springsecurity.authentication; + +import javax.servlet.http.HttpServletRequest; + +import org.keycloak.adapters.AdapterTokenStore; +import org.keycloak.adapters.KeycloakDeployment; +import org.keycloak.adapters.RequestAuthenticator; +import org.keycloak.adapters.spi.HttpFacade; + +public interface RequestAuthenticatorFactory { + RequestAuthenticator createRequestAuthenticator(HttpFacade facade, HttpServletRequest request, + KeycloakDeployment deployment, AdapterTokenStore tokenStore, int sslRedirectPort); +} \ No newline at end of file diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/SpringSecurityRequestAuthenticatorFactor.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/SpringSecurityRequestAuthenticatorFactor.java new file mode 100644 index 0000000000..9c634d5c29 --- /dev/null +++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/SpringSecurityRequestAuthenticatorFactor.java @@ -0,0 +1,17 @@ +package org.keycloak.adapters.springsecurity.authentication; + +import javax.servlet.http.HttpServletRequest; + +import org.keycloak.adapters.AdapterTokenStore; +import org.keycloak.adapters.KeycloakDeployment; +import org.keycloak.adapters.RequestAuthenticator; +import org.keycloak.adapters.spi.HttpFacade; + +public class SpringSecurityRequestAuthenticatorFactor implements RequestAuthenticatorFactory { + @Override + public RequestAuthenticator createRequestAuthenticator(HttpFacade facade, + HttpServletRequest request, KeycloakDeployment deployment, AdapterTokenStore tokenStore, + int sslRedirectPort) { + return new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, sslRedirectPort); + } +} \ No newline at end of file diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java index fc0e888d33..d8605e3140 100644 --- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java +++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java @@ -27,16 +27,15 @@ import javax.servlet.http.HttpServletResponse; import org.keycloak.OAuth2Constants; import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.AuthenticatedActionsHandler; import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.OIDCHttpFacade; import org.keycloak.adapters.RequestAuthenticator; import org.keycloak.adapters.spi.AuthChallenge; import org.keycloak.adapters.spi.AuthOutcome; import org.keycloak.adapters.spi.HttpFacade; import org.keycloak.adapters.springsecurity.KeycloakAuthenticationException; import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationFailureHandler; -import org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator; +import org.keycloak.adapters.springsecurity.authentication.RequestAuthenticatorFactory; +import org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticatorFactor; import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade; import org.keycloak.adapters.springsecurity.token.AdapterTokenStoreFactory; import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; @@ -85,6 +84,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati private AdapterDeploymentContext adapterDeploymentContext; private AdapterTokenStoreFactory adapterTokenStoreFactory = new SpringSecurityAdapterTokenStoreFactory(); private AuthenticationManager authenticationManager; + private RequestAuthenticatorFactory requestAuthenticatorFactory = new SpringSecurityRequestAuthenticatorFactor(); /** * Creates a new Keycloak authentication processing filter with given {@link AuthenticationManager} and the @@ -144,7 +144,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request); RequestAuthenticator authenticator - = new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, -1); + = requestAuthenticatorFactory.createRequestAuthenticator(facade, request, deployment, tokenStore, -1); AuthOutcome result = authenticator.authenticate(); log.debug("Auth outcome: {}", result); @@ -251,4 +251,14 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati public final void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) { throw new UnsupportedOperationException("This filter does not support explicitly setting a continue chain before success policy"); } -} \ No newline at end of file + + /** + * Sets the request authenticator factory to use when creating per-request authenticators. + * + * @param requestAuthenticatorFactory the RequestAuthenticatorFactory to use + */ + public void setRequestAuthenticatorFactory(RequestAuthenticatorFactory requestAuthenticatorFactory) { + Assert.notNull(requestAuthenticatorFactory, "RequestAuthenticatorFactory cannot be null"); + this.requestAuthenticatorFactory = requestAuthenticatorFactory; + } +}