libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

initial exposing of BasicAuthRequestAuthenticator to make extensible

Browse source
This commit is contained in:
Frank Schmager 2018-08-14 11:25:36 -04:00 committed by Sebastien Blanc
parent 653d3f4f5d
commit dda365e002
5 changed files with 49 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -8,6 +8,9 @@
.project .project
.settings .settings
.classpath .classpath
bin
.factorypath
# NetBeans # # NetBeans #
############ ############

2
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java
View file

@ -85,7 +85,7 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat
return authenticateToken(exchange, atr.getToken()); return authenticateToken(exchange, atr.getToken());
} }
private AccessTokenResponse getToken(String username, String password) throws Exception { protected AccessTokenResponse getToken(String username, String password) throws Exception {
AccessTokenResponse tokenResponse=null; AccessTokenResponse tokenResponse=null;
HttpClient client = deployment.getClient(); HttpClient client = deployment.getClient();

13
adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/RequestAuthenticatorFactory.java Normal file
View file

@ -0,0 +1,13 @@
package org.keycloak.adapters.springsecurity.authentication;
import javax.servlet.http.HttpServletRequest;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;
public interface RequestAuthenticatorFactory {
RequestAuthenticator createRequestAuthenticator(HttpFacade facade, HttpServletRequest request,
KeycloakDeployment deployment, AdapterTokenStore tokenStore, int sslRedirectPort);
}

17
adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/SpringSecurityRequestAuthenticatorFactor.java Normal file
View file

@ -0,0 +1,17 @@
package org.keycloak.adapters.springsecurity.authentication;
import javax.servlet.http.HttpServletRequest;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;
public class SpringSecurityRequestAuthenticatorFactor implements RequestAuthenticatorFactory {
@Override
public RequestAuthenticator createRequestAuthenticator(HttpFacade facade,
HttpServletRequest request, KeycloakDeployment deployment, AdapterTokenStore tokenStore,
int sslRedirectPort) {
return new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, sslRedirectPort);
}
}

20
adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
View file

@ -27,16 +27,15 @@ import javax.servlet.http.HttpServletResponse;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AdapterTokenStore; import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AuthenticatedActionsHandler;
import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OIDCHttpFacade;
import org.keycloak.adapters.RequestAuthenticator; import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.AuthChallenge; import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome; import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.HttpFacade; import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.springsecurity.KeycloakAuthenticationException; import org.keycloak.adapters.springsecurity.KeycloakAuthenticationException;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationFailureHandler; import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationFailureHandler;
import org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator; import org.keycloak.adapters.springsecurity.authentication.RequestAuthenticatorFactory;
import org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticatorFactor;
import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade; import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
import org.keycloak.adapters.springsecurity.token.AdapterTokenStoreFactory; import org.keycloak.adapters.springsecurity.token.AdapterTokenStoreFactory;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
@ -85,6 +84,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
private AdapterDeploymentContext adapterDeploymentContext; private AdapterDeploymentContext adapterDeploymentContext;
private AdapterTokenStoreFactory adapterTokenStoreFactory = new SpringSecurityAdapterTokenStoreFactory(); private AdapterTokenStoreFactory adapterTokenStoreFactory = new SpringSecurityAdapterTokenStoreFactory();
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private RequestAuthenticatorFactory requestAuthenticatorFactory = new SpringSecurityRequestAuthenticatorFactor();
/** /**
* Creates a new Keycloak authentication processing filter with given {@link AuthenticationManager} and the * Creates a new Keycloak authentication processing filter with given {@link AuthenticationManager} and the
@ -144,7 +144,7 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request); AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request);
RequestAuthenticator authenticator RequestAuthenticator authenticator
= new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, -1); = requestAuthenticatorFactory.createRequestAuthenticator(facade, request, deployment, tokenStore, -1);
AuthOutcome result = authenticator.authenticate(); AuthOutcome result = authenticator.authenticate();
log.debug("Auth outcome: {}", result); log.debug("Auth outcome: {}", result);
@ -251,4 +251,14 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
public final void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) { public final void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) {
throw new UnsupportedOperationException("This filter does not support explicitly setting a continue chain before success policy"); throw new UnsupportedOperationException("This filter does not support explicitly setting a continue chain before success policy");
} }
}
/**
* Sets the request authenticator factory to use when creating per-request authenticators.
*
* @param requestAuthenticatorFactory the <code>RequestAuthenticatorFactory</code> to use
*/
public void setRequestAuthenticatorFactory(RequestAuthenticatorFactory requestAuthenticatorFactory) {
Assert.notNull(requestAuthenticatorFactory, "RequestAuthenticatorFactory cannot be null");
this.requestAuthenticatorFactory = requestAuthenticatorFactory;
}
}