fix saas login/register
This commit is contained in:
parent
b1031a31f2
commit
df5823f0e8
5 changed files with 67 additions and 30 deletions
|
@ -73,7 +73,7 @@
|
||||||
</section>
|
</section>
|
||||||
<section class="info-area">
|
<section class="info-area">
|
||||||
<h3>Info area</h3>
|
<h3>Info area</h3>
|
||||||
<p>Already have an account? <a href="<%=application.getContextPath()%>/saas/saas-login.jsp">Log in</a>.</p>
|
<p>Already have an account? <a href="<%=application.getContextPath()%>/rest/saas/loginPage.html">Log in</a>.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><strong>Domain:</strong> 10.0.0.1</li>
|
<li><strong>Domain:</strong> 10.0.0.1</li>
|
||||||
<li><strong>Zone:</strong> Live</li>
|
<li><strong>Zone:</strong> Live</li>
|
||||||
|
|
7
sdk-html/src/main/java/org/keycloak/sdk/LoginBean.java
Normal file → Executable file
7
sdk-html/src/main/java/org/keycloak/sdk/LoginBean.java
Normal file → Executable file
|
@ -30,6 +30,8 @@ public class LoginBean {
|
||||||
|
|
||||||
private String socialLoginUrl;
|
private String socialLoginUrl;
|
||||||
|
|
||||||
|
private String registrationUrl;
|
||||||
|
|
||||||
private String username;
|
private String username;
|
||||||
|
|
||||||
private List<RequiredCredential> requiredCredentials;
|
private List<RequiredCredential> requiredCredentials;
|
||||||
|
@ -61,6 +63,7 @@ public class LoginBean {
|
||||||
}
|
}
|
||||||
|
|
||||||
loginAction = ((URI) request.getAttribute("KEYCLOAK_LOGIN_ACTION")).toString();
|
loginAction = ((URI) request.getAttribute("KEYCLOAK_LOGIN_ACTION")).toString();
|
||||||
|
registrationUrl = ((URI) request.getAttribute("KEYCLOAK_REGISTRATION_PAGE")).toString();
|
||||||
socialLoginUrl = ((URI) request.getAttribute("KEYCLOAK_SOCIAL_LOGIN")).toString();
|
socialLoginUrl = ((URI) request.getAttribute("KEYCLOAK_SOCIAL_LOGIN")).toString();
|
||||||
|
|
||||||
username = (String) request.getAttribute("username");
|
username = (String) request.getAttribute("username");
|
||||||
|
@ -119,6 +122,10 @@ public class LoginBean {
|
||||||
return themeUrl;
|
return themeUrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getRegistrationUrl() {
|
||||||
|
return registrationUrl;
|
||||||
|
}
|
||||||
|
|
||||||
public String getUsername() {
|
public String getUsername() {
|
||||||
return username;
|
return username;
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
|
|
||||||
<ui:define name="info">
|
<ui:define name="info">
|
||||||
<h:panelGroup rendered="#{login.registrationAllowed}">
|
<h:panelGroup rendered="#{login.registrationAllowed}">
|
||||||
<p>No account? <a href="saas-register.html">Register</a>.</p>
|
<p>No account? <a href="#{login.registrationUrl}">Register</a>.</p>
|
||||||
</h:panelGroup>
|
</h:panelGroup>
|
||||||
</ui:define>
|
</ui:define>
|
||||||
</ui:composition>
|
</ui:composition>
|
|
@ -18,6 +18,8 @@ import org.keycloak.services.models.RealmModel;
|
||||||
import org.keycloak.services.models.RoleModel;
|
import org.keycloak.services.models.RoleModel;
|
||||||
import org.keycloak.services.models.UserModel;
|
import org.keycloak.services.models.UserModel;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
|
||||||
public abstract class AbstractLoginService {
|
public abstract class AbstractLoginService {
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
|
@ -86,6 +88,7 @@ public abstract class AbstractLoginService {
|
||||||
request.setAttribute(RealmModel.class.getName(), realm);
|
request.setAttribute(RealmModel.class.getName(), realm);
|
||||||
request.setAttribute("KEYCLOAK_LOGIN_ACTION", TokenService.processLoginUrl(uriInfo).build(realm.getId()));
|
request.setAttribute("KEYCLOAK_LOGIN_ACTION", TokenService.processLoginUrl(uriInfo).build(realm.getId()));
|
||||||
request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
|
request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
|
||||||
|
request.setAttribute("KEYCLOAK_REGISTRATION_PAGE", URI.create("not-implemented-yet"));
|
||||||
|
|
||||||
// RESTEASY eats the form data, so we send via an attribute
|
// RESTEASY eats the form data, so we send via an attribute
|
||||||
request.setAttribute("redirect_uri", redirect);
|
request.setAttribute("redirect_uri", redirect);
|
||||||
|
|
|
@ -93,8 +93,7 @@ public class SaasService {
|
||||||
public Response whoAmI(final @Context HttpHeaders headers) {
|
public Response whoAmI(final @Context HttpHeaders headers) {
|
||||||
return new Transaction() {
|
return new Transaction() {
|
||||||
@Override
|
@Override
|
||||||
public Response callImpl()
|
public Response callImpl() {
|
||||||
{
|
|
||||||
logger.info("WHOAMI start.");
|
logger.info("WHOAMI start.");
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = realmManager.defaultRealm();
|
||||||
|
@ -115,8 +114,7 @@ public class SaasService {
|
||||||
public String isLoggedIn(final @Context HttpHeaders headers) {
|
public String isLoggedIn(final @Context HttpHeaders headers) {
|
||||||
return new Transaction() {
|
return new Transaction() {
|
||||||
@Override
|
@Override
|
||||||
public String callImpl()
|
public String callImpl() {
|
||||||
{
|
|
||||||
logger.info("WHOAMI Javascript start.");
|
logger.info("WHOAMI Javascript start.");
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = realmManager.defaultRealm();
|
||||||
|
@ -145,24 +143,38 @@ public class SaasService {
|
||||||
|
|
||||||
@Path("admin/realms")
|
@Path("admin/realms")
|
||||||
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
|
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
|
||||||
return new Transaction(false) {
|
return new Transaction(false) {
|
||||||
@Override
|
@Override
|
||||||
protected RealmsAdminResource callImpl() {
|
protected RealmsAdminResource callImpl() {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel saasRealm = realmManager.defaultRealm();
|
RealmModel saasRealm = realmManager.defaultRealm();
|
||||||
if (saasRealm == null) throw new NotFoundException();
|
if (saasRealm == null) throw new NotFoundException();
|
||||||
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
|
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
|
||||||
if (admin == null) {
|
if (admin == null) {
|
||||||
throw new NotAuthorizedException("Bearer");
|
throw new NotAuthorizedException("Bearer");
|
||||||
}
|
}
|
||||||
RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
|
RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
|
||||||
if (!saasRealm.hasRole(admin, creatorRole)) {
|
if (!saasRealm.hasRole(admin, creatorRole)) {
|
||||||
logger.warn("not a Realm creator");
|
logger.warn("not a Realm creator");
|
||||||
throw new NotAuthorizedException("Bearer");
|
throw new NotAuthorizedException("Bearer");
|
||||||
}
|
}
|
||||||
return new RealmsAdminResource(admin);
|
return new RealmsAdminResource(admin);
|
||||||
}
|
}
|
||||||
}.call();
|
}.call();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("loginPage.html")
|
||||||
|
@GET
|
||||||
|
public void loginPage() {
|
||||||
|
new Transaction() {
|
||||||
|
@Override
|
||||||
|
protected void runImpl() {
|
||||||
|
RealmManager realmManager = new RealmManager(session);
|
||||||
|
RealmModel realm = realmManager.defaultRealm();
|
||||||
|
authManager.expireSaasIdentityCookie(uriInfo);
|
||||||
|
forwardToLoginForm(realm);
|
||||||
|
}
|
||||||
|
}.run();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("logout")
|
@Path("logout")
|
||||||
|
@ -171,12 +183,15 @@ public class SaasService {
|
||||||
new Transaction() {
|
new Transaction() {
|
||||||
@Override
|
@Override
|
||||||
protected void runImpl() {
|
protected void runImpl() {
|
||||||
|
RealmManager realmManager = new RealmManager(session);
|
||||||
|
RealmModel realm = realmManager.defaultRealm();
|
||||||
authManager.expireSaasIdentityCookie(uriInfo);
|
authManager.expireSaasIdentityCookie(uriInfo);
|
||||||
request.forward(saasLoginPath);
|
forwardToLoginForm(realm);
|
||||||
}
|
}
|
||||||
}.run();
|
}.run();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Path("logout-cookie")
|
@Path("logout-cookie")
|
||||||
@GET
|
@GET
|
||||||
public void logoutCookie() {
|
public void logoutCookie() {
|
||||||
|
@ -189,6 +204,18 @@ public class SaasService {
|
||||||
}.run();
|
}.run();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public final static String loginFormPath = "/sdk/login.xhtml";
|
||||||
|
protected void forwardToLoginForm(RealmModel realm) {
|
||||||
|
request.setAttribute(RealmModel.class.getName(), realm);
|
||||||
|
URI action = uriInfo.getBaseUriBuilder().path(SaasService.class).path(SaasService.class, "processLogin").build();
|
||||||
|
URI register = contextRoot(uriInfo).path(saasRegisterPath).build();
|
||||||
|
request.setAttribute("KEYCLOAK_LOGIN_ACTION", action);
|
||||||
|
request.setAttribute("KEYCLOAK_REGISTRATION_PAGE", register);
|
||||||
|
request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
|
||||||
|
request.forward(loginFormPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Path("login")
|
@Path("login")
|
||||||
@POST
|
@POST
|
||||||
|
@ -210,13 +237,13 @@ public class SaasService {
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
logger.info("Not Authenticated! Incorrect user name");
|
logger.info("Not Authenticated! Incorrect user name");
|
||||||
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name.");
|
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name.");
|
||||||
request.forward(saasLoginPath);
|
forwardToLoginForm(realm);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!user.isEnabled()) {
|
if (!user.isEnabled()) {
|
||||||
logger.info("NAccount is disabled, contact admin.");
|
logger.info("NAccount is disabled, contact admin.");
|
||||||
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Account is disabled, contact admin.");
|
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Account is disabled, contact admin.");
|
||||||
request.forward(saasLoginPath);
|
forwardToLoginForm(realm);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,14 +251,14 @@ public class SaasService {
|
||||||
if (!authenticated) {
|
if (!authenticated) {
|
||||||
logger.info("Not Authenticated! Invalid credentials");
|
logger.info("Not Authenticated! Invalid credentials");
|
||||||
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Invalid credentials.");
|
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Invalid credentials.");
|
||||||
request.forward(saasLoginPath);
|
forwardToLoginForm(realm);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
NewCookie cookie = authManager.createSaasIdentityCookie(realm, user, uriInfo);
|
NewCookie cookie = authManager.createSaasIdentityCookie(realm, user, uriInfo);
|
||||||
return Response.status(302)
|
return Response.status(302)
|
||||||
.cookie(cookie)
|
.cookie(cookie)
|
||||||
.location(contextRoot(uriInfo).path(adminPath).build()).build();
|
.location(contextRoot(uriInfo).path(adminPath).build()).build();
|
||||||
}
|
}
|
||||||
}.call();
|
}.call();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue