From f21cede3786845779ffda618ce636b7a535eb2ba Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 1 Apr 2016 16:43:38 -0400 Subject: [PATCH] KEYCLOAK-2662 --- .../adapters/servlet/OIDCFilterSessionStore.java | 16 +++++++++++----- .../adapters/servlet/FilterSessionStore.java | 1 + .../adapter/CustomerDatabaseServlet.java | 3 +++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java index 70a67de8a5..e28500beeb 100755 --- a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java +++ b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java @@ -19,12 +19,12 @@ package org.keycloak.adapters.servlet; import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.AdapterTokenStore; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.spi.KeycloakAccount; import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.OidcKeycloakAccount; import org.keycloak.adapters.RefreshableKeycloakSecurityContext; import org.keycloak.adapters.RequestAuthenticator; +import org.keycloak.adapters.spi.HttpFacade; +import org.keycloak.adapters.spi.KeycloakAccount; import org.keycloak.adapters.spi.SessionIdMapper; import javax.servlet.http.HttpServletRequest; @@ -51,10 +51,16 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte } public HttpServletRequestWrapper buildWrapper() { - HttpSession session = request.getSession(); - KeycloakAccount account = (KeycloakAccount)session.getAttribute(KeycloakAccount.class.getName()); + HttpSession session = request.getSession(false); + KeycloakAccount account = null; + if (session != null) { + account = (KeycloakAccount) session.getAttribute(KeycloakAccount.class.getName()); + if (account == null) { + account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName()); + } + } if (account == null) { - account = (KeycloakAccount)request.getAttribute(KeycloakAccount.class.getName()); + account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName()); } return buildWrapper(session, account); } diff --git a/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java b/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java index 6a17c8e810..5d1eb51162 100755 --- a/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java +++ b/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java @@ -305,6 +305,7 @@ public class FilterSessionStore implements AdapterSessionStore { @Override public Principal getUserPrincipal() { + if (account == null) return null; return account.getPrincipal(); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java index fda4ad57dc..ddf097eec0 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java @@ -36,6 +36,9 @@ public class CustomerDatabaseServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + // test that bearer token auth never has an HTTP session created + Assert.assertNull(req.getSession(false)); + resp.setContentType("text/html"); PrintWriter pw = resp.getWriter(); Principal principal = req.getUserPrincipal();