KEYCLOAK-2662

This commit is contained in:
Bill Burke 2016-04-01 16:43:38 -04:00
parent 4d5ae5dd68
commit f21cede378
3 changed files with 15 additions and 5 deletions

View file

@ -19,12 +19,12 @@ package org.keycloak.adapters.servlet;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.spi.SessionIdMapper;
import javax.servlet.http.HttpServletRequest;
@ -51,10 +51,16 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
}
public HttpServletRequestWrapper buildWrapper() {
HttpSession session = request.getSession();
KeycloakAccount account = (KeycloakAccount)session.getAttribute(KeycloakAccount.class.getName());
HttpSession session = request.getSession(false);
KeycloakAccount account = null;
if (session != null) {
account = (KeycloakAccount) session.getAttribute(KeycloakAccount.class.getName());
if (account == null) {
account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName());
}
}
if (account == null) {
account = (KeycloakAccount)request.getAttribute(KeycloakAccount.class.getName());
account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName());
}
return buildWrapper(session, account);
}

View file

@ -305,6 +305,7 @@ public class FilterSessionStore implements AdapterSessionStore {
@Override
public Principal getUserPrincipal() {
if (account == null) return null;
return account.getPrincipal();
}

View file

@ -36,6 +36,9 @@ public class CustomerDatabaseServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// test that bearer token auth never has an HTTP session created
Assert.assertNull(req.getSession(false));
resp.setContentType("text/html");
PrintWriter pw = resp.getWriter();
Principal principal = req.getUserPrincipal();