KEYCLOAK-2662
This commit is contained in:
parent
4d5ae5dd68
commit
f21cede378
3 changed files with 15 additions and 5 deletions
|
@ -19,12 +19,12 @@ package org.keycloak.adapters.servlet;
|
|||
|
||||
import org.keycloak.KeycloakSecurityContext;
|
||||
import org.keycloak.adapters.AdapterTokenStore;
|
||||
import org.keycloak.adapters.spi.HttpFacade;
|
||||
import org.keycloak.adapters.spi.KeycloakAccount;
|
||||
import org.keycloak.adapters.KeycloakDeployment;
|
||||
import org.keycloak.adapters.OidcKeycloakAccount;
|
||||
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
|
||||
import org.keycloak.adapters.RequestAuthenticator;
|
||||
import org.keycloak.adapters.spi.HttpFacade;
|
||||
import org.keycloak.adapters.spi.KeycloakAccount;
|
||||
import org.keycloak.adapters.spi.SessionIdMapper;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
@ -51,10 +51,16 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
|
|||
}
|
||||
|
||||
public HttpServletRequestWrapper buildWrapper() {
|
||||
HttpSession session = request.getSession();
|
||||
KeycloakAccount account = (KeycloakAccount)session.getAttribute(KeycloakAccount.class.getName());
|
||||
HttpSession session = request.getSession(false);
|
||||
KeycloakAccount account = null;
|
||||
if (session != null) {
|
||||
account = (KeycloakAccount) session.getAttribute(KeycloakAccount.class.getName());
|
||||
if (account == null) {
|
||||
account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName());
|
||||
}
|
||||
}
|
||||
if (account == null) {
|
||||
account = (KeycloakAccount)request.getAttribute(KeycloakAccount.class.getName());
|
||||
account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName());
|
||||
}
|
||||
return buildWrapper(session, account);
|
||||
}
|
||||
|
|
|
@ -305,6 +305,7 @@ public class FilterSessionStore implements AdapterSessionStore {
|
|||
|
||||
@Override
|
||||
public Principal getUserPrincipal() {
|
||||
if (account == null) return null;
|
||||
return account.getPrincipal();
|
||||
}
|
||||
|
||||
|
|
|
@ -36,6 +36,9 @@ public class CustomerDatabaseServlet extends HttpServlet {
|
|||
|
||||
@Override
|
||||
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||
// test that bearer token auth never has an HTTP session created
|
||||
Assert.assertNull(req.getSession(false));
|
||||
|
||||
resp.setContentType("text/html");
|
||||
PrintWriter pw = resp.getWriter();
|
||||
Principal principal = req.getUserPrincipal();
|
||||
|
|
Loading…
Reference in a new issue