commit
f689747fd6
9 changed files with 185 additions and 11 deletions
|
@ -242,7 +242,8 @@ public abstract class OAuthRequestAuthenticator {
|
|||
protected AuthChallenge resolveCode(String code) {
|
||||
// abort if not HTTPS
|
||||
if (deployment.isSslRequired() && !isRequestSecure()) {
|
||||
log.error("SSL is required");
|
||||
|
||||
log.error("Adapter requires SSL. Request: " + facade.getRequest().getURI());
|
||||
return challenge(403);
|
||||
}
|
||||
|
||||
|
|
|
@ -32,10 +32,6 @@ public abstract class RequestAuthenticator {
|
|||
|
||||
public AuthOutcome authenticate() {
|
||||
log.info("--> authenticate()");
|
||||
if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
|
||||
log.warn("SSL is required to authenticate");
|
||||
return AuthOutcome.FAILED;
|
||||
}
|
||||
BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
|
||||
log.info("try bearer");
|
||||
AuthOutcome outcome = bearer.authenticate(facade);
|
||||
|
@ -44,6 +40,7 @@ public abstract class RequestAuthenticator {
|
|||
log.info("Bearer FAILED");
|
||||
return AuthOutcome.FAILED;
|
||||
} else if (outcome == AuthOutcome.AUTHENTICATED) {
|
||||
if (verifySSL()) return AuthOutcome.FAILED;
|
||||
completeAuthentication(bearer);
|
||||
log.info("Bearer AUTHENTICATED");
|
||||
return AuthOutcome.AUTHENTICATED;
|
||||
|
@ -55,6 +52,7 @@ public abstract class RequestAuthenticator {
|
|||
|
||||
log.info("try oauth");
|
||||
if (isCached()) {
|
||||
if (verifySSL()) return AuthOutcome.FAILED;
|
||||
log.info("AUTHENTICATED: was cached");
|
||||
return AuthOutcome.AUTHENTICATED;
|
||||
}
|
||||
|
@ -70,6 +68,8 @@ public abstract class RequestAuthenticator {
|
|||
|
||||
}
|
||||
|
||||
if (verifySSL()) return AuthOutcome.FAILED;
|
||||
|
||||
completeAuthentication(oauth);
|
||||
|
||||
// redirect to strip out access code and state query parameters
|
||||
|
@ -81,6 +81,14 @@ public abstract class RequestAuthenticator {
|
|||
return AuthOutcome.AUTHENTICATED;
|
||||
}
|
||||
|
||||
protected boolean verifySSL() {
|
||||
if (!facade.getRequest().isSecure() && deployment.isSslRequired()) {
|
||||
log.warn("SSL is required to authenticate");
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
protected abstract OAuthRequestAuthenticator createOAuthAuthenticator();
|
||||
|
||||
protected BearerTokenRequestAuthenticator createBearerTokenAuthenticator() {
|
||||
|
|
|
@ -51,12 +51,22 @@ public class ServletKeycloakAuthMech implements AuthenticationMechanism {
|
|||
}
|
||||
|
||||
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
|
||||
int confidentialPort = 8443;
|
||||
if (portManager != null) confidentialPort = portManager.getConfidentialPort(exchange);
|
||||
|
||||
int confidentialPort = getConfidentilPort(exchange);
|
||||
return new ServletRequestAuthenticator(facade, deployment,
|
||||
confidentialPort, securityContext, exchange, userSessionManagement);
|
||||
}
|
||||
|
||||
protected int getConfidentilPort(HttpServerExchange exchange) {
|
||||
int confidentialPort = 8443;
|
||||
if (exchange.getRequestScheme().equalsIgnoreCase("HTTPS")) {
|
||||
confidentialPort = exchange.getHostPort();
|
||||
} else if (portManager != null) {
|
||||
confidentialPort = portManager.getConfidentialPort(exchange);
|
||||
}
|
||||
return confidentialPort;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
|
||||
AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
|
||||
|
|
|
@ -6,6 +6,7 @@ import io.undertow.server.handlers.CookieImpl;
|
|||
import io.undertow.util.AttachmentKey;
|
||||
import io.undertow.util.Headers;
|
||||
import io.undertow.util.HttpString;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.KeycloakSecurityContext;
|
||||
import org.keycloak.adapters.AuthChallenge;
|
||||
import org.keycloak.adapters.HttpFacade;
|
||||
|
@ -24,6 +25,7 @@ import java.util.Map;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class UndertowHttpFacade implements HttpFacade {
|
||||
private static final Logger log = Logger.getLogger(UndertowHttpFacade.class);
|
||||
public static final AttachmentKey<KeycloakSecurityContext> KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class);
|
||||
|
||||
protected HttpServerExchange exchange;
|
||||
|
@ -41,7 +43,8 @@ public class UndertowHttpFacade implements HttpFacade {
|
|||
|
||||
@Override
|
||||
public boolean isSecure() {
|
||||
return exchange.getProtocol().toString().equalsIgnoreCase("https");
|
||||
String protocol = exchange.getRequestScheme();
|
||||
return protocol.equalsIgnoreCase("https");
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -24,7 +24,8 @@ public class WildflyAuthenticationMechanism extends ServletKeycloakAuthMech {
|
|||
|
||||
@Override
|
||||
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
|
||||
int confidentialPort = getConfidentilPort(exchange);
|
||||
return new WildflyRequestAuthenticator(facade, deployment,
|
||||
portManager.getConfidentialPort(exchange), securityContext, exchange, userSessionManagement);
|
||||
confidentialPort, securityContext, exchange, userSessionManagement);
|
||||
}
|
||||
}
|
||||
|
|
120
model/invalidation-cache/model-adapters/pom.xml
Executable file
120
model/invalidation-cache/model-adapters/pom.xml
Executable file
|
@ -0,0 +1,120 @@
|
|||
<?xml version="1.0"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.0-beta-2-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>keycloak-invalidation-cache-model</artifactId>
|
||||
<name>Keycloak Model JPA</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk16</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>net.iharder</groupId>
|
||||
<artifactId>base64</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-model-api</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hibernate.javax.persistence</groupId>
|
||||
<artifactId>hibernate-jpa-2.0-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hibernate</groupId>
|
||||
<artifactId>hibernate-entitymanager</artifactId>
|
||||
<version>${hibernate.entitymanager.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.resteasy</groupId>
|
||||
<artifactId>resteasy-jaxrs</artifactId>
|
||||
<scope>provided</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-simple</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.h2database</groupId>
|
||||
<artifactId>h2</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<source>${maven.compiler.source}</source>
|
||||
<target>${maven.compiler.target}</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
||||
<!-- Test jar used in export-import -->
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-jar-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>package-tests-jar</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>test-jar</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>default-test</id>
|
||||
<configuration>
|
||||
<dependenciesToScan>
|
||||
<dependency>org.keycloak:keycloak-model-tests</dependency>
|
||||
</dependenciesToScan>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
30
model/invalidation-cache/pom.xml
Executable file
30
model/invalidation-cache/pom.xml
Executable file
|
@ -0,0 +1,30 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.0-beta-2-SNAPSHOT</version>
|
||||
<relativePath>../../pom.xml</relativePath>
|
||||
</parent>
|
||||
<name>Model Parent</name>
|
||||
<description/>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>keycloak-invalidation-cache-model-pom</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-deploy-plugin</artifactId>
|
||||
<configuration>
|
||||
<skip>true</skip>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<modules>
|
||||
<module>model-adapters</module>
|
||||
</modules>
|
||||
</project>
|
|
@ -29,6 +29,7 @@
|
|||
<!-- <module>picketlink</module> -->
|
||||
<module>jpa</module>
|
||||
<module>mongo</module>
|
||||
<module>invalidation-cache</module>
|
||||
<module>tests</module>
|
||||
</modules>
|
||||
</project>
|
||||
|
|
4
pom.xml
4
pom.xml
|
@ -18,7 +18,7 @@
|
|||
<resteasy.version>2.3.7.Final</resteasy.version>
|
||||
<resteasy.version.eap.6.3>2.3.7.Final</resteasy.version.eap.6.3>
|
||||
<resteasy.version.latest>3.0.8.Final</resteasy.version.latest>
|
||||
<undertow.version>1.0.0.Final</undertow.version>
|
||||
<undertow.version>1.0.15.Final</undertow.version>
|
||||
<picketlink.version>2.6.0.CR2</picketlink.version>
|
||||
<picketbox.ldap.version>1.0.2.Final</picketbox.ldap.version>
|
||||
<mongo.driver.version>2.11.3</mongo.driver.version>
|
||||
|
@ -34,7 +34,7 @@
|
|||
<mysql.version>5.1.25</mysql.version>
|
||||
<slf4j.version>1.5.10</slf4j.version>
|
||||
<jboss.version>7.1.1.Final</jboss.version>
|
||||
<wildfly.version>8.0.0.Final</wildfly.version>
|
||||
<wildfly.version>8.1.0.Final</wildfly.version>
|
||||
<servlet.api.30.version>1.0.1.Final</servlet.api.30.version>
|
||||
<google.zxing.version>2.2</google.zxing.version>
|
||||
<google.client.version>1.14.1-beta</google.client.version>
|
||||
|
|
Loading…
Reference in a new issue