libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-13633 Generalize GenericPrincipalFactory to PrincipleFactory

Browse source 
This allows to replace java.security.acl.Group usage only where necessary while keeping legacy adapter unchanged.

Signed-off-by: Phillip Schichtel <phillip@schich.tel>
This commit is contained in:
Phillip Schichtel 2021-01-13 22:09:33 +01:00 committed by Marek Posolda
parent 52db22925c
commit f754b34c0c
13 changed files with 36 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
adapters/oidc/as7-eap6/as7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java
View file

@ -27,7 +27,7 @@ import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimpleGroup; import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal; import org.jboss.security.SimplePrincipal;
import org.keycloak.adapters.spi.KeycloakAccount; import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory; import org.keycloak.adapters.tomcat.PrincipalFactory;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import java.lang.reflect.Constructor; import java.lang.reflect.Constructor;
@ -44,15 +44,10 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class JBossWebPrincipalFactory extends GenericPrincipalFactory { public class JBossWebPrincipalFactory implements PrincipalFactory {
private static Constructor jbossWebPrincipalConstructor = findJBossGenericPrincipalConstructor(); private static Constructor jbossWebPrincipalConstructor = findJBossGenericPrincipalConstructor();
@Override
protected GenericPrincipal createPrincipal(Principal userPrincipal, List<String> roles) {
return null;
}
@Override @Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) { public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() { KeycloakAccount account = new KeycloakAccount() {

4
adapters/oidc/as7-eap6/as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/KeycloakAuthenticatorValve.java
View file

@ -27,7 +27,7 @@ import org.apache.catalina.deploy.LoginConfig;
import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve; import org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve;
import org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve; import org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory; import org.keycloak.adapters.tomcat.PrincipalFactory;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
@ -65,7 +65,7 @@ public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorVal
} }
@Override @Override
protected GenericPrincipalFactory createPrincipalFactory() { protected PrincipalFactory createPrincipalFactory() {
return new JBossWebPrincipalFactory(); return new JBossWebPrincipalFactory();
} }

2
adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java
View file

@ -183,7 +183,7 @@ public abstract class AbstractKeycloakAuthenticatorValve extends FormAuthenticat
} }
} }
protected abstract GenericPrincipalFactory createPrincipalFactory(); protected abstract PrincipalFactory createPrincipalFactory();
protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException; protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException;
protected abstract AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container); protected abstract AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container);

4
adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaCookieTokenStore.java
View file

@ -43,11 +43,11 @@ public class CatalinaCookieTokenStore implements AdapterTokenStore {
private Request request; private Request request;
private HttpFacade facade; private HttpFacade facade;
private KeycloakDeployment deployment; private KeycloakDeployment deployment;
private GenericPrincipalFactory principalFactory; private PrincipalFactory principalFactory;
private KeycloakPrincipal<RefreshableKeycloakSecurityContext> authenticatedPrincipal; private KeycloakPrincipal<RefreshableKeycloakSecurityContext> authenticatedPrincipal;
public CatalinaCookieTokenStore(Request request, HttpFacade facade, KeycloakDeployment deployment, GenericPrincipalFactory principalFactory) { public CatalinaCookieTokenStore(Request request, HttpFacade facade, KeycloakDeployment deployment, PrincipalFactory principalFactory) {
this.request = request; this.request = request;
this.facade = facade; this.facade = facade;
this.deployment = deployment; this.deployment = deployment;

4
adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
View file

@ -41,13 +41,13 @@ import java.util.logging.Logger;
public class CatalinaRequestAuthenticator extends RequestAuthenticator { public class CatalinaRequestAuthenticator extends RequestAuthenticator {
private static final Logger log = Logger.getLogger(""+CatalinaRequestAuthenticator.class); private static final Logger log = Logger.getLogger(""+CatalinaRequestAuthenticator.class);
protected Request request; protected Request request;
protected GenericPrincipalFactory principalFactory; protected PrincipalFactory principalFactory;
public CatalinaRequestAuthenticator(KeycloakDeployment deployment, public CatalinaRequestAuthenticator(KeycloakDeployment deployment,
AdapterTokenStore tokenStore, AdapterTokenStore tokenStore,
CatalinaHttpFacade facade, CatalinaHttpFacade facade,
Request request, Request request,
GenericPrincipalFactory principalFactory) { PrincipalFactory principalFactory) {
super(facade, deployment, tokenStore, request.getConnector().getRedirectPort()); super(facade, deployment, tokenStore, request.getConnector().getRedirectPort());
this.request = request; this.request = request;
this.principalFactory = principalFactory; this.principalFactory = principalFactory;

4
adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaSessionTokenStore.java
View file

@ -45,12 +45,12 @@ public class CatalinaSessionTokenStore extends CatalinaAdapterSessionStore imple
private KeycloakDeployment deployment; private KeycloakDeployment deployment;
private CatalinaUserSessionManagement sessionManagement; private CatalinaUserSessionManagement sessionManagement;
protected GenericPrincipalFactory principalFactory; protected PrincipalFactory principalFactory;
public CatalinaSessionTokenStore(Request request, KeycloakDeployment deployment, public CatalinaSessionTokenStore(Request request, KeycloakDeployment deployment,
CatalinaUserSessionManagement sessionManagement, CatalinaUserSessionManagement sessionManagement,
GenericPrincipalFactory principalFactory, PrincipalFactory principalFactory,
AbstractKeycloakAuthenticatorValve valve) { AbstractKeycloakAuthenticatorValve valve) {
super(request, valve); super(request, valve);
this.deployment = deployment; this.deployment = deployment;

4
adapters/saml/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java
View file

@ -26,7 +26,7 @@ import org.apache.catalina.deploy.LoginConfig;
import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory; import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory;
import org.keycloak.adapters.saml.*; import org.keycloak.adapters.saml.*;
import org.keycloak.adapters.spi.SessionIdMapperUpdater; import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory; import org.keycloak.adapters.tomcat.PrincipalFactory;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
@ -69,7 +69,7 @@ public class SamlAuthenticatorValve extends AbstractSamlAuthenticatorValve {
} }
@Override @Override
protected GenericPrincipalFactory createPrincipalFactory() { protected PrincipalFactory createPrincipalFactory() {
return new JBossWebPrincipalFactory(); return new JBossWebPrincipalFactory();
} }

4
adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
View file

@ -31,7 +31,7 @@ import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
import org.keycloak.adapters.spi.*; import org.keycloak.adapters.spi.*;
import org.keycloak.adapters.tomcat.CatalinaHttpFacade; import org.keycloak.adapters.tomcat.CatalinaHttpFacade;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement; import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory; import org.keycloak.adapters.tomcat.PrincipalFactory;
import org.keycloak.saml.common.exceptions.ParsingException; import org.keycloak.saml.common.exceptions.ParsingException;
import javax.servlet.RequestDispatcher; import javax.servlet.RequestDispatcher;
@ -186,7 +186,7 @@ public abstract class AbstractSamlAuthenticatorValve extends FormAuthenticator i
} }
protected abstract GenericPrincipalFactory createPrincipalFactory(); protected abstract PrincipalFactory createPrincipalFactory();
protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException; protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException;
private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:"); private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:");

6
adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
View file

@ -26,7 +26,7 @@ import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.SessionIdMapper; import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater; import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement; import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory; import org.keycloak.adapters.tomcat.PrincipalFactory;
import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.common.util.KeycloakUriBuilder;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
@ -44,7 +44,7 @@ public class CatalinaSamlSessionStore implements SamlSessionStore {
public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI"; public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI";
private final CatalinaUserSessionManagement sessionManagement; private final CatalinaUserSessionManagement sessionManagement;
protected final GenericPrincipalFactory principalFactory; protected final PrincipalFactory principalFactory;
private final SessionIdMapper idMapper; private final SessionIdMapper idMapper;
private final SessionIdMapperUpdater idMapperUpdater; private final SessionIdMapperUpdater idMapperUpdater;
protected final Request request; protected final Request request;
@ -52,7 +52,7 @@ public class CatalinaSamlSessionStore implements SamlSessionStore {
protected final HttpFacade facade; protected final HttpFacade facade;
protected final SamlDeployment deployment; protected final SamlDeployment deployment;
public CatalinaSamlSessionStore(CatalinaUserSessionManagement sessionManagement, GenericPrincipalFactory principalFactory, public CatalinaSamlSessionStore(CatalinaUserSessionManagement sessionManagement, PrincipalFactory principalFactory,
SessionIdMapper idMapper, SessionIdMapperUpdater idMapperUpdater, SessionIdMapper idMapper, SessionIdMapperUpdater idMapperUpdater,
Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade, Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade,
SamlDeployment deployment) { SamlDeployment deployment) {

4
adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/TomcatSamlSessionStore.java
View file

@ -26,14 +26,14 @@ import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.SessionIdMapper; import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater; import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement; import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory; import org.keycloak.adapters.tomcat.PrincipalFactory;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class TomcatSamlSessionStore extends CatalinaSamlSessionStore { public class TomcatSamlSessionStore extends CatalinaSamlSessionStore {
public TomcatSamlSessionStore(CatalinaUserSessionManagement sessionManagement, GenericPrincipalFactory principalFactory, SessionIdMapper idMapper, Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade, SamlDeployment deployment) { public TomcatSamlSessionStore(CatalinaUserSessionManagement sessionManagement, PrincipalFactory principalFactory, SessionIdMapper idMapper, Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade, SamlDeployment deployment) {
super(sessionManagement, principalFactory, idMapper, SessionIdMapperUpdater.DIRECT, request, valve, facade, deployment); super(sessionManagement, principalFactory, idMapper, SessionIdMapperUpdater.DIRECT, request, valve, facade, deployment);
} }

5
adapters/spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
View file

@ -30,7 +30,6 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import java.io.IOException; import java.io.IOException;
import java.security.Principal; import java.security.Principal;
import java.security.acl.Group;
import java.util.Set; import java.util.Set;
/** /**
@ -83,10 +82,10 @@ public class KeycloakLoginModule extends AbstractServerLoginModule {
*/ */
@Override @Override
protected Group[] getRoleSets() throws LoginException { protected SimpleGroup[] getRoleSets() throws LoginException {
//log.info("getRoleSets"); //log.info("getRoleSets");
SimpleGroup roles = new SimpleGroup("Roles"); SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles}; SimpleGroup[] roleSets = {roles};
for (String role : roleSet) { for (String role : roleSet) {
//log.info(" adding role: " + role); //log.info(" adding role: " + role);
roles.addMember(new SimplePrincipal(role)); roles.addMember(new SimplePrincipal(role));

5
adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
View file

@ -24,16 +24,17 @@ import javax.security.auth.Subject;
import java.security.Principal; import java.security.Principal;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.List;
import java.util.Collection; import java.util.Collection;
import java.util.List;
import java.util.Set; import java.util.Set;
/** /**
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a> * @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public abstract class GenericPrincipalFactory { public abstract class GenericPrincipalFactory implements PrincipalFactory {
@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) { public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
Subject subject = new Subject(); Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals(); Set<Principal> principals = subject.getPrincipals();

11
adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/PrincipalFactory.java Normal file
View file

@ -0,0 +1,11 @@
package org.keycloak.adapters.tomcat;
import org.apache.catalina.Realm;
import org.apache.catalina.realm.GenericPrincipal;
import java.security.Principal;
import java.util.Set;
public interface PrincipalFactory {
GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet);
}