keycloak-uncached
Changes
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java 16(+16 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java 16(+16 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java 54(+23 -31)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java 16(+16 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java 28(+25 -3)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/SessionManagementBridge.java 16(+16 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java 19(+18 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java 16(+16 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java 68(+68 -0)
Details
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java
index 6e77c89..7e8aa2c 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakChallenge.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.security.api.AuthenticationMechanism;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
index 648be58..88ae3c2 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.security.api.AuthenticationMechanism;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
index be72184..bc080f9 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.security.idm.Account;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
index 26a735f..d43adbf 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java
@@ -1,21 +1,34 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
-import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.ConfidentialPortManager;
-import io.undertow.util.AttachmentKey;
import org.keycloak.adapters.AdapterDeploymentContext;
-import org.keycloak.adapters.AuthChallenge;
-import org.keycloak.adapters.AuthOutcome;
import org.keycloak.adapters.KeycloakDeployment;
+import org.keycloak.adapters.RequestAuthenticator;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
* @version $Revision: 1 $
*/
-public class ServletKeycloakAuthMech implements AuthenticationMechanism {
- public static final AttachmentKey<AuthChallenge> KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class);
+public class ServletKeycloakAuthMech extends UndertowKeycloakAuthMech {
protected AdapterDeploymentContext deploymentContext;
protected UndertowUserSessionManagement userSessionManagement;
@@ -34,23 +47,13 @@ public class ServletKeycloakAuthMech implements AuthenticationMechanism {
if (!deployment.isConfigured()) {
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
- ServletRequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade);
- AuthOutcome outcome = authenticator.authenticate();
- if (outcome == AuthOutcome.AUTHENTICATED) {
- return AuthenticationMechanismOutcome.AUTHENTICATED;
- }
- AuthChallenge challenge = authenticator.getChallenge();
- if (challenge != null) {
- exchange.putAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY, challenge);
- }
- if (outcome == AuthOutcome.FAILED) {
- return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
- }
- return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
+ RequestAuthenticator authenticator = createRequestAuthenticator(deployment, exchange, securityContext, facade);
+
+ return super.keycloakAuthenticate(exchange, authenticator);
}
- protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
+ protected RequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
int confidentialPort = getConfidentilPort(exchange);
return new ServletRequestAuthenticator(facade, deployment,
@@ -67,15 +70,4 @@ public class ServletKeycloakAuthMech implements AuthenticationMechanism {
return confidentialPort;
}
- @Override
- public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
- AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
- if (challenge != null) {
- UndertowHttpFacade facade = new UndertowHttpFacade(exchange);
- if (challenge.challenge(facade)) {
- return new ChallengeResult(true, exchange.getResponseCode());
- }
- }
- return new ChallengeResult(false);
- }
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java
index 96d9db0..0f20afa 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPreAuthActionsHandler.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.server.HandlerWrapper;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
index 139683a..6635d34 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.security.api.SecurityContext;
@@ -10,20 +26,21 @@ import org.keycloak.adapters.KeycloakDeployment;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import org.keycloak.KeycloakPrincipal;
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
* @version $Revision: 1 $
*/
public class ServletRequestAuthenticator extends UndertowRequestAuthenticator {
- protected UndertowUserSessionManagement userSessionManagement;
public ServletRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort,
SecurityContext securityContext, HttpServerExchange exchange,
UndertowUserSessionManagement userSessionManagement) {
- super(facade, deployment, sslRedirectPort, securityContext, exchange);
- this.userSessionManagement = userSessionManagement;
+ super(facade, deployment, sslRedirectPort, securityContext, exchange, userSessionManagement);
}
@Override
@@ -69,4 +86,9 @@ public class ServletRequestAuthenticator extends UndertowRequestAuthenticator {
userSessionManagement.login(servletRequestContext.getDeployment().getSessionManager(), session.getId(), account.getPrincipal().getName(), account.getKeycloakSecurityContext().getToken().getSessionState());
}
+
+ @Override
+ protected KeycloakUndertowAccount createAccount(KeycloakPrincipal principal, RefreshableKeycloakSecurityContext session) {
+ return new KeycloakUndertowAccount(principal, session, deployment);
+ }
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/SessionManagementBridge.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/SessionManagementBridge.java
index 11682f0..0bdd434 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/SessionManagementBridge.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/SessionManagementBridge.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.server.session.SessionManager;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java
index 294daee..7fb6046 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowAuthenticatedActionsHandler.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.server.HandlerWrapper;
@@ -12,6 +28,7 @@ import org.keycloak.adapters.KeycloakDeployment;
* Bridge for authenticated Keycloak adapter actions
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
* @version $Revision: 1 $
*/
public class UndertowAuthenticatedActionsHandler implements HttpHandler {
@@ -33,7 +50,7 @@ public class UndertowAuthenticatedActionsHandler implements HttpHandler {
}
- protected UndertowAuthenticatedActionsHandler(AdapterDeploymentContext deploymentContext, HttpHandler next) {
+ public UndertowAuthenticatedActionsHandler(AdapterDeploymentContext deploymentContext, HttpHandler next) {
this.deploymentContext = deploymentContext;
this.next = next;
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
index 9426128..308233f 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.server.HttpServerExchange;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java
new file mode 100644
index 0000000..b650f6d
--- /dev/null
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowKeycloakAuthMech.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.adapters.undertow;
+
+import io.undertow.security.api.AuthenticationMechanism;
+import io.undertow.security.api.SecurityContext;
+import io.undertow.server.HttpServerExchange;
+import io.undertow.util.AttachmentKey;
+import org.keycloak.adapters.AuthChallenge;
+import org.keycloak.adapters.AuthOutcome;
+import org.keycloak.adapters.RequestAuthenticator;
+import static org.keycloak.adapters.undertow.ServletKeycloakAuthMech.KEYCLOAK_CHALLENGE_ATTACHMENT_KEY;
+
+/**
+ * Abstract base class for a Keycloak-enabled Undertow AuthenticationMechanism.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public abstract class UndertowKeycloakAuthMech implements AuthenticationMechanism {
+ public static final AttachmentKey<AuthChallenge> KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class);
+
+ @Override
+ public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
+ AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);
+ if (challenge != null) {
+ UndertowHttpFacade facade = new UndertowHttpFacade(exchange);
+ if (challenge.challenge(facade)) {
+ return new ChallengeResult(true, exchange.getResponseCode());
+ }
+ }
+ return new ChallengeResult(false);
+ }
+
+ /**
+ * Call this inside your authenticate method.
+ */
+ protected AuthenticationMechanismOutcome keycloakAuthenticate(HttpServerExchange exchange, RequestAuthenticator authenticator) {
+ AuthOutcome outcome = authenticator.authenticate();
+ if (outcome == AuthOutcome.AUTHENTICATED) {
+ return AuthenticationMechanismOutcome.AUTHENTICATED;
+ }
+ AuthChallenge challenge = authenticator.getChallenge();
+ if (challenge != null) {
+ exchange.putAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY, challenge);
+ }
+
+ if (outcome == AuthOutcome.FAILED) {
+ return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
+ }
+
+ return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
+ }
+
+}
\ No newline at end of file
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java
index cd5fdaa..67a7b7a 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowRequestAuthenticator.java
@@ -1,7 +1,25 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
+import io.undertow.server.session.Session;
+import io.undertow.util.Sessions;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.HttpFacade;
import org.keycloak.adapters.KeycloakAccount;
@@ -12,17 +30,22 @@ import org.keycloak.adapters.RequestAuthenticator;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
* @version $Revision: 1 $
*/
-public class UndertowRequestAuthenticator extends RequestAuthenticator {
+public abstract class UndertowRequestAuthenticator extends RequestAuthenticator {
protected SecurityContext securityContext;
protected HttpServerExchange exchange;
+ protected UndertowUserSessionManagement userSessionManagement;
- public UndertowRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort, SecurityContext securityContext, HttpServerExchange exchange) {
+ public UndertowRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort,
+ SecurityContext securityContext, HttpServerExchange exchange,
+ UndertowUserSessionManagement userSessionManagement) {
super(facade, deployment, sslRedirectPort);
this.securityContext = securityContext;
this.exchange = exchange;
+ this.userSessionManagement = userSessionManagement;
}
protected void propagateKeycloakContext(KeycloakUndertowAccount account) {
@@ -41,26 +64,55 @@ public class UndertowRequestAuthenticator extends RequestAuthenticator {
@Override
protected void completeOAuthAuthentication(KeycloakPrincipal principal, RefreshableKeycloakSecurityContext session) {
- KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal, session, deployment);
+ KeycloakUndertowAccount account = createAccount(principal, session);
securityContext.authenticationComplete(account, "KEYCLOAK", false);
propagateKeycloakContext(account);
login(account);
}
protected void login(KeycloakAccount account) {
-
+ Session session = Sessions.getOrCreateSession(exchange);
+ session.setAttribute(KeycloakUndertowAccount.class.getName(), account);
+ String username = account.getPrincipal().getName();
+ String keycloakSessionId = account.getKeycloakSecurityContext().getToken().getSessionState();
+ userSessionManagement.login(session.getSessionManager(), session.getId(), username, keycloakSessionId);
}
@Override
protected void completeBearerAuthentication(KeycloakPrincipal principal, RefreshableKeycloakSecurityContext session) {
- KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal, session, deployment);
+ KeycloakUndertowAccount account = createAccount(principal, session);
securityContext.authenticationComplete(account, "KEYCLOAK", false);
propagateKeycloakContext(account);
}
@Override
protected boolean isCached() {
+ Session session = Sessions.getSession(exchange);
+ if (session == null) {
+ log.info("session was null, returning null");
+ return false;
+ }
+ KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
+ if (account == null) {
+ log.info("Account was not in session, returning null");
+ return false;
+ }
+ account.setDeployment(deployment);
+ if (account.isActive()) {
+ log.info("Cached account found");
+ securityContext.authenticationComplete(account, "KEYCLOAK", false);
+ propagateKeycloakContext( account);
+ return true;
+ }
+ log.info("Account was not active, returning false");
+ session.removeAttribute(KeycloakUndertowAccount.class.getName());
return false;
}
+
+ /**
+ * Subclasses need to be able to create their own version of the KeycloakUndertowAccount
+ * @return The account
+ */
+ protected abstract KeycloakUndertowAccount createAccount(KeycloakPrincipal principal, RefreshableKeycloakSecurityContext session);
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowUserSessionManagement.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowUserSessionManagement.java
index f9df4b0..a70eac4 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowUserSessionManagement.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowUserSessionManagement.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.adapters.undertow;
import io.undertow.security.api.AuthenticatedSessionManager;