Details
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java
index 2059409..f55b7fb 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java
@@ -105,7 +105,7 @@ public class FormFlows {
return forwardToForm(Pages.ACCOUNT);
}
- private Response forwardToForm(String template, FormService.FormServiceDataBean formDataBean) {
+ private Response forwardToForm(String template, FormService.FormServiceDataBean formDataBean, Response.Status status) {
// Getting URI needed by form processing service
ResteasyUriInfo uriInfo = request.getUri();
@@ -142,10 +142,10 @@ public class FormFlows {
while (itr.hasNext()) {
FormService provider = itr.next();
if (provider.getId().equals("FormServiceId"))
- return Response.status(200).type(MediaType.TEXT_HTML).entity(provider.process(template, formDataBean)).build();
+ return Response.status(status).type(MediaType.TEXT_HTML).entity(provider.process(template, formDataBean)).build();
}
- return Response.status(200).entity("form provider not found").build();
+ return Response.status(status).entity("form provider not found").build();
}
public Response forwardToForm(String template) {
@@ -153,7 +153,15 @@ public class FormFlows {
FormService.FormServiceDataBean formDataBean = new FormService.FormServiceDataBean(realm, userModel, formData, queryParams, message);
formDataBean.setMessageType(messageType);
- return forwardToForm(template, formDataBean);
+ return forwardToForm(template, formDataBean, Response.Status.OK);
+ }
+
+ public Response forwardToForm(String template, Response.Status status) {
+
+ FormService.FormServiceDataBean formDataBean = new FormService.FormServiceDataBean(realm, userModel, formData, queryParams, message);
+ formDataBean.setMessageType(messageType);
+
+ return forwardToForm(template, formDataBean, status);
}
private Response forwardToActionForm(String template, String warningSummary) {
@@ -201,7 +209,7 @@ public class FormFlows {
}
public Response forwardToErrorPage() {
- return forwardToForm(Pages.ERROR);
+ return forwardToForm(Pages.ERROR, Response.Status.INTERNAL_SERVER_ERROR);
}
public Response forwardToOAuthGrant(){
@@ -214,7 +222,7 @@ public class FormFlows {
formDataBean.setOAuthCode((String)request.getAttribute("code"));
formDataBean.setOAuthAction((String)request.getAttribute("action"));
- return forwardToForm(Pages.OAUTH_GRANT, formDataBean);
+ return forwardToForm(Pages.OAUTH_GRANT, formDataBean, Response.Status.OK);
}
public FormFlows setAccessCode(AccessCodeEntry accessCode) {
diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
index 2b9526c..9ce4f94 100755
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@@ -90,7 +90,7 @@ public class RequiredActionsService {
public Response updateProfile(final MultivaluedMap<String, String> formData) {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PROFILE);
if (accessCode == null) {
- return forwardToErrorPage();
+ return unauthorized();
}
UserModel user = getUser(accessCode);
@@ -116,7 +116,7 @@ public class RequiredActionsService {
public Response updateTotp(final MultivaluedMap<String, String> formData) {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.CONFIGURE_TOTP);
if (accessCode == null) {
- return forwardToErrorPage();
+ return unauthorized();
}
UserModel user = getUser(accessCode);
@@ -152,7 +152,7 @@ public class RequiredActionsService {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.UPDATE_PASSWORD);
if (accessCode == null) {
logger.debug("updatePassword access code is null");
- return forwardToErrorPage();
+ return unauthorized();
}
logger.debug("updatePassword has access code");
@@ -196,7 +196,7 @@ public class RequiredActionsService {
AccessCodeEntry accessCode = tokenManager.getAccessCode(uriInfo.getQueryParameters().getFirst("key"));
if (accessCode == null || accessCode.isExpired()
|| !accessCode.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL)) {
- return forwardToErrorPage();
+ return unauthorized();
}
UserModel user = getUser(accessCode);
@@ -209,7 +209,7 @@ public class RequiredActionsService {
} else {
AccessCodeEntry accessCode = getAccessCodeEntry(RequiredAction.VERIFY_EMAIL);
if (accessCode == null) {
- return forwardToErrorPage();
+ return unauthorized();
}
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).setUser(accessCode.getUser())
@@ -224,7 +224,7 @@ public class RequiredActionsService {
AccessCodeEntry accessCode = tokenManager.getAccessCode(uriInfo.getQueryParameters().getFirst("key"));
if (accessCode == null || accessCode.isExpired()
|| !accessCode.getRequiredActions().contains(RequiredAction.UPDATE_PASSWORD)) {
- return forwardToErrorPage();
+ return unauthorized();
}
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).forwardToAction(RequiredAction.UPDATE_PASSWORD);
} else {
@@ -378,8 +378,8 @@ public class RequiredActionsService {
}
}
- private Response forwardToErrorPage() {
- return Flows.forms(realm, request, uriInfo).forwardToErrorPage();
+ private Response unauthorized() {
+ return Flows.forms(realm, request, uriInfo).setError("Unauthorized request").forwardToErrorPage();
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index b40e10e..a9cdb62 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -489,23 +489,17 @@ public class TokenService {
if (!realm.isEnabled()) {
logger.warn("Realm not enabled");
- oauth.forwardToSecurityFailure("Realm not enabled");
- return null;
+ return oauth.forwardToSecurityFailure("Realm not enabled");
}
UserModel client = realm.getUser(clientId);
if (client == null) {
logger.warn("Unknown login requester: " + clientId);
- oauth.forwardToSecurityFailure("Unknown login requester.");
- transaction.rollback();
- return null;
+ return oauth.forwardToSecurityFailure("Unknown login requester.");
}
if (!client.isEnabled()) {
logger.warn("Login requester not enabled.");
- oauth.forwardToSecurityFailure("Login requester not enabled.");
- transaction.rollback();
- session.close();
- return null;
+ return oauth.forwardToSecurityFailure("Login requester not enabled.");
}
redirect = verifyRedirectUri(redirect, client);
if (redirect == null) {
@@ -518,10 +512,7 @@ public class TokenService {
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
logger.warn("Login requester not allowed to request login.");
- oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
- transaction.rollback();
- session.close();
- return null;
+ return oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
}
logger.info("Checking cookie...");
UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
