keycloak-uncached
Changes
integration/tomcat7/adapter/pom.xml 2(+1 -1)
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java 13(+7 -6)
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java 3(+2 -1)
Details
integration/tomcat7/adapter/pom.xml 2(+1 -1)
diff --git a/integration/tomcat7/adapter/pom.xml b/integration/tomcat7/adapter/pom.xml
index d67d9aa..b8f59cf 100755
--- a/integration/tomcat7/adapter/pom.xml
+++ b/integration/tomcat7/adapter/pom.xml
@@ -63,7 +63,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
- <version>7.0.52</version>
+ <version>7.0.54</version>
<scope>provided</scope>
</dependency>
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
old mode 100755
new mode 100644
index 57ccea7..6feec2c
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
@@ -1,5 +1,11 @@
package org.keycloak.adapters.tomcat7;
+import java.io.IOException;
+import java.util.logging.Logger;
+
+import javax.management.ObjectName;
+import javax.servlet.ServletException;
+
import org.apache.catalina.Container;
import org.apache.catalina.Valve;
import org.apache.catalina.connector.Request;
@@ -9,11 +15,6 @@ import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthenticatedActionsHandler;
import org.keycloak.adapters.KeycloakDeployment;
-import javax.management.ObjectName;
-import javax.servlet.ServletException;
-import java.io.IOException;
-import java.util.logging.Logger;
-
/**
* Pre-installed actions that must be authenticated
* <p/>
@@ -53,4 +54,4 @@ public class AuthenticatedActionsValve extends ValveBase {
}
-}
+}
\ No newline at end of file
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
index 68015ca..4738443 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
@@ -54,7 +54,8 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
@Override
protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
- Set<String> roles = getRolesFromToken(securityContext);
+ request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
+ Set<String> roles = getRolesFromToken(securityContext);
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
Session session = request.getSessionInternal(true);
session.setPrincipal(principal);
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java
index a4dcd4e..aa42c32 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java
@@ -59,6 +59,17 @@ public class CatalinaSecurityContextHelper {
subjectGroup.addMember(role);
}
}
+
+ // add the CallerPrincipal group if none has been added in getRoleSets
+// Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
+// callerGroup.addMember(identity);
+// principals.add(callerGroup);
+// SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+// Principal userPrincipal = getPrincipal(subject);
+// sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
+// List<String> rolesAsStringList = new ArrayList<String>();
+// rolesAsStringList.addAll(roleSet);
+//
Principal userPrincipal = getPrincipal(subject);
List<String> rolesAsStringList = new ArrayList<String>();
rolesAsStringList.addAll(roleSet);
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
index 95af3dc..2fd8be4 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
@@ -5,6 +5,7 @@ import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Session;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -20,6 +21,7 @@ import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.PreAuthActionsHandler;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
+import org.keycloak.adapters.ServerRequest;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
@@ -32,11 +34,10 @@ import java.io.InputStream;
import java.util.logging.Logger;
/**
- * Web deployment whose security is managed by a remote OAuth Skeleton Key
- * authentication server
+ * Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server
* <p/>
- * Redirects browser to remote authentication server if not logged in. Also
- * allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.
+ * Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests
+ * that contain a Skeleton Key bearer tokens.
*
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
* @version $Revision: 1 $
@@ -48,14 +49,34 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
@Override
public void lifecycleEvent(LifecycleEvent event) {
- if (event.getType() == Lifecycle.START_EVENT) {
+ if (Lifecycle.START_EVENT.equals(event.getType())) {
try {
startDeployment();
} catch (LifecycleException e) {
- e.printStackTrace();
+ log.severe("Error starting deployment. " + e.getMessage());
}
+ } else if (Lifecycle.AFTER_START_EVENT.equals(event.getType())) {
+ initInternal();
}
}
+
+ @Override
+ public void logout(Request request) throws ServletException {
+ KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
+ if (ksc != null) {
+ request.removeAttribute(KeycloakSecurityContext.class.getName());
+ Session session = request.getSessionInternal(false);
+ if (session != null) {
+ session.removeNote(KeycloakSecurityContext.class.getName());
+ try {
+ ServerRequest.invokeLogout(deploymentContext.getDeployment(), ksc.getToken().getSessionState());
+ } catch (Exception e) {
+ log.severe("failed to invoke remote logout. " + e.getMessage());
+ }
+ }
+ }
+ super.logout(request);
+ }
public void startDeployment() throws LifecycleException {
super.start();
@@ -151,7 +172,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
* @param request
*/
protected void checkKeycloakSession(Request request, HttpFacade facade) {
- if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
+ if (request.getSessionInternal(false) == null || request.getPrincipal() == null) return;
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
if (session == null) return;
// just in case session got serialized