keycloak-uncached
Changes
integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java 3(+2 -1)
Details
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
index 27a003d..8b7bac5 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
@@ -54,7 +54,8 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
@Override
protected void completeOAuthAuthentication(KeycloakPrincipal skp, RefreshableKeycloakSecurityContext securityContext) {
- Set<String> roles = getRolesFromToken(securityContext);
+ request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
+ Set<String> roles = getRolesFromToken(securityContext);
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
Session session = request.getSessionInternal(true);
session.setPrincipal(principal);
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java
index b4e9a59..d79bab6 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaSecurityContextHelper.java
@@ -60,6 +60,17 @@ public class CatalinaSecurityContextHelper {
subjectGroup.addMember(role);
}
}
+
+ // add the CallerPrincipal group if none has been added in getRoleSets
+// Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
+// callerGroup.addMember(identity);
+// principals.add(callerGroup);
+// SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+// Principal userPrincipal = getPrincipal(subject);
+// sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
+// List<String> rolesAsStringList = new ArrayList<String>();
+// rolesAsStringList.addAll(roleSet);
+//
Principal userPrincipal = getPrincipal(subject);
List<String> rolesAsStringList = new ArrayList<String>();
rolesAsStringList.addAll(roleSet);
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
index 5ce3050..21e08db 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
@@ -16,6 +16,7 @@ import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Session;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -31,13 +32,13 @@ import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.PreAuthActionsHandler;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
+import org.keycloak.adapters.ServerRequest;
/**
- * Web deployment whose security is managed by a remote OAuth Skeleton Key
- * authentication server
+ * Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server
* <p/>
- * Redirects browser to remote authentication server if not logged in. Also
- * allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.
+ * Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests
+ * that contain a Skeleton Key bearer tokens.
*
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
* @version $Revision: 1 $
@@ -53,9 +54,29 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
try {
startDeployment();
} catch (LifecycleException e) {
- e.printStackTrace();
+ log.severe("Error starting deployment. " + e.getMessage());
}
}
+
+ if (event.getType() == Lifecycle.AFTER_START_EVENT) initInternal();
+ }
+
+ @Override
+ public void logout(Request request) throws ServletException {
+ KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
+ if (ksc != null) {
+ request.removeAttribute(KeycloakSecurityContext.class.getName());
+ Session session = request.getSessionInternal(false);
+ if (session != null) {
+ session.removeNote(KeycloakSecurityContext.class.getName());
+ try {
+ ServerRequest.invokeLogout(deploymentContext.getDeployment(), ksc.getToken().getSessionState());
+ } catch (Exception e) {
+ log.severe("failed to invoke remote logout. " + e.getMessage());
+ }
+ }
+ }
+ super.logout(request);
}
public void startDeployment() throws LifecycleException {
@@ -152,7 +173,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
* @param request
*/
protected void checkKeycloakSession(Request request, HttpFacade facade) {
- if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
+ if (request.getSessionInternal(false) == null || request.getPrincipal() == null) return;
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
if (session == null) return;
// just in case session got serialized