keycloak-uncached
Merge pull request #4466 from sebastienblanc/KEYCLOAK-3473-3.3.x KEYCLOAK-3473 …
9/11/2017 7:48:52 PM
Changes
Details
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
index 5eed432..fd4544f 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
@@ -164,7 +164,12 @@ public class BearerTokenRequestAuthenticator {
OIDCAuthenticationError error = new OIDCAuthenticationError(reason, description);
facade.getRequest().setError(error);
facade.getResponse().addHeader("WWW-Authenticate", challenge);
- facade.getResponse().sendError(401);
+ if(deployment.isDelegateBearerErrorResponseSending()){
+ facade.getResponse().setStatus(401);
+ }
+ else {
+ facade.getResponse().sendError(401);
+ }
return true;
}
};
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
index d5761bc..707b882 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@@ -94,6 +94,8 @@ public class KeycloakDeployment {
protected Map<String, String> redirectRewriteRules;
+ protected boolean delegateBearerErrorResponseSending = false;
+
public KeycloakDeployment() {
}
@@ -456,6 +458,12 @@ public class KeycloakDeployment {
public void setRewriteRedirectRules(Map<String, String> redirectRewriteRules) {
this.redirectRewriteRules = redirectRewriteRules;
}
-
-
+
+ public boolean isDelegateBearerErrorResponseSending() {
+ return delegateBearerErrorResponseSending;
+ }
+
+ public void setDelegateBearerErrorResponseSending(boolean delegateBearerErrorResponseSending) {
+ this.delegateBearerErrorResponseSending = delegateBearerErrorResponseSending;
+ }
}
diff --git a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
index 7e235ae..2e9ef40 100644
--- a/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
+++ b/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java
@@ -134,6 +134,10 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati
HttpFacade facade = new SimpleHttpFacade(request, response);
KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
+
+ // using Spring authenticationFailureHandler
+ deployment.setDelegateBearerErrorResponseSending(true);
+
AdapterTokenStore tokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment, request);
RequestAuthenticator authenticator
= new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, -1);