keycloak-uncached
Changes
adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java 16(+11 -5)
Details
diff --git a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
index 70a67de..e28500b 100755
--- a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
+++ b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
@@ -19,12 +19,12 @@ package org.keycloak.adapters.servlet;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore;
-import org.keycloak.adapters.spi.HttpFacade;
-import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
+import org.keycloak.adapters.spi.HttpFacade;
+import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.spi.SessionIdMapper;
import javax.servlet.http.HttpServletRequest;
@@ -51,10 +51,16 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
}
public HttpServletRequestWrapper buildWrapper() {
- HttpSession session = request.getSession();
- KeycloakAccount account = (KeycloakAccount)session.getAttribute(KeycloakAccount.class.getName());
+ HttpSession session = request.getSession(false);
+ KeycloakAccount account = null;
+ if (session != null) {
+ account = (KeycloakAccount) session.getAttribute(KeycloakAccount.class.getName());
+ if (account == null) {
+ account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName());
+ }
+ }
if (account == null) {
- account = (KeycloakAccount)request.getAttribute(KeycloakAccount.class.getName());
+ account = (KeycloakAccount) request.getAttribute(KeycloakAccount.class.getName());
}
return buildWrapper(session, account);
}
diff --git a/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java b/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java
index 6a17c8e..5d1eb51 100755
--- a/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java
+++ b/adapters/spi/servlet-adapter-spi/src/main/java/org/keycloak/adapters/servlet/FilterSessionStore.java
@@ -305,6 +305,7 @@ public class FilterSessionStore implements AdapterSessionStore {
@Override
public Principal getUserPrincipal() {
+ if (account == null) return null;
return account.getPrincipal();
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java
index fda4ad5..ddf097e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java
@@ -36,6 +36,9 @@ public class CustomerDatabaseServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ // test that bearer token auth never has an HTTP session created
+ Assert.assertNull(req.getSession(false));
+
resp.setContentType("text/html");
PrintWriter pw = resp.getWriter();
Principal principal = req.getUserPrincipal();