Details
diff --git a/forms/src/main/java/org/keycloak/forms/TemplateBean.java b/forms/src/main/java/org/keycloak/forms/TemplateBean.java
old mode 100644
new mode 100755
index bb19d2c..468f796
--- a/forms/src/main/java/org/keycloak/forms/TemplateBean.java
+++ b/forms/src/main/java/org/keycloak/forms/TemplateBean.java
@@ -40,7 +40,7 @@ public class TemplateBean {
private String formsPath;
- public TemplateBean(RealmBean realm, String contextPath) {
+ public TemplateBean(String contextPath) {
formsPath = contextPath + "/forms";
// TODO Get theme name from realm
diff --git a/forms/src/main/java/org/keycloak/service/FormServiceImpl.java b/forms/src/main/java/org/keycloak/service/FormServiceImpl.java
index 128bb97..83b0f12 100755
--- a/forms/src/main/java/org/keycloak/service/FormServiceImpl.java
+++ b/forms/src/main/java/org/keycloak/service/FormServiceImpl.java
@@ -90,8 +90,7 @@ public class FormServiceImpl implements FormService {
attributes.put("message", new MessageBean(dataBean.getMessage(), dataBean.getMessageType(), rb));
}
- RealmBean realm = new RealmBean(dataBean.getRealm());
- attributes.put("template", new TemplateBean(realm, dataBean.getContextPath()));
+ attributes.put("template", new TemplateBean(dataBean.getContextPath()));
if (commandMap.containsKey(pageId)){
commandMap.get(pageId).exec(attributes, dataBean);
diff --git a/services/src/main/java/org/keycloak/services/FormService.java b/services/src/main/java/org/keycloak/services/FormService.java
index 7462900..8959372 100755
--- a/services/src/main/java/org/keycloak/services/FormService.java
+++ b/services/src/main/java/org/keycloak/services/FormService.java
@@ -85,11 +85,13 @@ public interface FormService {
this.message = message;
socialProviders = new LinkedList<SocialProvider>();
- Map<String, String> socialConfig = realm.getSocialConfig();
- if (socialConfig != null) {
- for (SocialProvider p : SocialLoader.load()) {
- if (socialConfig.containsKey(p.getId() + ".key") && socialConfig.containsKey(p.getId() + ".secret")) {
- socialProviders.add(p);
+ if (realm != null) {
+ Map<String, String> socialConfig = realm.getSocialConfig();
+ if (socialConfig != null) {
+ for (SocialProvider p : SocialLoader.load()) {
+ if (socialConfig.containsKey(p.getId() + ".key") && socialConfig.containsKey(p.getId() + ".secret")) {
+ socialProviders.add(p);
+ }
}
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
index 849ec02..52b372a 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
@@ -24,6 +24,7 @@ import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.TokenService;
import org.keycloak.services.resources.flows.Flows;
import org.keycloak.services.resources.flows.OAuthFlows;
+import org.keycloak.util.KeycloakUriBuilder;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
@@ -219,6 +220,22 @@ public class AdminService {
return oauth.redirect(uriInfo, redirectUri.toString(), path);
}
+ @Path("login-error")
+ @GET
+ @NoCache
+ public Response errorOnLoginRedirect(@QueryParam ("error") String message) {
+ RealmManager realmManager = new RealmManager(session);
+ RealmModel realm = getAdminstrationRealm(realmManager);
+ return Flows.forms(realm, request, uriInfo).setError(message).forwardToErrorPage();
+ }
+
+ protected Response redirectOnLoginError(String message) {
+ URI uri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "errorOnLoginRedirect").queryParam("error", message).build();
+ URI logout = TokenService.logoutUrl(uriInfo).queryParam("redirect_uri", uri.toString()).build(Constants.ADMIN_REALM);
+ return Response.status(302).location(logout).build();
+
+ }
+
@Path("login-redirect")
@GET
@NoCache
@@ -232,28 +249,28 @@ public class AdminService {
logger.info("loginRedirect ********************** <---");
if (error != null) {
logger.debug("error from oauth");
- throw new ForbiddenException("error");
+ return redirectOnLoginError(error);
}
RealmManager realmManager = new RealmManager(session);
RealmModel realm = getAdminstrationRealm(realmManager);
if (!realm.isEnabled()) {
logger.debug("realm not enabled");
- throw new ForbiddenException();
+ return redirectOnLoginError("realm not enabled");
}
ApplicationModel adminConsole = realm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
UserModel adminConsoleUser = adminConsole.getApplicationUser();
if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) {
logger.debug("admin app not enabled");
- throw new ForbiddenException();
+ return redirectOnLoginError("admin app not enabled");
}
if (code == null) {
logger.debug("code not specified");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
if (state == null) {
logger.debug("state not specified");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
@@ -266,34 +283,34 @@ public class AdminService {
}
if (!verifiedCode) {
logger.debug("unverified access code");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
String key = input.readContentAsString();
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
logger.debug("bad access code");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
if (accessCode.isExpired()) {
logger.debug("access code expired");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
if (!accessCode.getToken().isActive()) {
logger.debug("access token expired");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
if (!accessCode.getRealm().getId().equals(realm.getId())) {
logger.debug("bad realm");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
if (!adminConsoleUser.getLoginName().equals(accessCode.getClient().getLoginName())) {
logger.debug("bad client");
- throw new BadRequestException();
+ return redirectOnLoginError("invalid login data");
}
if (!adminConsole.hasRole(accessCode.getUser(), Constants.ADMIN_CONSOLE_ADMIN_ROLE)) {
logger.debug("not allowed");
- throw new ForbiddenException();
+ return redirectOnLoginError("No permission to access console");
}
logger.debug("loginRedirect SUCCESS");
NewCookie cookie = authManager.createSaasIdentityCookie(realm, accessCode.getUser(), uriInfo);
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 6871b9f..15beb20 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -117,6 +117,10 @@ public class TokenService {
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "loginPage");
}
+ public static UriBuilder logoutUrl(UriInfo uriInfo) {
+ return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "logout");
+ }
+
public static UriBuilder processLoginUrl(UriInfo uriInfo) {
return tokenServiceBaseUrl(uriInfo).path(TokenService.class, "processLogin");
}
