keycloak-aplcache
Changes
distribution/modules/src/main/resources/modules/org/keycloak/keycloak-adapter-core/main/module.xml 1(+1 -0)
integration/adapter-core/pom.xml 6(+6 -0)
integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSession.java 84(+84 -0)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java 34(+31 -3)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java 6(+6 -0)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java 7(+5 -2)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakIdentityManager.java 20(+10 -10)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java 2(+1 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java 80(+24 -56)
Details
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
index 760d501..f1a4f49 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
@@ -592,6 +592,7 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
delete realmCopy["accessCodeLifespanUserActionUnit"];
realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit)
+ realmCopy.centralLoginLifespan = TimeUnit.toSeconds($scope.realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit)
realmCopy.refreshTokenLifespan = TimeUnit.toSeconds($scope.realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit)
realmCopy.accessCodeLifespan = TimeUnit.toSeconds($scope.realm.accessCodeLifespan, $scope.realm.accessCodeLifespanUnit)
realmCopy.accessCodeLifespanUserAction = TimeUnit.toSeconds($scope.realm.accessCodeLifespanUserAction, $scope.realm.accessCodeLifespanUserActionUnit)
diff --git a/core/src/main/java/org/keycloak/KeycloakAuthenticatedSession.java b/core/src/main/java/org/keycloak/KeycloakAuthenticatedSession.java
index 33c87d9..658e19a 100755
--- a/core/src/main/java/org/keycloak/KeycloakAuthenticatedSession.java
+++ b/core/src/main/java/org/keycloak/KeycloakAuthenticatedSession.java
@@ -35,4 +35,7 @@ public class KeycloakAuthenticatedSession implements Serializable {
return metadata;
}
+ public void setMetadata(ResourceMetadata metadata) {
+ this.metadata = metadata;
+ }
}
diff --git a/core/src/main/java/org/keycloak/KeycloakPrincipal.java b/core/src/main/java/org/keycloak/KeycloakPrincipal.java
index 07a9322..e4aab9c 100755
--- a/core/src/main/java/org/keycloak/KeycloakPrincipal.java
+++ b/core/src/main/java/org/keycloak/KeycloakPrincipal.java
@@ -1,12 +1,13 @@
package org.keycloak;
+import java.io.Serializable;
import java.security.Principal;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class KeycloakPrincipal implements Principal {
+public class KeycloakPrincipal implements Principal, Serializable {
protected String name;
protected String surrogate;
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-adapter-core/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-adapter-core/main/module.xml
index 0aa0a29..5323ea3 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-adapter-core/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-adapter-core/main/module.xml
@@ -32,6 +32,7 @@
<module name="org.codehaus.jackson.jackson-mapper-asl"/>
<module name="org.codehaus.jackson.jackson-xc"/>
<module name="org.apache.httpcomponents" />
+ <module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-core"/>
</dependencies>
integration/adapter-core/pom.xml 6(+6 -0)
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index be1e49a..ae0fc81 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -14,6 +14,12 @@
<dependencies>
<dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging</artifactId>
+ <version>3.1.2.GA</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>${project.version}</version>
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSession.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSession.java
new file mode 100755
index 0000000..8716e0e
--- /dev/null
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSession.java
@@ -0,0 +1,84 @@
+package org.keycloak.adapters;
+
+import org.keycloak.KeycloakAuthenticatedSession;
+import org.keycloak.RSATokenVerifier;
+import org.keycloak.VerificationException;
+import org.keycloak.adapters.config.RealmConfiguration;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.AccessTokenResponse;
+import org.jboss.logging.Logger;
+
+import java.io.IOException;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RefreshableKeycloakSession extends KeycloakAuthenticatedSession {
+
+ protected static Logger log = Logger.getLogger(RefreshableKeycloakSession.class);
+
+ protected transient RealmConfiguration realmConfiguration;
+ protected String refreshToken;
+
+ public RefreshableKeycloakSession() {
+ }
+
+ public RefreshableKeycloakSession(String tokenString, AccessToken token, ResourceMetadata metadata, RealmConfiguration realmConfiguration, String refreshToken) {
+ super(tokenString, token, metadata);
+ this.realmConfiguration = realmConfiguration;
+ this.refreshToken = refreshToken;
+ }
+
+ @Override
+ public AccessToken getToken() {
+ refreshExpiredToken();
+ return super.getToken();
+ }
+
+ @Override
+ public String getTokenString() {
+ refreshExpiredToken();
+ return super.getTokenString();
+ }
+
+ public boolean isActive() {
+ return this.token.isActive();
+ }
+
+ public void setRealmConfiguration(RealmConfiguration realmConfiguration) {
+ this.realmConfiguration = realmConfiguration;
+ }
+
+ public void refreshExpiredToken() {
+ if (this.token.isActive()) return;
+ if (this.realmConfiguration == null || refreshToken == null) return; // Might be serialized in HttpSession?
+
+ log.info("Doing refresh");
+ AccessTokenResponse response = null;
+ try {
+ response = TokenGrantRequest.invokeRefresh(realmConfiguration, refreshToken);
+ } catch (IOException e) {
+ log.error("Refresh token failure", e);
+ return;
+ } catch (TokenGrantRequest.HttpFailure httpFailure) {
+ log.error("Refresh token failure status: " + httpFailure.getStatus() + " " + httpFailure.getError());
+ return;
+ }
+ log.info("received refresh response");
+ String tokenString = response.getToken();
+ AccessToken token = null;
+ try {
+ token = RSATokenVerifier.verifyToken(tokenString, realmConfiguration.getMetadata().getRealmKey(), realmConfiguration.getMetadata().getRealm());
+ log.info("Token Verification succeeded!");
+ } catch (VerificationException e) {
+ log.error("failed verification of token");
+ }
+ this.token = token;
+ this.refreshToken = response.getRefreshToken();
+ this.tokenString = tokenString;
+
+ }
+
+
+}
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
index ced0ea2..430b3bd 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
@@ -16,6 +16,7 @@ import org.jboss.logging.Logger;
import org.keycloak.KeycloakAuthenticatedSession;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.AdapterConstants;
+import org.keycloak.adapters.RefreshableKeycloakSession;
import org.keycloak.adapters.ResourceMetadata;
import org.keycloak.adapters.as7.config.CatalinaAdapterConfigLoader;
import org.keycloak.representations.AccessToken;
@@ -92,6 +93,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
remoteLogout(input, response);
return;
}
+ checkKeycloakSession(request);
super.invoke(request, response);
} finally {
}
@@ -184,13 +186,39 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
return false;
}
+ /**
+ * Checks that access token is still valid. Will attempt refresh of token if it is not.
+ *
+ * @param request
+ */
+ protected void checkKeycloakSession(Request request) {
+ if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
+ RefreshableKeycloakSession session = (RefreshableKeycloakSession)request.getSessionInternal().getNote(KeycloakAuthenticatedSession.class.getName());
+ if (session == null) return;
+ // just in case session got serialized
+ session.setRealmConfiguration(realmConfiguration);
+ session.setMetadata(resourceMetadata);
+ if (session.isActive()) return;
+
+ // FYI: A refresh requires same scope, so same roles will be set. Otherwise, refresh will fail and token will
+ // not be updated
+ session.refreshExpiredToken();
+ if (session.isActive()) return;
+
+ request.getSessionInternal().removeNote(KeycloakAuthenticatedSession.class.getName());
+ request.setUserPrincipal(null);
+ request.setAuthType(null);
+ request.getSessionInternal().setPrincipal(null);
+ request.getSessionInternal().setAuthType(null);
+ }
+
protected boolean checkLoggedIn(Request request, HttpServletResponse response) {
- if (request.getSessionInternal() == null || request.getSessionInternal().getPrincipal() == null)
+ if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null)
return false;
log.debug("remote logged in already");
GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal();
request.setUserPrincipal(principal);
- request.setAuthType("OAUTH");
+ request.setAuthType("KEYCLOAK");
Session session = request.getSessionInternal();
if (session != null) {
KeycloakAuthenticatedSession skSession = (KeycloakAuthenticatedSession) session.getNote(KeycloakAuthenticatedSession.class.getName());
@@ -234,7 +262,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
Session session = request.getSessionInternal(true);
session.setPrincipal(principal);
session.setAuthType("OAUTH");
- KeycloakAuthenticatedSession skSession = new KeycloakAuthenticatedSession(oauth.getTokenString(), token, realmConfiguration.getMetadata());
+ KeycloakAuthenticatedSession skSession = new RefreshableKeycloakSession(oauth.getTokenString(), oauth.getToken(), resourceMetadata, realmConfiguration, oauth.getRefreshToken());
session.setNote(KeycloakAuthenticatedSession.class.getName(), skSession);
String username = token.getSubject();
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
index 2f9ca07..35cb609 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
@@ -29,6 +29,7 @@ public class ServletOAuthLogin {
protected int redirectPort;
protected String tokenString;
protected AccessToken token;
+ protected String refreshToken;
public ServletOAuthLogin(RealmConfiguration realmInfo, HttpServletRequest request, HttpServletResponse response, int redirectPort) {
this.request = request;
@@ -45,6 +46,10 @@ public class ServletOAuthLogin {
return token;
}
+ public String getRefreshToken() {
+ return refreshToken;
+ }
+
public RealmConfiguration getRealmInfo() {
return realmInfo;
}
@@ -249,6 +254,7 @@ public class ServletOAuthLogin {
sendError(HttpServletResponse.SC_FORBIDDEN);
return false;
}
+ refreshToken = tokenResponse.getRefreshToken();
// redirect to URL without oauth query parameters
sendRedirect(redirectUri);
return true;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
index 33fd421..5b9ef86 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
@@ -8,6 +8,7 @@ import io.undertow.util.AttachmentKey;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakAuthenticatedSession;
import org.keycloak.KeycloakPrincipal;
+import org.keycloak.adapters.RefreshableKeycloakSession;
import org.keycloak.adapters.config.RealmConfiguration;
import org.keycloak.adapters.ResourceMetadata;
import org.keycloak.representations.AccessToken;
@@ -93,7 +94,8 @@ public class KeycloakAuthenticationMechanism implements AuthenticationMechanism
protected void completeAuthentication(HttpServerExchange exchange, SecurityContext securityContext, OAuthAuthenticator oauth) {
final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), null);
- KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal, oauth.getToken(), oauth.getTokenString(), oauth.getRefreshToken(), realmConfig, resourceMetadata, adapterConfig);
+ RefreshableKeycloakSession session = new RefreshableKeycloakSession(oauth.getTokenString(), oauth.getToken(), resourceMetadata, realmConfig, oauth.getRefreshToken());
+ KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal, session, adapterConfig, resourceMetadata);
securityContext.authenticationComplete(account, "KEYCLOAK", true);
login(exchange, account);
}
@@ -105,7 +107,8 @@ public class KeycloakAuthenticationMechanism implements AuthenticationMechanism
protected void completeAuthentication(SecurityContext securityContext, BearerTokenAuthenticator bearer) {
final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), bearer.getSurrogate());
- KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal, bearer.getToken(), bearer.getTokenString(), null, realmConfig, resourceMetadata, adapterConfig);
+ RefreshableKeycloakSession session = new RefreshableKeycloakSession(bearer.getTokenString(), bearer.getToken(), resourceMetadata, realmConfig, null);
+ KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal, session, adapterConfig, resourceMetadata);
securityContext.authenticationComplete(account, "KEYCLOAK", false);
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakIdentityManager.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakIdentityManager.java
index 00d4a8f..34406da 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakIdentityManager.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakIdentityManager.java
@@ -23,29 +23,29 @@ import java.io.IOException;
*/
class KeycloakIdentityManager implements IdentityManager {
protected static Logger log = Logger.getLogger(KeycloakIdentityManager.class);
+ protected AdapterConfig adapterConfig;
+ protected RealmConfiguration realmConfiguration;
+
+ KeycloakIdentityManager(AdapterConfig adapterConfig, RealmConfiguration realmConfiguration) {
+ this.adapterConfig = adapterConfig;
+ this.realmConfiguration = realmConfiguration;
+ }
@Override
public Account verify(Account account) {
log.info("Verifying account in IdentityManager");
KeycloakUndertowAccount keycloakAccount = (KeycloakUndertowAccount)account;
- if (keycloakAccount.getAccessToken().isActive()) {
- log.info("account is still active. Time left: " + (keycloakAccount.getAccessToken().getExpiration() - (System.currentTimeMillis()/1000)) );
- return account;
- }
- keycloakAccount.refreshExpiredToken();
- if (!keycloakAccount.getAccessToken().isActive()) return null;
+ if (!keycloakAccount.isActive(realmConfiguration, adapterConfig)) return null;
return account;
}
@Override
public Account verify(String id, Credential credential) {
- KeycloakServletExtension.log.warn("Shouldn't call verify!!!");
- throw new IllegalStateException("Not allowed");
+ throw new IllegalStateException("Unsupported verify method");
}
@Override
public Account verify(Credential credential) {
- KeycloakServletExtension.log.warn("Shouldn't call verify!!!");
- throw new IllegalStateException("Not allowed");
+ throw new IllegalStateException("Unsupported verify method");
}
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
index c7948ee..02aff6c 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java
@@ -95,7 +95,7 @@ public class KeycloakServletExtension implements ServletExtension {
deploymentInfo.addInnerHandlerChainWrapper(ServletPropagateSessionHandler.WRAPPER); // propagates SkeletonKeySession
deploymentInfo.addInnerHandlerChainWrapper(actions); // handles authenticated actions and cors.
- deploymentInfo.setIdentityManager(new KeycloakIdentityManager());
+ deploymentInfo.setIdentityManager(new KeycloakIdentityManager(keycloakConfig, realmConfiguration));
log.info("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
ServletSessionConfig cookieConfig = new ServletSessionConfig();
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
index dd2b174..8f02689 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakUndertowAccount.java
@@ -3,16 +3,13 @@ package org.keycloak.adapters.undertow;
import io.undertow.security.idm.Account;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
-import org.keycloak.RSATokenVerifier;
-import org.keycloak.VerificationException;
+import org.keycloak.adapters.RefreshableKeycloakSession;
import org.keycloak.adapters.ResourceMetadata;
-import org.keycloak.adapters.TokenGrantRequest;
import org.keycloak.adapters.config.RealmConfiguration;
import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.config.AdapterConfig;
-import java.io.IOException;
+import java.io.Serializable;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
@@ -21,30 +18,19 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class KeycloakUndertowAccount implements Account {
+public class KeycloakUndertowAccount implements Account, Serializable {
protected static Logger log = Logger.getLogger(KeycloakUndertowAccount.class);
- protected AccessToken accessToken;
- protected String encodedAccessToken;
- protected String refreshToken;
+ protected RefreshableKeycloakSession session;
protected KeycloakPrincipal principal;
protected Set<String> accountRoles;
- protected RealmConfiguration realmConfiguration;
- protected ResourceMetadata resourceMetadata;
- protected AdapterConfig adapterConfig;
- public KeycloakUndertowAccount(KeycloakPrincipal principal, AccessToken accessToken, String encodedAccessToken, String refreshToken,
- RealmConfiguration realmConfiguration, ResourceMetadata resourceMetadata, AdapterConfig adapterConfig) {
+ public KeycloakUndertowAccount(KeycloakPrincipal principal, RefreshableKeycloakSession session, AdapterConfig config, ResourceMetadata metadata) {
this.principal = principal;
- this.accessToken = accessToken;
- this.encodedAccessToken = encodedAccessToken;
- this.refreshToken = refreshToken;
- this.realmConfiguration = realmConfiguration;
- this.resourceMetadata = resourceMetadata;
- this.adapterConfig = adapterConfig;
- setRoles(accessToken);
+ this.session = session;
+ setRoles(session.getToken(), config, metadata);
}
- protected void setRoles(AccessToken accessToken) {
+ protected void setRoles(AccessToken accessToken, AdapterConfig adapterConfig, ResourceMetadata resourceMetadata) {
Set<String> roles = null;
if (adapterConfig.isUseResourceRoleMappings()) {
AccessToken.Access access = accessToken.getResourceAccess(resourceMetadata.getResourceName());
@@ -68,48 +54,30 @@ public class KeycloakUndertowAccount implements Account {
}
public AccessToken getAccessToken() {
- return accessToken;
+ return session.getToken();
}
public String getEncodedAccessToken() {
- return encodedAccessToken;
+ return session.getTokenString();
}
- public String getRefreshToken() {
- return refreshToken;
+ public RefreshableKeycloakSession getSession() {
+ return session;
}
- public ResourceMetadata getResourceMetadata() {
- return resourceMetadata;
- }
+ public boolean isActive(RealmConfiguration realmConfiguration, AdapterConfig config) {
+ // this object may have been serialized, so we need to reset realm config/metadata
+ session.setRealmConfiguration(realmConfiguration);
+ session.setMetadata(realmConfiguration.getMetadata());
+ if (session.isActive()) return true;
- public void refreshExpiredToken() {
- if (accessToken.isActive()) return;
-
- log.info("Doing refresh");
- AccessTokenResponse response = null;
- try {
- response = TokenGrantRequest.invokeRefresh(realmConfiguration, getRefreshToken());
- } catch (IOException e) {
- log.error("Refresh token failure", e);
- return;
- } catch (TokenGrantRequest.HttpFailure httpFailure) {
- log.error("Refresh token failure status: " + httpFailure.getStatus() + " " + httpFailure.getError());
- return;
- }
- log.info("received refresh response");
- String tokenString = response.getToken();
- AccessToken token = null;
- try {
- token = RSATokenVerifier.verifyToken(tokenString, realmConfiguration.getMetadata().getRealmKey(), realmConfiguration.getMetadata().getRealm());
- log.info("Token Verification succeeded!");
- } catch (VerificationException e) {
- log.error("failed verification of token");
- }
- this.accessToken = token;
- this.refreshToken = response.getRefreshToken();
- this.encodedAccessToken = tokenString;
- setRoles(this.accessToken);
+ session.refreshExpiredToken();
+ if (!session.isActive()) return false;
+ setRoles(session.getToken(), config, realmConfiguration.getMetadata());
+ return true;
}
+
+
+
}
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPropagateSessionHandler.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPropagateSessionHandler.java
index 9baa829..efd5662 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPropagateSessionHandler.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletPropagateSessionHandler.java
@@ -40,12 +40,10 @@ public class ServletPropagateSessionHandler implements HttpHandler {
next.handleRequest(exchange);
return;
}
- UndertowKeycloakSession skSession = new UndertowKeycloakSession(account);
-
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest();
- req.setAttribute(KeycloakAuthenticatedSession.class.getName(), skSession);
+ req.setAttribute(KeycloakAuthenticatedSession.class.getName(), account.getSession());
HttpSession session = req.getSession(false);
if (session == null) {
@@ -53,7 +51,7 @@ public class ServletPropagateSessionHandler implements HttpHandler {
return;
}
log.debug("propagating to HTTP Session");
- session.setAttribute(KeycloakAuthenticatedSession.class.getName(), skSession);
+ session.setAttribute(KeycloakAuthenticatedSession.class.getName(), account.getSession());
next.handleRequest(exchange);
}
}