Package org.keycloak.adapters

Examples of org.keycloak.adapters.RefreshableKeycloakSecurityContext

69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
    }

    // Check if accessToken is active and try to refresh if it's not
    public boolean checkActive() {
        // this object may have been serialized, so we need to reset realm config/metadata
        RefreshableKeycloakSecurityContext session = getKeycloakSecurityContext();
        if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) {
            log.debug("session is active");
            return true;
        }

        log.debug("session is not active or refresh is enforced. Try refresh");
        boolean success = session.refreshExpiredToken(false);
        if (!success || !session.isActive()) {
            log.debug("session is not active return with failure");

            return false;
        }
        log.debug("refresh succeeded");
View Full Code Here
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
    @Override
    public boolean isCached(RequestAuthenticator authenticator) {
        // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request
        if (authenticatedPrincipal != null) {
            log.fine("remote logged in already. Establish state from cookie");
            RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext();

            if (!securityContext.getRealm().equals(deployment.getRealm())) {
                log.fine("Account from cookie is from a different realm than for the request.");
                return false;
            }

            securityContext.setCurrentRequestInfo(deployment, this);
            Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
            GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles, securityContext);

            request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
            request.setUserPrincipal(principal);
View Full Code Here
66
67
68
69
70
71
72
73
        }
    }

    @Override
    public void saveAccountInfo(KeycloakAccount account) {
        RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext();
        CookieTokenStore.setTokenCookie(deployment, facade, securityContext);
    }
View Full Code Here
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
        if (principal == null) {
            log.fine("Account was not in cookie or was invalid");
            return null;
        }

        RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext();

        if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal;
        boolean success = session.refreshExpiredToken(false);
        if (success && session.isActive()) return principal;

        log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh");
        request.setUserPrincipal(null);
        request.setAuthType(null);
        CookieTokenStore.removeCookie(facade);
View Full Code Here
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
    }

    @Override
    public void checkCurrentToken() {
        if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
        RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
        if (session == null) return;

        // just in case session got serialized
        if (session.getDeployment() == null) session.setCurrentRequestInfo(deployment, this);

        if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return;

        // FYI: A refresh requires same scope, so same roles will be set.  Otherwise, refresh will fail and token will
        // not be updated
        boolean success = session.refreshExpiredToken(false);
        if (success && session.isActive()) return;

        // Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
        Session catalinaSession = request.getSessionInternal();
        log.fine("Cleanup and expire session " + catalinaSession.getId() + " after failed refresh");
        catalinaSession.removeNote(KeycloakSecurityContext.class.getName());
View Full Code Here
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
    public boolean isCached(RequestAuthenticator authenticator) {
        if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null)
            return false;
        log.fine("remote logged in already. Establish state from session");

        RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
        if (securityContext != null) {

            if (!deployment.getRealm().equals(securityContext.getRealm())) {
                log.fine("Account from cookie is from a different realm than for the request.");
                return false;
            }

            securityContext.setCurrentRequestInfo(deployment, this);
            request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
        }

        GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal();
        request.setUserPrincipal(principal);
View Full Code Here
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
        return true;
    }

    @Override
    public void saveAccountInfo(KeycloakAccount account) {
        RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext();
        Set<String> roles = account.getRoles();
        GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles, securityContext);

        Session session = request.getSessionInternal(true);
        session.setPrincipal(principal);
        session.setAuthType("OAUTH");
        session.setNote(KeycloakSecurityContext.class.getName(), securityContext);
        String username = securityContext.getToken().getSubject();
        log.fine("userSessionManagement.login: " + username);
        this.sessionManagement.login(session);
    }
View Full Code Here
56
57
58
59
60
61
62
63
64
65
66
        };
    }

    @Override
    protected void completeOAuthAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> skp) {
        final RefreshableKeycloakSecurityContext securityContext = skp.getKeycloakSecurityContext();
        final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
        KeycloakAccount account = new KeycloakAccount() {

            @Override
            public Principal getPrincipal() {
View Full Code Here
83
84
85
86
87
88
89
90
91
92
93
        this.tokenStore.saveAccountInfo(account);
    }

    @Override
    protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) {
        RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
        Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
        if (log.isLoggable(Level.FINE)) {
            log.fine("Completing bearer authentication. Bearer roles: " + roles);
        }
        Principal generalPrincipal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), principal, roles, securityContext);
View Full Code Here
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
    }

    @Override
    public void checkCurrentToken() {
        if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
        RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
        if (session == null) return;

        // just in case session got serialized
        if (session.getDeployment() == null) session.setCurrentRequestInfo(deployment, this);

        if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return;

        // FYI: A refresh requires same scope, so same roles will be set.  Otherwise, refresh will fail and token will
        // not be updated
        boolean success = session.refreshExpiredToken(false);
        if (success && session.isActive()) return;

        // Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
        Session catalinaSession = request.getSessionInternal();
        log.debugf("Cleanup and expire session %s after failed refresh", catalinaSession.getId());
        catalinaSession.removeNote(KeycloakSecurityContext.class.getName());
View Full Code Here
TOP

Related Classes of org.keycloak.adapters.RefreshableKeycloakSecurityContext

  • org.keycloak.adapters.as7.CatalinaCookieTokenStore
  • org.keycloak.adapters.as7.CatalinaRequestAuthenticator
  • org.keycloak.adapters.as7.CatalinaSessionTokenStore
  • org.keycloak.adapters.tomcat7.CatalinaCookieTokenStore
  • org.keycloak.adapters.tomcat7.CatalinaRequestAuthenticator
  • org.keycloak.adapters.tomcat7.CatalinaSessionTokenStore
  • org.keycloak.adapters.undertow.KeycloakUndertowAccount
  • org.keycloak.adapters.undertow.UndertowCookieTokenStore
  • org.keycloak.representations.AccessToken
  • org.keycloak.representations.AccessTokenResponse
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.