Extend utility flexible authenticator with access token awareness

2025-05-26 21:44:41 +00:00 · 2021-01-17 23:20:29 +01:00 · 2021-01-17 23:20:29 +01:00 · 35d07b1616
commit 35d07b1616
parent f9e16e0ef4
4 changed files with 73 additions and 2 deletions
--- a/pom.xml
+++ b/pom.xml
@ -79,7 +79,7 @@
        <apache.httpclient.version>4.5.1</apache.httpclient.version>
        <apache.httpcore.version>4.4.3</apache.httpcore.version>

-        <acosix.utility.version>1.2.3</acosix.utility.version>
+        <acosix.utility.version>1.2.5-SNAPSHOT</acosix.utility.version>
        <ootbee.support-tools.version>1.1.0.0</ootbee.support-tools.version>
    </properties>

--- a/repository/module.properties
+++ b/repository/module.properties
@ -5,4 +5,4 @@ module.version=${noSnapshotVersion}

 module.repo.version.min=5

-module.depends.acosix-utility=1.2.3-*
+module.depends.acosix-utility=1.2.5-*
--- a/share/src/main/java/de/acosix/alfresco/keycloak/share/remote/AccessTokenAwareAlfrescoAuthenticator.java
+++ b/share/src/main/java/de/acosix/alfresco/keycloak/share/remote/AccessTokenAwareAlfrescoAuthenticator.java
@ -0,0 +1,63 @@
+/*
+ * Copyright 2019 - 2020 Acosix GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.acosix.alfresco.keycloak.share.remote;
+
+import javax.servlet.http.HttpSession;
+
+import org.keycloak.adapters.OidcKeycloakAccount;
+import org.keycloak.adapters.spi.KeycloakAccount;
+import org.springframework.extensions.surf.ServletUtil;
+import org.springframework.extensions.webscripts.connector.ConnectorSession;
+
+import de.acosix.alfresco.keycloak.share.util.RefreshableAccessTokenHolder;
+import de.acosix.alfresco.keycloak.share.web.KeycloakAuthenticationFilter;
+import de.acosix.alfresco.utility.share.connector.FlexibleAlfrescoAuthenticator;
+
+/**
+ * @author Axel Faust
+ */
+public class AccessTokenAwareAlfrescoAuthenticator extends FlexibleAlfrescoAuthenticator
+{
+
+    /**
+     *
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isAuthenticated(final String endpoint, final ConnectorSession connectorSession)
+    {
+        boolean authenticated = super.isAuthenticated(endpoint, connectorSession);
+
+        if (!authenticated)
+        {
+            final HttpSession session = ServletUtil.getSession();
+            final KeycloakAccount keycloakAccount = (KeycloakAccount) (session != null
+                    ? session.getAttribute(KeycloakAuthenticationFilter.KEYCLOAK_ACCOUNT_SESSION_KEY)
+                    : null);
+            final RefreshableAccessTokenHolder accessToken = (RefreshableAccessTokenHolder) (session != null
+                    ? session.getAttribute(KeycloakAuthenticationFilter.ACCESS_TOKEN_SESSION_KEY)
+                    : null);
+            final RefreshableAccessTokenHolder endpointSpecificAccessToken = (RefreshableAccessTokenHolder) (session != null
+                    ? session.getAttribute(KeycloakAuthenticationFilter.BACKEND_ACCESS_TOKEN_SESSION_KEY)
+                    : null);
+
+            authenticated = endpointSpecificAccessToken != null && endpointSpecificAccessToken.isActive()
+                    || keycloakAccount instanceof OidcKeycloakAccount || accessToken != null;
+        }
+
+        return authenticated;
+    }
+}
--- a/share/src/test/docker/alfresco/web-extension/share-config-custom.xml
+++ b/share/src/test/docker/alfresco/web-extension/share-config-custom.xml
@ -23,7 +23,15 @@
                <name>Alfresco Connector</name>
                <description>Connects to an Alfresco instance using cookie-based authentication and awareness of Keycloak access tokens</description>
                <class>de.acosix.alfresco.keycloak.share.remote.AccessTokenAwareSlingshotAlfrescoConnector</class>
+                <authenticator-id>acosix-kc-authenticator</authenticator-id>
            </connector>
+            
+            <authenticator>
+                <id>acosix-kc-authenticator</id>
+                <name>Acosix Keycloak Authenticator</name>
+                <description>Authenticator with flexible support for ticket, cookie, remote user, and access token</description>
+                <class>de.acosix.alfresco.keycloak.share.remote.AccessTokenAwareAlfrescoAuthenticator</class>
+            </authenticator>

            <endpoint>
                <id>alfresco</id>