mirror of
https://github.com/bmlong137/alfresco-keycloak.git
synced 2025-05-26 21:44:41 +00:00
Extend utility flexible authenticator with access token awareness
This commit is contained in:
AFaust
parent
f9e16e0ef4
commit
35d07b1616
2
pom.xml
2
pom.xml
@ -79,7 +79,7 @@
|
|||||||
<apache.httpclient.version>4.5.1</apache.httpclient.version>
|
<apache.httpclient.version>4.5.1</apache.httpclient.version>
|
||||||
<apache.httpcore.version>4.4.3</apache.httpcore.version>
|
<apache.httpcore.version>4.4.3</apache.httpcore.version>
|
||||||
|
|
||||||
<acosix.utility.version>1.2.3</acosix.utility.version>
|
<acosix.utility.version>1.2.5-SNAPSHOT</acosix.utility.version>
|
||||||
<ootbee.support-tools.version>1.1.0.0</ootbee.support-tools.version>
|
<ootbee.support-tools.version>1.1.0.0</ootbee.support-tools.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
|
|||||||
@ -5,4 +5,4 @@ module.version=${noSnapshotVersion}
|
|||||||
|
|
||||||
module.repo.version.min=5
|
module.repo.version.min=5
|
||||||
|
|
||||||
module.depends.acosix-utility=1.2.3-*
|
module.depends.acosix-utility=1.2.5-*
|
||||||
@ -0,0 +1,63 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2019 - 2020 Acosix GmbH
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package de.acosix.alfresco.keycloak.share.remote;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
|
|
||||||
|
import org.keycloak.adapters.OidcKeycloakAccount;
|
||||||
|
import org.keycloak.adapters.spi.KeycloakAccount;
|
||||||
|
import org.springframework.extensions.surf.ServletUtil;
|
||||||
|
import org.springframework.extensions.webscripts.connector.ConnectorSession;
|
||||||
|
|
||||||
|
import de.acosix.alfresco.keycloak.share.util.RefreshableAccessTokenHolder;
|
||||||
|
import de.acosix.alfresco.keycloak.share.web.KeycloakAuthenticationFilter;
|
||||||
|
import de.acosix.alfresco.utility.share.connector.FlexibleAlfrescoAuthenticator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Axel Faust
|
||||||
|
*/
|
||||||
|
public class AccessTokenAwareAlfrescoAuthenticator extends FlexibleAlfrescoAuthenticator
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public boolean isAuthenticated(final String endpoint, final ConnectorSession connectorSession)
|
||||||
|
{
|
||||||
|
boolean authenticated = super.isAuthenticated(endpoint, connectorSession);
|
||||||
|
|
||||||
|
if (!authenticated)
|
||||||
|
{
|
||||||
|
final HttpSession session = ServletUtil.getSession();
|
||||||
|
final KeycloakAccount keycloakAccount = (KeycloakAccount) (session != null
|
||||||
|
? session.getAttribute(KeycloakAuthenticationFilter.KEYCLOAK_ACCOUNT_SESSION_KEY)
|
||||||
|
: null);
|
||||||
|
final RefreshableAccessTokenHolder accessToken = (RefreshableAccessTokenHolder) (session != null
|
||||||
|
? session.getAttribute(KeycloakAuthenticationFilter.ACCESS_TOKEN_SESSION_KEY)
|
||||||
|
: null);
|
||||||
|
final RefreshableAccessTokenHolder endpointSpecificAccessToken = (RefreshableAccessTokenHolder) (session != null
|
||||||
|
? session.getAttribute(KeycloakAuthenticationFilter.BACKEND_ACCESS_TOKEN_SESSION_KEY)
|
||||||
|
: null);
|
||||||
|
|
||||||
|
authenticated = endpointSpecificAccessToken != null && endpointSpecificAccessToken.isActive()
|
||||||
|
|| keycloakAccount instanceof OidcKeycloakAccount || accessToken != null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return authenticated;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -23,8 +23,16 @@
|
|||||||
<name>Alfresco Connector</name>
|
<name>Alfresco Connector</name>
|
||||||
<description>Connects to an Alfresco instance using cookie-based authentication and awareness of Keycloak access tokens</description>
|
<description>Connects to an Alfresco instance using cookie-based authentication and awareness of Keycloak access tokens</description>
|
||||||
<class>de.acosix.alfresco.keycloak.share.remote.AccessTokenAwareSlingshotAlfrescoConnector</class>
|
<class>de.acosix.alfresco.keycloak.share.remote.AccessTokenAwareSlingshotAlfrescoConnector</class>
|
||||||
|
<authenticator-id>acosix-kc-authenticator</authenticator-id>
|
||||||
</connector>
|
</connector>
|
||||||
|
|
||||||
|
<authenticator>
|
||||||
|
<id>acosix-kc-authenticator</id>
|
||||||
|
<name>Acosix Keycloak Authenticator</name>
|
||||||
|
<description>Authenticator with flexible support for ticket, cookie, remote user, and access token</description>
|
||||||
|
<class>de.acosix.alfresco.keycloak.share.remote.AccessTokenAwareAlfrescoAuthenticator</class>
|
||||||
|
</authenticator>
|
||||||
|
|
||||||
<endpoint>
|
<endpoint>
|
||||||
<id>alfresco</id>
|
<id>alfresco</id>
|
||||||
<name>Alfresco - user access</name>
|
<name>Alfresco - user access</name>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user