mirror of
https://github.com/bmlong137/alfresco-keycloak.git
synced 2025-09-10 14:11:09 +00:00
General working Keycloak filter state
This commit is contained in:
AFaust
@@ -306,11 +306,10 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
|
||||
{
|
||||
for (final String configName : CONFIG_NAMES)
|
||||
{
|
||||
final Method setter = SETTER_BY_CONFIG_NAME.get(configName);
|
||||
|
||||
final Object value = this.configValueByField.get(configName);
|
||||
if (value != null)
|
||||
{
|
||||
final Method setter = SETTER_BY_CONFIG_NAME.get(configName);
|
||||
setter.invoke(config, value);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -84,7 +84,7 @@ public class KeycloakAdapterConfigElementReader implements ConfigElementReader
|
||||
configElement.setFieldValue(subElementName,
|
||||
valueType.getMethod("valueOf", String.class).invoke(null, textTrim));
|
||||
}
|
||||
catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException ex)
|
||||
catch (final NoSuchMethodException | IllegalAccessException | InvocationTargetException ex)
|
||||
{
|
||||
LOGGER.error(
|
||||
"Number-based value type {} does not provide a publicly accessible, static valueOf to handle conversion of value {}",
|
||||
|
||||
@@ -19,6 +19,7 @@ import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
@@ -549,7 +550,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
|
||||
protected void prepareLoginFormEnhancement(final ServletContext context, final HttpServletRequest req, final HttpServletResponse res,
|
||||
final FilterRequestAuthenticator authenticator)
|
||||
{
|
||||
final RedirectCaptureServletHttpFacade captureFacade = new RedirectCaptureServletHttpFacade(req);
|
||||
final ResponseHeaderCookieCaptureServletHttpFacade captureFacade = new ResponseHeaderCookieCaptureServletHttpFacade(req);
|
||||
|
||||
authenticator.getChallenge().challenge(captureFacade);
|
||||
|
||||
@@ -603,7 +604,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
|
||||
|
||||
};
|
||||
|
||||
final RedirectCaptureServletHttpFacade captureFacade = new RedirectCaptureServletHttpFacade(wrappedReq);
|
||||
final ResponseHeaderCookieCaptureServletHttpFacade captureFacade = new ResponseHeaderCookieCaptureServletHttpFacade(wrappedReq);
|
||||
|
||||
final OIDCFilterSessionStore tokenStore = new OIDCFilterSessionStore(req, captureFacade,
|
||||
bodyBufferLimit != null ? bodyBufferLimit.intValue() : DEFAULT_BODY_BUFFER_LIMIT, this.keycloakDeployment, null);
|
||||
@@ -786,6 +787,8 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
|
||||
{
|
||||
boolean skip = false;
|
||||
|
||||
final String authHeader = req.getHeader(HEADER_AUTHORIZATION);
|
||||
|
||||
final String servletPath = req.getServletPath();
|
||||
final String pathInfo = req.getPathInfo();
|
||||
final String servletRequestUri = servletPath + (pathInfo != null ? pathInfo : "");
|
||||
@@ -824,24 +827,25 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
|
||||
LOGGER.debug(
|
||||
"Explicitly not skipping doFilter as state and code query parameters of OAuth2 redirect as well as state cookie are present");
|
||||
}
|
||||
else if (req.getHeader(HEADER_AUTHORIZATION) != null && req.getHeader(HEADER_AUTHORIZATION).startsWith("Bearer "))
|
||||
else if (authHeader != null && authHeader.toLowerCase(Locale.ENGLISH).startsWith("bearer "))
|
||||
{
|
||||
LOGGER.debug("Explicitly not skipping doFilter as Bearer authorization header is present");
|
||||
}
|
||||
else if (req.getHeader(HEADER_AUTHORIZATION) != null)
|
||||
else if (authHeader != null && authHeader.toLowerCase(Locale.ENGLISH).startsWith("basic "))
|
||||
{
|
||||
LOGGER.debug("Skipping doFilter as non-OIDC authorization header is present");
|
||||
LOGGER.debug("Explicitly not skipping doFilter as Basic authorization header is present");
|
||||
}
|
||||
else if (authHeader != null)
|
||||
{
|
||||
LOGGER.debug("Skipping doFilter as non-OIDC / non-Basic authorization header is present");
|
||||
skip = true;
|
||||
}
|
||||
else if (req.getHeader(HEADER_AUTHORIZATION) == null && (currentSession != null && AuthenticationUtil.isAuthenticated(req)))
|
||||
else if (currentSession != null && AuthenticationUtil.isAuthenticated(req))
|
||||
{
|
||||
final String userId = AuthenticationUtil.getUserId(req);
|
||||
LOGGER.debug("Existing HTTP session is associated with user {}", userId);
|
||||
|
||||
final KeycloakAccount keycloakAccount = (KeycloakAccount) currentSession.getAttribute(KeycloakAccount.class.getName());
|
||||
if (keycloakAccount != null)
|
||||
{
|
||||
skip = this.validateAndRefreshKeycloakAuthentication(req, res, userId, keycloakAccount);
|
||||
skip = this.validateAndRefreshKeycloakAuthentication(req, res, AuthenticationUtil.getUserId(req), keycloakAccount);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -36,7 +36,7 @@ import org.keycloak.adapters.spi.HttpFacade;
|
||||
*
|
||||
* @author Axel Faust
|
||||
*/
|
||||
public class RedirectCaptureServletHttpFacade extends ServletHttpFacade
|
||||
public class ResponseHeaderCookieCaptureServletHttpFacade extends ServletHttpFacade
|
||||
{
|
||||
|
||||
protected final Map<Pair<String, String>, javax.servlet.http.Cookie> cookies = new HashMap<>();
|
||||
@@ -49,7 +49,7 @@ public class RedirectCaptureServletHttpFacade extends ServletHttpFacade
|
||||
* @param request
|
||||
* the servlet request to facade
|
||||
*/
|
||||
public RedirectCaptureServletHttpFacade(final HttpServletRequest request)
|
||||
public ResponseHeaderCookieCaptureServletHttpFacade(final HttpServletRequest request)
|
||||
{
|
||||
super(request, null);
|
||||
}
|
||||
@@ -106,7 +106,7 @@ public class RedirectCaptureServletHttpFacade extends ServletHttpFacade
|
||||
@Override
|
||||
public void addHeader(final String name, final String value)
|
||||
{
|
||||
RedirectCaptureServletHttpFacade.this.headers.computeIfAbsent(name, key -> new ArrayList<>()).add(value);
|
||||
ResponseHeaderCookieCaptureServletHttpFacade.this.headers.computeIfAbsent(name, key -> new ArrayList<>()).add(value);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -116,7 +116,7 @@ public class RedirectCaptureServletHttpFacade extends ServletHttpFacade
|
||||
@Override
|
||||
public void setHeader(final String name, final String value)
|
||||
{
|
||||
RedirectCaptureServletHttpFacade.this.headers.put(name, new ArrayList<>(Collections.singleton(value)));
|
||||
ResponseHeaderCookieCaptureServletHttpFacade.this.headers.put(name, new ArrayList<>(Collections.singleton(value)));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -126,7 +126,7 @@ public class RedirectCaptureServletHttpFacade extends ServletHttpFacade
|
||||
@Override
|
||||
public void resetCookie(final String name, final String path)
|
||||
{
|
||||
RedirectCaptureServletHttpFacade.this.cookies.remove(new Pair<>(name, path));
|
||||
ResponseHeaderCookieCaptureServletHttpFacade.this.cookies.remove(new Pair<>(name, path));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -146,7 +146,7 @@ public class RedirectCaptureServletHttpFacade extends ServletHttpFacade
|
||||
cookie.setMaxAge(maxAge);
|
||||
cookie.setSecure(secure);
|
||||
cookie.setHttpOnly(httpOnly);
|
||||
RedirectCaptureServletHttpFacade.this.cookies.put(new Pair<>(name, path), cookie);
|
||||
ResponseHeaderCookieCaptureServletHttpFacade.this.cookies.put(new Pair<>(name, path), cookie);
|
||||
}
|
||||
|
||||
/**
|
||||
Reference in New Issue
Block a user