Refine search
public static URI relativize(URI from, URI to) { if (!compare(from.getScheme(), to.getScheme())) return to; if (!compare(from.getHost(), to.getHost())) return to; if (from.getPort() != to.getPort()) return to; if (from.getPath() == null && to.getPath() == null) return URI.create(""); else if (from.getPath() == null) return URI.create(to.getPath()); else if (to.getPath() == null) return to; String fromPath = from.getPath(); if (fromPath.startsWith("/")) fromPath = fromPath.substring(1); String[] fsplit = fromPath.split("/"); String toPath = to.getPath(); if (toPath.startsWith("/")) toPath = toPath.substring(1); String[] tsplit = toPath.split("/"); int f = 0; for (; f < fsplit.length && f < tsplit.length; f++) { if (!fsplit[f].equals(tsplit[f])) break; } KeycloakUriBuilder builder = KeycloakUriBuilder.fromPath(""); for (int i = f; i < fsplit.length; i++) builder.path(".."); for (int i = f; i < tsplit.length; i++) builder.path(tsplit[i]); return builder.build(); }
/** * @param authUrlBuilder absolute URI */ protected void resolveUrls(KeycloakUriBuilder authUrlBuilder) { if (log.isDebugEnabled()) { log.debug("resolveUrls"); } authServerBaseUrl = authUrlBuilder.build().toString(); String login = authUrlBuilder.clone().path(ServiceUrlConstants.AUTH_PATH).build(getRealm()).toString(); authUrl = KeycloakUriBuilder.fromUri(login); realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString(); tokenUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_PATH).build(getRealm()).toString(); logoutUrl = KeycloakUriBuilder.fromUri(authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(getRealm()).toString()); accountUrl = authUrlBuilder.clone().path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).build(getRealm()).toString(); registerNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_REGISTER_NODE_PATH).build(getRealm()).toString(); unregisterNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH).build(getRealm()).toString(); jwksUrl = authUrlBuilder.clone().path(ServiceUrlConstants.JWKS_URL).build(getRealm()).toString(); }
@Override public String getURI() { KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(exchange.getRequestURI()) .replaceQuery(exchange.getQueryString()); if (!exchange.isHostIncludedInRequestURI()) uriBuilder.scheme(exchange.getRequestScheme()).host(exchange.getHostAndPort()); return uriBuilder.build().toString(); }
protected static String stripOauthParametersFromRedirect(String uri) { KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri) .replaceQueryParam(OAuth2Constants.CODE, null) .replaceQueryParam(OAuth2Constants.STATE, null); return builder.build().toString(); }
public static KeycloakUriBuilder fromPath(String path) throws IllegalArgumentException { return new KeycloakUriBuilder().path(path); }
/** * Start the process of obtaining an access token by redirecting the browser * to the authentication server * * @param relativePath path relative to context root you want auth server to redirect back to * @param request * @param response * @throws IOException */ public void redirectRelative(String relativePath, HttpServletRequest request, HttpServletResponse response) throws IOException { KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()) .replacePath(request.getContextPath()) .replaceQuery(null) .path(relativePath); String redirect = builder.toTemplate(); redirect(redirect, request, response); }
protected KeycloakUriBuilder getBaseBuilder(HttpFacade facade, String base) { KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(base); URI request = URI.create(facade.getRequest().getURI()); String scheme = request.getScheme(); if (deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) { scheme = "https"; if (!request.getScheme().equals(scheme) && request.getPort() != -1) { log.error("request scheme: " + request.getScheme() + " ssl required"); throw new RuntimeException("Can't resolve relative url from adapter config."); } } builder.scheme(scheme); builder.host(request.getHost()); if (request.getPort() != -1) { builder.port(request.getPort()); } return builder; }
public void setAuthServerBaseUrl(AdapterConfig config) { this.authServerBaseUrl = config.getAuthServerUrl(); if (authServerBaseUrl == null) return; URI authServerUri = URI.create(authServerBaseUrl); if (authServerUri.getHost() == null) { relativeUrls = RelativeUrlsUsed.ALWAYS; } else { // We have absolute URI in config relativeUrls = RelativeUrlsUsed.NEVER; KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl); resolveUrls(serverBuilder); } }
@Override public String getRedirectUri() { String redirect = (String)getSession(true).getAttribute(SAML_REDIRECT_URI); if (redirect == null) { String contextPath = request.getContextPath(); String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString(); return SamlUtil.getRedirectTo(facade, contextPath, baseUri); } return redirect; }
/** Helper for setting up GeoServer-style logout actions. */ @Override public void logout( HttpServletRequest request, HttpServletResponse response, Authentication authentication) { LOG.log(Level.FINER, "GeoServerKeycloakFilter.logout ENTRY"); // do some setup and get the deployment HttpFacade exchange = new SimpleHttpFacade(request, response); KeycloakDeployment deployment = keycloakContext.resolveDeployment(exchange); // redirect to referer url stripping all request parameters off String referer = request.getHeader(HttpHeaders.REFERER); String refererNoParams = referer.split("\\?")[0]; // let geoserver know what to do with this request.setAttribute( GeoServerLogoutFilter.LOGOUT_REDIRECT_ATTR, deployment .getLogoutUrl() .queryParam(OAuth2Constants.REDIRECT_URI, refererNoParams) .build() .toString()); }
String state = getStateCode(); KeycloakDeployment resolvedDeployment = resolveDeployment(getDeployment(), request); String authUrl = resolvedDeployment.getAuthUrl().clone().build().toString(); String scopeParam = TokenUtil.attachOIDCScope(scope); KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(authUrl) .queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE) .queryParam(OAuth2Constants.CLIENT_ID, getClientId()) .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri) .queryParam(OAuth2Constants.STATE, state) .queryParam(OAuth2Constants.SCOPE, scopeParam); URI url = uriBuilder.build(); cookie.setPath(stateCookiePath); response.addCookie(cookie); response.sendRedirect(url.toString());
KeycloakUriBuilder secureUrl = KeycloakUriBuilder.fromUri(url).scheme("https").port(-1); if (port != 443) secureUrl.port(port); url = secureUrl.build().toString(); url = UriUtils.stripQueryParam(url, OAuth2Constants.UI_LOCALES_PARAM); KeycloakUriBuilder redirectUriBuilder = deployment.getAuthUrl().clone() .queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE) .queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName()) .queryParam(OAuth2Constants.REDIRECT_URI, rewrittenRedirectUri(url)) .queryParam(OAuth2Constants.STATE, state) .queryParam("login", "true"); if(loginHint != null && loginHint.length() > 0){ redirectUriBuilder.queryParam("login_hint",loginHint); redirectUriBuilder.queryParam(AdapterConstants.KC_IDP_HINT,idpHint); redirectUriBuilder.queryParam(OAuth2Constants.PROMPT, prompt); redirectUriBuilder.queryParam(OAuth2Constants.MAX_AGE, maxAge); redirectUriBuilder.queryParam(OAuth2Constants.UI_LOCALES_PARAM, uiLocales); redirectUriBuilder.queryParam(OAuth2Constants.SCOPE, scope); return redirectUriBuilder.build().toString();
protected KeycloakDeployment resolveUrls(KeycloakDeployment deployment, HttpFacade facade) { if (deployment.relativeUrls == RelativeUrlsUsed.NEVER) { // Absolute URI are already set to everything return deployment; } else { DeploymentDelegate delegate = new DeploymentDelegate(this.deployment); delegate.setAuthServerBaseUrl(getBaseBuilder(facade, this.deployment.getAuthServerBaseUrl()).build().toString()); return delegate; } }
KeycloakUriBuilder builder = KeycloakUriBuilder.fromPath("/") .queryParam(paramKey, request); if (relayState != null) { builder.queryParam(GeneralConstants.RELAY_STATE, relayState); builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, algorithm); String rawQuery = builder.build().getRawQuery();
KeycloakUriBuilder.fromUri(deployment.getAuthServerBaseUrl()) .path(ServiceUrlConstants.TOKEN_PATH).build(deployment.getRealm())); java.util.List <NameValuePair> formparams = new java.util.ArrayList <NameValuePair>(); formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
@Override public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) { AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession(); String service = authSession.getRedirectUri(); //TODO validate service OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(), Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(), null, null, authSession.getRedirectUri(), null, null); String code = OAuth2CodeParser.persistCode(session, clientSession, codeData); KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service); uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code); URI redirectUri = uriBuilder.build(); Response.ResponseBuilder location = Response.status(302).location(redirectUri); return location.build(); }
public static void invokeLogout(KeycloakDeployment deployment, String refreshToken) throws IOException, HttpFailure { HttpClient client = deployment.getClient(); URI uri = deployment.getLogoutUrl().clone().build(); List<NameValuePair> formparams = new ArrayList<>(); formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken)); HttpPost post = new HttpPost(uri); ClientCredentialsProviderUtils.setClientCredentials(deployment, post, formparams); UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8"); post.setEntity(form); HttpResponse response = client.execute(post); int status = response.getStatusLine().getStatusCode(); HttpEntity entity = response.getEntity(); if (status != 204) { error(status, entity); } if (entity == null) { return; } InputStream is = entity.getContent(); if (is != null) is.close(); }
public void setAuthServerBaseUrl(String authServerBaseUrl) { this.authServerBaseUrl = authServerBaseUrl; KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl); resolveUrls(serverBuilder); }