public void setUserPrincipal(Principal principal) { httpRequest.setUserPrincipal(principal); }
@Override protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) { RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext(); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); if (log.isLoggable(Level.FINE)) { log.fine("Completing bearer authentication. Bearer roles: " + roles); } Principal generalPrincipal = principalFactory.createPrincipal(request.getContext().getRealm(), principal, roles); request.setUserPrincipal(generalPrincipal); request.setAuthType(method); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
@Override protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) { RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext(); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); if (log.isLoggable(Level.FINE)) { log.fine("Completing bearer authentication. Bearer roles: " + roles); } Principal generalPrincipal = principalFactory.createPrincipal(request.getContext().getRealm(), principal, roles); request.setUserPrincipal(generalPrincipal); request.setAuthType(method); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
protected void logoutInternal(Request request) { CatalinaHttpFacade facade = new CatalinaHttpFacade(null, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); tokenStore.logoutAccount(); request.setUserPrincipal(null); }
protected void logoutInternal(Request request) { KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } request.setUserPrincipal(null); }
public void invoke(Request request, Response response) throws IOException, ServletException { Principal user = request.getUserPrincipal(); if( user instanceof JBossGenericPrincipal ) { // Restore the actual principal to the request JBossGenericPrincipal guser = (JBossGenericPrincipal) user; Principal realUser = guser.getCallerPrincipal(); request.setUserPrincipal(realUser); } getNext().invoke(request, response); } }
protected void logoutInternal(Request request) { KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); if (ksc != null) { CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null); KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade); if (ksc instanceof RefreshableKeycloakSecurityContext) { ((RefreshableKeycloakSecurityContext) ksc).logout(deployment); } AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment); tokenStore.logout(); request.removeAttribute(KeycloakSecurityContext.class.getName()); } request.setUserPrincipal(null); }
private boolean dealWithFacebookPrincipal(Request request, Response response, Principal principal) throws IOException { String userName = principal.getName(); request.getSessionInternal().setNote(Constants.SESS_USERNAME_NOTE, userName); request.getSessionInternal().setNote(Constants.SESS_PASSWORD_NOTE, ""); request.setUserPrincipal(principal); if (saveRestoreRequest) { this.restoreRequest(request, request.getSessionInternal()); } registerWithAuthenticatorBase(request, response, principal, userName); request.getSession().setAttribute("STATE", STATES.FINISH.name()); return true; }
private boolean dealWithOpenIDPrincipal(Request request, Response response, Principal principal) throws IOException { HttpSession httpSession = request.getSession(); String principalName = principal.getName(); request.getSessionInternal().setNote(Constants.SESS_USERNAME_NOTE, principalName); request.getSessionInternal().setNote(Constants.SESS_PASSWORD_NOTE, ""); request.setUserPrincipal(principal); if (saveRestoreRequest) { this.restoreRequest(request, request.getSessionInternal()); } if (trace) log.trace("Logged in as:" + principal); registerWithAuthenticatorBase(request, response, principal, principalName); httpSession.setAttribute("STATE", STATES.FINISH.name()); return true; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.fine("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); return true; } else { return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.fine("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); return true; } else { return false; } }
private void handleMatch(Request request, Principal principal) { TomcatLoginHolder.setLogin(new TomcatLoginImpl(this, request)); // Copy over user principal and auth type values, just like in AuthenticatorBase.invoke() if (principal != null) return; Session session = getSession(request, false); if (session == null) return; principal = session.getPrincipal(); if (principal != null) { request.setAuthType(session.getAuthType()); request.setUserPrincipal(principal); } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
private void handleMatch(Request request, Principal principal) { TomcatLoginHolder.setLogin(new TomcatLoginImpl(getContainer(), request)); // Copy over user principal and auth type values, just like in AuthenticatorBase.invoke() if (principal != null) return; Session session = getSession(request, false); if (session == null) return; principal = session.getPrincipal(); if (principal != null) { request.setAuthType(session.getAuthType()); request.setUserPrincipal(principal); } }
protected boolean checkLoggedIn(Request request, HttpServletResponse response) { if (request.getSessionInternal() == null || request.getSessionInternal().getPrincipal() == null) return false; LogMessages.LOGGER.debug(Messages.MESSAGES.remoteLoggedInAlready()); GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal(); request.setUserPrincipal(principal); request.setAuthType("OAUTH"); Session session = request.getSessionInternal(); if (session != null && !remoteSkeletonKeyConfig.isCancelPropagation()) { SkeletonKeySession skSession = (SkeletonKeySession) session.getNote(SkeletonKeySession.class.getName()); if (skSession != null) { request.setAttribute(SkeletonKeySession.class.getName(), skSession); ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession); } } return true; }
@Override public void saveAccount(SamlSession account) { Session session = request.getSessionInternal(true); session.getSession().setAttribute(SamlSession.class.getName(), account); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK-SAML"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK-SAML"); String newId = changeSessionId(session); idMapperUpdater.map(idMapper, account.getSessionIndex(), account.getPrincipal().getSamlSubject(), newId); }
/** * Log the user out * @param request */ protected void unregister(Request request) { request.setAuthType(null); request.setUserPrincipal(null); // Cache the authentication principal in the session. Session session = request.getSessionInternal(false); if (session != null) { session.setAuthType(null); session.setPrincipal(null); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); } // Unregister the SSOID. SingleSignOn sso = this.getSingleSignOn(request); if (sso != null) { String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); sso.deregister(ssoId); } }
protected void logoutCurrentUser(Request request, HttpServletResponse response) throws IOException { if (request.getSessionInternal() == null || request.getSessionInternal().getPrincipal() == null) { redirectToWelcomePage(request, response); return; } GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal(); String username = principal.getName(); String admin = username; userSessionManagement.logout(username); request.setUserPrincipal(null); request.setAuthType(null); // logout user on all declared authenticated resources logoutResources(username, admin); redirectToWelcomePage(request, response); }
public Principal login(Object credentials, String charset) throws SecurityServiceException { String[] decoded = decodeBase64Credentials(credentials, charset); HttpGraniteContext context = (HttpGraniteContext)GraniteContext.getCurrentInstance(); HttpServletRequest httpRequest = context.getRequest(); Realm realm = getRealm(httpRequest); Principal principal = realm.authenticate(decoded[0], decoded[1]); if (principal == null) throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password"); Request request = getRequest(httpRequest); request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = request.getSessionInternal(true); session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]); session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]); endLogin(credentials, charset); return principal; }