@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.debug("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.debug("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); return true; } else { return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.debug("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.debug("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); return true; } else { return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { if (request.getSession(false) == null || request.getSession().getAttribute(KeycloakSecurityContext.class.getName()) == null) return false; log.debug("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) request.getSession().getAttribute(KeycloakSecurityContext.class.getName()); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.debug("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); JettyRequestAuthenticator jettyAuthenticator = (JettyRequestAuthenticator) authenticator; KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = AdapterUtils.createPrincipal(deployment, securityContext); jettyAuthenticator.principal = principal; restoreRequest(); return true; }
@Override public boolean isCached(RequestAuthenticator authenticator) { HttpSession httpSession = request.getSession(false); if (httpSession == null) return false; SerializableKeycloakAccount account = (SerializableKeycloakAccount) httpSession.getAttribute(KeycloakAccount.class.getName()); if (account == null) { return false; } log.fine("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = account.getKeycloakSecurityContext(); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); cleanSession(httpSession); return false; } if (idMapper != null && !idMapper.hasSession(httpSession.getId())) { log.fine("idMapper does not have session: " + httpSession.getId()); //System.err.println("idMapper does not have session: " + httpSession.getId()); cleanSession(httpSession); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); needRequestRestore = restoreRequest(); return true; }
@Override public boolean isCached(RequestAuthenticator authenticator) { if (request.getSession(false) == null || request.getSession().getAttribute(KeycloakSecurityContext.class.getName()) == null) return false; log.debug("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) request.getSession().getAttribute(KeycloakSecurityContext.class.getName()); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.debug("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); JettyRequestAuthenticator jettyAuthenticator = (JettyRequestAuthenticator) authenticator; KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = AdapterUtils.createPrincipal(deployment, securityContext); jettyAuthenticator.principal = principal; restoreRequest(); return true; }
if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false;
if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false;
@Override public boolean isCached(RequestAuthenticator authenticator) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid, returning null"); return false; } KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, removing cookie and returning false"); CookieTokenStore.removeCookie(deployment, facade); return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid, returning null"); return false; } KeycloakUndertowAccount account = new KeycloakUndertowAccount(principal); if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, removing cookie and returning false"); CookieTokenStore.removeCookie(deployment, facade); return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = Sessions.getSession(exchange); if (session == null) { log.debug("session was null, returning null"); return false; } KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); if (account == null) { log.debug("Account was not in session, returning null"); return false; } if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } account.setCurrentRequestInfo(deployment, this); if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, returning false"); session.removeAttribute(KeycloakUndertowAccount.class.getName()); session.removeAttribute(KeycloakSecurityContext.class.getName()); session.invalidate(exchange); return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = Sessions.getSession(exchange); if (session == null) { log.debug("session was null, returning null"); return false; } KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName()); if (account == null) { log.debug("Account was not in session, returning null"); return false; } if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) { log.debug("Account in session belongs to a different realm than for this request."); return false; } account.setCurrentRequestInfo(deployment, this); if (account.checkActive()) { log.debug("Cached account found"); securityContext.authenticationComplete(account, "KEYCLOAK", false); ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account); return true; } else { log.debug("Account was not active, returning false"); session.removeAttribute(KeycloakUndertowAccount.class.getName()); session.removeAttribute(KeycloakSecurityContext.class.getName()); session.invalidate(exchange); return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.fine("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); return true; } else { return false; } }
@Override public boolean isCached(RequestAuthenticator authenticator) { // Assuming authenticatedPrincipal set by previous call of checkCurrentToken() during this request if (authenticatedPrincipal != null) { log.fine("remote logged in already. Establish state from cookie"); RefreshableKeycloakSecurityContext securityContext = authenticatedPrincipal.getKeycloakSecurityContext(); if (!securityContext.getRealm().equals(deployment.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); return false; } securityContext.setCurrentRequestInfo(deployment, this); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), authenticatedPrincipal, roles); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); return true; } else { return false; } }
if (!this.getRealm().equals(this.deployment.getRealm())) {
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = request.getSessionInternal(false); if (session == null) return false; SerializableKeycloakAccount account = (SerializableKeycloakAccount) session.getSession().getAttribute(SerializableKeycloakAccount.class.getName()); if (account == null) { return false; } log.fine("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = account.getKeycloakSecurityContext(); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); cleanSession(session); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); restoreRequest(); return true; }
@Override public boolean isCached(RequestAuthenticator authenticator) { Session session = request.getSessionInternal(false); if (session == null) return false; SerializableKeycloakAccount account = (SerializableKeycloakAccount) session.getSession().getAttribute(SerializableKeycloakAccount.class.getName()); if (account == null) { return false; } log.fine("remote logged in already. Establish state from session"); RefreshableKeycloakSecurityContext securityContext = account.getKeycloakSecurityContext(); if (!deployment.getRealm().equals(securityContext.getRealm())) { log.fine("Account from cookie is from a different realm than for the request."); cleanSession(session); return false; } securityContext.setCurrentRequestInfo(deployment, this); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK"); restoreRequest(); return true; }