Пример #1
0
 protected void completeAuthentication(BearerTokenRequestAuthenticator bearer) {
   RefreshableKeycloakSecurityContext session =
       new RefreshableKeycloakSecurityContext(
           deployment, bearer.getTokenString(), bearer.getToken(), null, null, null);
   final KeycloakPrincipal principal =
       new KeycloakPrincipal(bearer.getToken().getSubject(), session);
   completeBearerAuthentication(principal, session);
 }
Пример #2
0
 protected void completeAuthentication(BearerTokenRequestAuthenticator bearer, String method) {
   RefreshableKeycloakSecurityContext session =
       new RefreshableKeycloakSecurityContext(
           deployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
   final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal =
       new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(
           AdapterUtils.getPrincipalName(deployment, bearer.getToken()), session);
   completeBearerAuthentication(principal, method);
 }
Пример #3
0
  public AuthOutcome authenticate() {
    if (log.isTraceEnabled()) {
      log.trace("--> authenticate()");
    }
    BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
    if (log.isTraceEnabled()) {
      log.trace("try bearer");
    }
    AuthOutcome outcome = bearer.authenticate(facade);
    if (outcome == AuthOutcome.FAILED) {
      challenge = bearer.getChallenge();
      log.debug("Bearer FAILED");
      return AuthOutcome.FAILED;
    } else if (outcome == AuthOutcome.AUTHENTICATED) {
      if (verifySSL()) return AuthOutcome.FAILED;
      completeAuthentication(bearer);
      log.debug("Bearer AUTHENTICATED");
      return AuthOutcome.AUTHENTICATED;
    } else if (deployment.isBearerOnly()) {
      challenge = bearer.getChallenge();
      log.debug("NOT_ATTEMPTED: bearer only");
      return AuthOutcome.NOT_ATTEMPTED;
    }

    if (log.isTraceEnabled()) {
      log.trace("try oauth");
    }

    if (isCached()) {
      if (verifySSL()) return AuthOutcome.FAILED;
      log.debug("AUTHENTICATED: was cached");
      return AuthOutcome.AUTHENTICATED;
    }

    OAuthRequestAuthenticator oauth = createOAuthAuthenticator();
    outcome = oauth.authenticate();
    if (outcome == AuthOutcome.FAILED) {
      challenge = oauth.getChallenge();
      return AuthOutcome.FAILED;
    } else if (outcome == AuthOutcome.NOT_ATTEMPTED) {
      challenge = oauth.getChallenge();
      return AuthOutcome.NOT_ATTEMPTED;
    }

    if (verifySSL()) return AuthOutcome.FAILED;

    completeAuthentication(oauth);

    // redirect to strip out access code and state query parameters
    facade.getResponse().setHeader("Location", oauth.getStrippedOauthParametersRequestUri());
    facade.getResponse().setStatus(302);
    facade.getResponse().end();

    log.debug("AUTHENTICATED");
    return AuthOutcome.AUTHENTICATED;
  }