protected void completeAuthentication(BearerTokenRequestAuthenticator bearer) { RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext( deployment, bearer.getTokenString(), bearer.getToken(), null, null, null); final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), session); completeBearerAuthentication(principal, session); }
protected void completeAuthentication(BearerTokenRequestAuthenticator bearer, String method) { RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext( deployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null); final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>( AdapterUtils.getPrincipalName(deployment, bearer.getToken()), session); completeBearerAuthentication(principal, method); }
public AuthOutcome authenticate() { if (log.isTraceEnabled()) { log.trace("--> authenticate()"); } BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator(); if (log.isTraceEnabled()) { log.trace("try bearer"); } AuthOutcome outcome = bearer.authenticate(facade); if (outcome == AuthOutcome.FAILED) { challenge = bearer.getChallenge(); log.debug("Bearer FAILED"); return AuthOutcome.FAILED; } else if (outcome == AuthOutcome.AUTHENTICATED) { if (verifySSL()) return AuthOutcome.FAILED; completeAuthentication(bearer); log.debug("Bearer AUTHENTICATED"); return AuthOutcome.AUTHENTICATED; } else if (deployment.isBearerOnly()) { challenge = bearer.getChallenge(); log.debug("NOT_ATTEMPTED: bearer only"); return AuthOutcome.NOT_ATTEMPTED; } if (log.isTraceEnabled()) { log.trace("try oauth"); } if (isCached()) { if (verifySSL()) return AuthOutcome.FAILED; log.debug("AUTHENTICATED: was cached"); return AuthOutcome.AUTHENTICATED; } OAuthRequestAuthenticator oauth = createOAuthAuthenticator(); outcome = oauth.authenticate(); if (outcome == AuthOutcome.FAILED) { challenge = oauth.getChallenge(); return AuthOutcome.FAILED; } else if (outcome == AuthOutcome.NOT_ATTEMPTED) { challenge = oauth.getChallenge(); return AuthOutcome.NOT_ATTEMPTED; } if (verifySSL()) return AuthOutcome.FAILED; completeAuthentication(oauth); // redirect to strip out access code and state query parameters facade.getResponse().setHeader("Location", oauth.getStrippedOauthParametersRequestUri()); facade.getResponse().setStatus(302); facade.getResponse().end(); log.debug("AUTHENTICATED"); return AuthOutcome.AUTHENTICATED; }