@Override
protected void completeOAuthAuthentication(
final KeycloakPrincipal<RefreshableKeycloakSecurityContext> skp) {
principal = skp;
final RefreshableKeycloakSecurityContext securityContext = skp.getKeycloakSecurityContext();
final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
OidcKeycloakAccount account =
new OidcKeycloakAccount() {
@Override
public Principal getPrincipal() {
return skp;
}
@Override
public Set<String> getRoles() {
return roles;
}
@Override
public KeycloakSecurityContext getKeycloakSecurityContext() {
return securityContext;
}
};
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
this.tokenStore.saveAccountInfo(account);
}
@Override
protected void completeBearerAuthentication(
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) {
this.principal = principal;
RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
if (log.isDebugEnabled()) {
log.debug("Completing bearer authentication. Bearer roles: " + roles);
}
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
}
public JettySamlSessionStore getTokenStore(
Request request, HttpFacade facade, SamlDeployment resolvedDeployment) {
JettySamlSessionStore store = (JettySamlSessionStore) request.getAttribute(TOKEN_STORE_NOTE);
if (store != null) {
return store;
}
store = createJettySamlSessionStore(request, facade, resolvedDeployment);
request.setAttribute(TOKEN_STORE_NOTE, store);
return store;
}
/**
* Normally sets the path and a few attributes that the JSPs are likely to need. Also verifies the
* login information. If necessary, just redirects to the login page.
*
* @param target
* @param request
* @param httpServletResponse
* @param secured
* @return true if the request is already handled so the .jsp shouldn't get called
* @throws Exception
*/
private boolean prepareForJspGet(
String target, Request request, HttpServletResponse httpServletResponse, boolean secured)
throws Exception {
LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);
LOG.info(
String.format(
"hndl - %s ; %s; %s ; %s",
target,
request.getPathInfo(),
request.getMethod(),
secured ? "secured" : "not secured"));
String path = request.getUri().getDecodedPath();
boolean redirectToLogin = path.equals(PATH_LOGOUT);
LoginInfo loginInfo = null;
if (sessionInfo.isNull()) {
redirectToLogin = true;
LOG.info("Null session info. Logging in again.");
} else {
loginInfo =
loginInfoDb.get(
sessionInfo.browserId,
sessionInfo.sessionId); // ttt2 use a cache, to avoid going to DB
if (loginInfo == null || loginInfo.expiresOn < System.currentTimeMillis()) {
LOG.info("Session has expired. Logging in again. Info: " + loginInfo);
redirectToLogin = true;
}
}
if (!path.equals(PATH_LOGIN) && !path.equals(PATH_SIGNUP) && !path.equals(PATH_ERROR)) {
if (redirectToLogin) {
// ttt2 perhaps store URI, to return to it after login
logOut(sessionInfo.browserId);
addLoginParams(request, loginInfo);
httpServletResponse.sendRedirect(PATH_LOGIN);
return true;
}
User user = userDb.get(loginInfo.userId);
if (user == null) {
WebUtils.redirectToError("Unknown user", request, httpServletResponse);
return true;
}
if (!user.active) {
WebUtils.redirectToError("Account is not active", request, httpServletResponse);
return true;
}
request.setAttribute(VAR_FEED_DB, feedDb);
request.setAttribute(VAR_USER_DB, userDb);
request.setAttribute(VAR_ARTICLE_DB, articleDb);
request.setAttribute(VAR_READ_ARTICLES_COLL_DB, readArticlesCollDb);
request.setAttribute(VAR_USER, user);
request.setAttribute(VAR_LOGIN_INFO, loginInfo);
MultiMap<String> params = new MultiMap<>();
params.put(PARAM_PATH, path);
request.setParameters(params);
}
if (path.equals(PATH_LOGIN)) {
addLoginParams(request, loginInfo);
}
return false;
}