commit | author | age
|
7f7e0c
|
1 |
package org.keycloak.protocol.cas.endpoints; |
MP |
2 |
|
|
3 |
import org.jboss.logging.Logger; |
|
4 |
import org.jboss.resteasy.annotations.cache.NoCache; |
|
5 |
import org.jboss.resteasy.spi.HttpRequest; |
|
6 |
import org.keycloak.common.ClientConnection; |
|
7 |
import org.keycloak.events.EventBuilder; |
4a6620
|
8 |
import org.keycloak.models.ClientModel; |
7f7e0c
|
9 |
import org.keycloak.models.KeycloakSession; |
MP |
10 |
import org.keycloak.models.RealmModel; |
|
11 |
import org.keycloak.models.UserSessionModel; |
|
12 |
import org.keycloak.protocol.cas.CASLoginProtocol; |
4a6620
|
13 |
import org.keycloak.protocol.oidc.utils.RedirectUtils; |
MP |
14 |
import org.keycloak.services.ErrorPage; |
7f7e0c
|
15 |
import org.keycloak.services.managers.AuthenticationManager; |
4a6620
|
16 |
import org.keycloak.services.messages.Messages; |
7f7e0c
|
17 |
|
MP |
18 |
import javax.ws.rs.GET; |
4a6620
|
19 |
import javax.ws.rs.QueryParam; |
7f7e0c
|
20 |
import javax.ws.rs.core.Context; |
MP |
21 |
import javax.ws.rs.core.HttpHeaders; |
|
22 |
import javax.ws.rs.core.Response; |
|
23 |
|
|
24 |
public class LogoutEndpoint { |
57a6c1
|
25 |
private static final Logger logger = Logger.getLogger(LogoutEndpoint.class); |
7f7e0c
|
26 |
|
MP |
27 |
@Context |
|
28 |
private KeycloakSession session; |
|
29 |
|
|
30 |
@Context |
|
31 |
private ClientConnection clientConnection; |
|
32 |
|
|
33 |
@Context |
|
34 |
private HttpRequest request; |
|
35 |
|
|
36 |
@Context |
|
37 |
private HttpHeaders headers; |
|
38 |
|
|
39 |
private RealmModel realm; |
|
40 |
private EventBuilder event; |
4a6620
|
41 |
private ClientModel client; |
MP |
42 |
private String redirectUri; |
7f7e0c
|
43 |
|
MP |
44 |
public LogoutEndpoint(RealmModel realm, EventBuilder event) { |
|
45 |
this.realm = realm; |
|
46 |
this.event = event; |
|
47 |
} |
|
48 |
|
|
49 |
@GET |
|
50 |
@NoCache |
4a6620
|
51 |
public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) { |
MP |
52 |
checkClient(service); |
7f7e0c
|
53 |
|
MP |
54 |
AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false); |
|
55 |
if (authResult != null) { |
|
56 |
UserSessionModel userSession = authResult.getSession(); |
|
57 |
userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL); |
4a6620
|
58 |
if (redirectUri != null) userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri); |
7f7e0c
|
59 |
|
MP |
60 |
logger.debug("Initiating CAS browser logout"); |
f63e40
|
61 |
Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers, null); |
7f7e0c
|
62 |
logger.debug("finishing CAS browser logout"); |
MP |
63 |
return response; |
|
64 |
} |
6638b8
|
65 |
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT); |
4a6620
|
66 |
} |
MP |
67 |
|
|
68 |
private void checkClient(String service) { |
|
69 |
if (service == null) { |
|
70 |
return; |
|
71 |
} |
|
72 |
|
|
73 |
client = realm.getClients().stream() |
|
74 |
.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) |
dee145
|
75 |
.filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) |
4a6620
|
76 |
.findFirst().orElse(null); |
MP |
77 |
if (client != null) { |
dee145
|
78 |
redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); |
4a6620
|
79 |
|
MP |
80 |
session.getContext().setClient(client); |
|
81 |
} |
7f7e0c
|
82 |
} |
MP |
83 |
} |