commit | author | age
|
7f7e0c
|
1 |
package org.keycloak.protocol.cas.endpoints; |
MP |
2 |
|
|
3 |
import org.jboss.logging.Logger; |
|
4 |
import org.keycloak.events.Details; |
|
5 |
import org.keycloak.events.Errors; |
|
6 |
import org.keycloak.events.EventBuilder; |
|
7 |
import org.keycloak.events.EventType; |
|
8 |
import org.keycloak.models.ClientModel; |
|
9 |
import org.keycloak.models.ClientSessionModel; |
|
10 |
import org.keycloak.models.RealmModel; |
|
11 |
import org.keycloak.protocol.AuthorizationEndpointBase; |
|
12 |
import org.keycloak.protocol.cas.CASLoginProtocol; |
|
13 |
import org.keycloak.protocol.oidc.utils.RedirectUtils; |
|
14 |
import org.keycloak.services.ErrorPageException; |
|
15 |
import org.keycloak.services.messages.Messages; |
|
16 |
import org.keycloak.services.util.CacheControlUtil; |
|
17 |
|
|
18 |
import javax.ws.rs.GET; |
|
19 |
import javax.ws.rs.core.MultivaluedMap; |
|
20 |
import javax.ws.rs.core.Response; |
|
21 |
|
|
22 |
public class AuthorizationEndpoint extends AuthorizationEndpointBase { |
|
23 |
private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class); |
|
24 |
|
|
25 |
private ClientModel client; |
|
26 |
private ClientSessionModel clientSession; |
|
27 |
private String redirectUri; |
|
28 |
|
|
29 |
public AuthorizationEndpoint(RealmModel realm, EventBuilder event) { |
|
30 |
super(realm, event); |
|
31 |
event.event(EventType.LOGIN); |
|
32 |
} |
|
33 |
|
|
34 |
@GET |
|
35 |
public Response build() { |
|
36 |
MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); |
|
37 |
String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); |
|
38 |
boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM)); |
|
39 |
boolean gateway = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.GATEWAY_PARAM)); |
|
40 |
|
|
41 |
checkSsl(); |
|
42 |
checkRealm(); |
|
43 |
checkClient(service); |
|
44 |
|
|
45 |
createClientSession(); |
|
46 |
// So back button doesn't work |
|
47 |
CacheControlUtil.noBackButtonCacheControlHeader(); |
|
48 |
|
|
49 |
this.event.event(EventType.LOGIN); |
|
50 |
return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event, renew), gateway, false); |
|
51 |
} |
|
52 |
|
|
53 |
private void checkSsl() { |
|
54 |
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { |
|
55 |
event.error(Errors.SSL_REQUIRED); |
|
56 |
throw new ErrorPageException(session, Messages.HTTPS_REQUIRED); |
|
57 |
} |
|
58 |
} |
|
59 |
|
|
60 |
private void checkRealm() { |
|
61 |
if (!realm.isEnabled()) { |
|
62 |
event.error(Errors.REALM_DISABLED); |
|
63 |
throw new ErrorPageException(session, Messages.REALM_NOT_ENABLED); |
|
64 |
} |
|
65 |
} |
|
66 |
|
|
67 |
private void checkClient(String service) { |
|
68 |
if (service == null) { |
|
69 |
event.error(Errors.INVALID_REQUEST); |
|
70 |
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM); |
|
71 |
} |
|
72 |
|
|
73 |
client = realm.getClients().stream() |
|
74 |
.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) |
|
75 |
.filter(c -> RedirectUtils.verifyRedirectUri(uriInfo, service, realm, c) != null) |
|
76 |
.findFirst().orElse(null); |
|
77 |
if (client == null) { |
|
78 |
event.error(Errors.CLIENT_NOT_FOUND); |
|
79 |
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND); |
|
80 |
} |
|
81 |
|
|
82 |
if (!client.isEnabled()) { |
|
83 |
event.error(Errors.CLIENT_DISABLED); |
|
84 |
throw new ErrorPageException(session, Messages.CLIENT_DISABLED); |
|
85 |
} |
|
86 |
|
|
87 |
if (client.isBearerOnly()) { |
|
88 |
event.error(Errors.NOT_ALLOWED); |
|
89 |
throw new ErrorPageException(session, Messages.BEARER_ONLY); |
|
90 |
} |
|
91 |
|
|
92 |
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client); |
|
93 |
|
|
94 |
event.client(client.getClientId()); |
|
95 |
event.detail(Details.REDIRECT_URI, redirectUri); |
|
96 |
|
|
97 |
session.getContext().setClient(client); |
|
98 |
} |
|
99 |
|
|
100 |
private void createClientSession() { |
|
101 |
clientSession = session.sessions().createClientSession(realm, client); |
|
102 |
clientSession.setAuthMethod(CASLoginProtocol.LOGIN_PROTOCOL); |
|
103 |
clientSession.setRedirectUri(redirectUri); |
|
104 |
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name()); |
|
105 |
} |
|
106 |
} |