modules/keycloak-protocol-cas

Matthias Piepkorn

2017-01-29 352436410a73e70a8adffd8d5bfbd2bcdf97c139

commit \| author \| age
7f7e0c	1	package org.keycloak.protocol.cas.endpoints;
MP	2
	3	import org.jboss.logging.Logger;
	4	import org.keycloak.events.Details;
	5	import org.keycloak.events.Errors;
	6	import org.keycloak.events.EventBuilder;
	7	import org.keycloak.events.EventType;
	8	import org.keycloak.models.ClientModel;
	9	import org.keycloak.models.ClientSessionModel;
	10	import org.keycloak.models.RealmModel;
	11	import org.keycloak.protocol.AuthorizationEndpointBase;
	12	import org.keycloak.protocol.cas.CASLoginProtocol;
	13	import org.keycloak.protocol.oidc.utils.RedirectUtils;
	14	import org.keycloak.services.ErrorPageException;
	15	import org.keycloak.services.messages.Messages;
	16	import org.keycloak.services.util.CacheControlUtil;
	17
	18	import javax.ws.rs.GET;
	19	import javax.ws.rs.core.MultivaluedMap;
	20	import javax.ws.rs.core.Response;
	21
	22	public class AuthorizationEndpoint extends AuthorizationEndpointBase {
	23	private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
	24
	25	private ClientModel client;
	26	private ClientSessionModel clientSession;
	27	private String redirectUri;
	28
	29	public AuthorizationEndpoint(RealmModel realm, EventBuilder event) {
	30	super(realm, event);
	31	event.event(EventType.LOGIN);
	32	}
	33
	34	@GET
	35	public Response build() {
	36	MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
	37	String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
	38	boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM));
	39	boolean gateway = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.GATEWAY_PARAM));
	40
	41	checkSsl();
	42	checkRealm();
	43	checkClient(service);
	44
	45	createClientSession();
	46	// So back button doesn't work
	47	CacheControlUtil.noBackButtonCacheControlHeader();
	48
	49	this.event.event(EventType.LOGIN);
	50	return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event, renew), gateway, false);
	51	}
	52
	53	private void checkSsl() {
	54	if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
	55	event.error(Errors.SSL_REQUIRED);
	56	throw new ErrorPageException(session, Messages.HTTPS_REQUIRED);
	57	}
	58	}
	59
	60	private void checkRealm() {
	61	if (!realm.isEnabled()) {
	62	event.error(Errors.REALM_DISABLED);
	63	throw new ErrorPageException(session, Messages.REALM_NOT_ENABLED);
	64	}
	65	}
	66
	67	private void checkClient(String service) {
	68	if (service == null) {
	69	event.error(Errors.INVALID_REQUEST);
	70	throw new ErrorPageException(session, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
	71	}
	72
	73	client = realm.getClients().stream()
	74	.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
	75	.filter(c -> RedirectUtils.verifyRedirectUri(uriInfo, service, realm, c) != null)
	76	.findFirst().orElse(null);
	77	if (client == null) {
	78	event.error(Errors.CLIENT_NOT_FOUND);
	79	throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND);
	80	}
	81
	82	if (!client.isEnabled()) {
	83	event.error(Errors.CLIENT_DISABLED);
	84	throw new ErrorPageException(session, Messages.CLIENT_DISABLED);
	85	}
	86
	87	redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);
	88
	89	event.client(client.getClientId());
	90	event.detail(Details.REDIRECT_URI, redirectUri);
	91
	92	session.getContext().setClient(client);
	93	}
	94
	95	private void createClientSession() {
	96	clientSession = session.sessions().createClientSession(realm, client);
	97	clientSession.setAuthMethod(CASLoginProtocol.LOGIN_PROTOCOL);
	98	clientSession.setRedirectUri(redirectUri);
	99	clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
	100	}
	101	}