commit | author | age
|
7f7e0c
|
1 |
package org.keycloak.protocol.cas.endpoints; |
MP |
2 |
|
|
3 |
import org.jboss.logging.Logger; |
|
4 |
import org.keycloak.events.Details; |
|
5 |
import org.keycloak.events.Errors; |
|
6 |
import org.keycloak.events.EventBuilder; |
|
7 |
import org.keycloak.events.EventType; |
|
8 |
import org.keycloak.models.ClientModel; |
|
9 |
import org.keycloak.models.RealmModel; |
|
10 |
import org.keycloak.protocol.AuthorizationEndpointBase; |
|
11 |
import org.keycloak.protocol.cas.CASLoginProtocol; |
|
12 |
import org.keycloak.protocol.oidc.utils.RedirectUtils; |
|
13 |
import org.keycloak.services.ErrorPageException; |
|
14 |
import org.keycloak.services.messages.Messages; |
|
15 |
import org.keycloak.services.util.CacheControlUtil; |
f75caf
|
16 |
import org.keycloak.sessions.AuthenticationSessionModel; |
7f7e0c
|
17 |
|
MP |
18 |
import javax.ws.rs.GET; |
|
19 |
import javax.ws.rs.core.MultivaluedMap; |
|
20 |
import javax.ws.rs.core.Response; |
|
21 |
|
|
22 |
public class AuthorizationEndpoint extends AuthorizationEndpointBase { |
|
23 |
private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class); |
|
24 |
|
|
25 |
private ClientModel client; |
f75caf
|
26 |
private AuthenticationSessionModel authenticationSession; |
7f7e0c
|
27 |
private String redirectUri; |
MP |
28 |
|
|
29 |
public AuthorizationEndpoint(RealmModel realm, EventBuilder event) { |
|
30 |
super(realm, event); |
|
31 |
event.event(EventType.LOGIN); |
|
32 |
} |
|
33 |
|
|
34 |
@GET |
|
35 |
public Response build() { |
dee145
|
36 |
MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); |
7f7e0c
|
37 |
String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); |
7124d2
|
38 |
boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); |
MP |
39 |
boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM); |
7f7e0c
|
40 |
|
MP |
41 |
checkSsl(); |
|
42 |
checkRealm(); |
|
43 |
checkClient(service); |
|
44 |
|
6638b8
|
45 |
authenticationSession = createAuthenticationSession(client, null); |
f75caf
|
46 |
updateAuthenticationSession(); |
MP |
47 |
|
7f7e0c
|
48 |
// So back button doesn't work |
MP |
49 |
CacheControlUtil.noBackButtonCacheControlHeader(); |
|
50 |
|
7124d2
|
51 |
if (renew) { |
f75caf
|
52 |
authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true"); |
7124d2
|
53 |
} |
58cea4
|
54 |
if (gateway) { |
JK |
55 |
authenticationSession.setClientNote(CASLoginProtocol.GATEWAY_PARAM, "true"); |
|
56 |
} |
7124d2
|
57 |
|
7f7e0c
|
58 |
this.event.event(EventType.LOGIN); |
dee145
|
59 |
return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false); |
7f7e0c
|
60 |
} |
MP |
61 |
|
|
62 |
private void checkClient(String service) { |
|
63 |
if (service == null) { |
|
64 |
event.error(Errors.INVALID_REQUEST); |
6638b8
|
65 |
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM); |
7f7e0c
|
66 |
} |
MP |
67 |
|
|
68 |
client = realm.getClients().stream() |
|
69 |
.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) |
019db5
|
70 |
.filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null) |
7f7e0c
|
71 |
.findFirst().orElse(null); |
MP |
72 |
if (client == null) { |
|
73 |
event.error(Errors.CLIENT_NOT_FOUND); |
6638b8
|
74 |
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND); |
7f7e0c
|
75 |
} |
MP |
76 |
|
|
77 |
if (!client.isEnabled()) { |
|
78 |
event.error(Errors.CLIENT_DISABLED); |
6638b8
|
79 |
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED); |
7f7e0c
|
80 |
} |
MP |
81 |
|
019db5
|
82 |
redirectUri = RedirectUtils.verifyRedirectUri(session, service, client); |
7f7e0c
|
83 |
|
MP |
84 |
event.client(client.getClientId()); |
|
85 |
event.detail(Details.REDIRECT_URI, redirectUri); |
|
86 |
|
|
87 |
session.getContext().setClient(client); |
|
88 |
} |
|
89 |
|
f75caf
|
90 |
private void updateAuthenticationSession() { |
MP |
91 |
authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL); |
|
92 |
authenticationSession.setRedirectUri(redirectUri); |
|
93 |
authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name()); |
7f7e0c
|
94 |
} |
MP |
95 |
} |