mirror of https://github.com/jacekkow/keycloak-protocol-cas
view | history | commit | commitdiff
vld
2023-04-14 74f9bff6d026515e446d34f007fee35c3eee7794
commit | author | age
7f7e0c 1 package org.keycloak.protocol.cas.endpoints;
MP 2
3 import org.jboss.logging.Logger;
4 import org.jboss.resteasy.annotations.cache.NoCache;
5 import org.jboss.resteasy.spi.HttpRequest;
6 import org.keycloak.common.ClientConnection;
b88dc3 7 import org.keycloak.events.Details;
AP 8 import org.keycloak.events.Errors;
7f7e0c 9 import org.keycloak.events.EventBuilder;
b88dc3 10 import org.keycloak.events.EventType;
4a6620 11 import org.keycloak.models.ClientModel;
7f7e0c 12 import org.keycloak.models.KeycloakSession;
MP 13 import org.keycloak.models.RealmModel;
14 import org.keycloak.models.UserSessionModel;
15 import org.keycloak.protocol.cas.CASLoginProtocol;
4a6620 16 import org.keycloak.protocol.oidc.utils.RedirectUtils;
MP 17 import org.keycloak.services.ErrorPage;
7f7e0c 18 import org.keycloak.services.managers.AuthenticationManager;
4a6620 19 import org.keycloak.services.messages.Messages;
7f7e0c 20
MP 21 import javax.ws.rs.GET;
4a6620 22 import javax.ws.rs.QueryParam;
7f7e0c 23 import javax.ws.rs.core.Context;
MP 24 import javax.ws.rs.core.HttpHeaders;
25 import javax.ws.rs.core.Response;
74f9bf 26 import java.net.URI;
7f7e0c 27
MP 28 public class LogoutEndpoint {
57a6c1 29     private static final Logger logger = Logger.getLogger(LogoutEndpoint.class);
7f7e0c 30
MP 31     @Context
32     private KeycloakSession session;
33
34     @Context
35     private ClientConnection clientConnection;
36
37     @Context
38     private HttpRequest request;
39
40     @Context
41     private HttpHeaders headers;
42
43     private RealmModel realm;
4a6620 44     private ClientModel client;
MP 45     private String redirectUri;
7f7e0c 46
b88dc3 47     public LogoutEndpoint(RealmModel realm) {
7f7e0c 48         this.realm = realm;
MP 49     }
50
51     @GET
52     @NoCache
4a6620 53     public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) {
MP 54         checkClient(service);
7f7e0c 55
MP 56         AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);
57         if (authResult != null) {
58             UserSessionModel userSession = authResult.getSession();
59             userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL);
b88dc3 60
AP 61             if (redirectUri != null) {
62                 userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri);
63             }
7f7e0c 64
MP 65             logger.debug("Initiating CAS browser logout");
d5f868 66             Response response =  AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers);
7f7e0c 67             logger.debug("finishing CAS browser logout");
MP 68             return response;
69         }
74f9bf 70
V 71         if (redirectUri != null) {
72             logger.debugv("no active session, redirecting to {0}", redirectUri);
73             return Response.status(302).location(URI.create(redirectUri)).build();
74         }
75
6638b8 76         return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
4a6620 77     }
MP 78
79     private void checkClient(String service) {
80         if (service == null) {
81             return;
82         }
83
ea9555 84         client = realm.getClientsStream()
4a6620 85                 .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
019db5 86                 .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)
4a6620 87                 .findFirst().orElse(null);
MP 88         if (client != null) {
019db5 89             redirectUri = RedirectUtils.verifyRedirectUri(session, service, client);
4a6620 90
MP 91             session.getContext().setClient(client);
92         }
7f7e0c 93     }
MP 94 }