mirror of https://github.com/jacekkow/keycloak-protocol-cas
| commit | author | age | ||
| 755fd7 | 1 | package org.keycloak.protocol.cas.endpoints; |
| ARW | 2 | |
| 3 | import jakarta.ws.rs.GET; | |
| 4 | import jakarta.ws.rs.core.MediaType; | |
| 5 | import jakarta.ws.rs.core.MultivaluedMap; | |
| 6 | import jakarta.ws.rs.core.Response; | |
| 7 | import java.util.Map; | |
| 8 | import org.jboss.resteasy.annotations.cache.NoCache; | |
| 9 | import org.keycloak.events.Errors; | |
| 10 | import org.keycloak.events.EventBuilder; | |
| 11 | import org.keycloak.events.EventType; | |
| 12 | import org.keycloak.models.*; | |
| 13 | import org.keycloak.protocol.cas.CASLoginProtocol; | |
| 14 | import org.keycloak.protocol.cas.representations.CASErrorCode; | |
| 15 | import org.keycloak.protocol.cas.representations.CASServiceResponse; | |
| 16 | import org.keycloak.protocol.cas.utils.CASValidationException; | |
| 17 | import org.keycloak.protocol.cas.utils.ContentTypeHelper; | |
| 18 | import org.keycloak.protocol.cas.utils.ServiceResponseHelper; | |
| 19 | ||
| 20 | public class ProxyValidateEndpoint extends AbstractValidateEndpoint { | |
| 21 | ||
| 22 | public ProxyValidateEndpoint(KeycloakSession session,RealmModel realm, EventBuilder event) { | |
| 23 | super(session, realm, event); | |
| 24 | } | |
| 25 | ||
| 26 | @GET | |
| 27 | @NoCache | |
| 28 | public Response build() { | |
| 29 | MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); | |
| 30 | String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM); | |
| 31 | String pgtUrl = params.getFirst(CASLoginProtocol.PGTURL_PARAM); | |
| 32 | boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); | |
| 33 | ||
| 34 | event.event(EventType.CODE_TO_TOKEN); | |
| 35 | ||
| 36 | try { | |
| 37 | String prefix = ticket.startsWith(CASLoginProtocol.PROXY_TICKET_PREFIX)? CASLoginProtocol.PROXY_TICKET_PREFIX:( | |
| 38 | ticket.startsWith(CASLoginProtocol.SERVICE_TICKET_PREFIX)? CASLoginProtocol.SERVICE_TICKET_PREFIX : null | |
| 39 | ); | |
| 40 | ||
| 41 | if (prefix == null) { | |
| 42 | event.error(Errors.INVALID_CODE); | |
| 43 | throw new CASValidationException(CASErrorCode.INVALID_TICKET_SPEC, "Malformed service ticket", Response.Status.BAD_REQUEST); | |
| 44 | } | |
| 45 | ||
| 46 | checkSsl(); | |
| 47 | checkRealm(); | |
| 48 | checkTicket(ticket, prefix, renew); | |
| 49 | if (pgtUrl != null) createProxyGrant(pgtUrl); | |
| 50 | event.success(); | |
| 51 | return successResponse(); | |
| 52 | } catch (CASValidationException e) { | |
| 53 | return errorResponse(e); | |
| 54 | } | |
| 55 | } | |
| 56 | ||
| 57 | protected Response successResponse() { | |
| 58 | UserSessionModel userSession = clientSession.getUserSession(); | |
| 59 | Map<String, Object> attributes = getUserAttributes(); | |
| 60 | CASServiceResponse serviceResponse = ServiceResponseHelper.createSuccess(userSession.getUser().getUsername(),attributes); | |
| 61 | return prepare(Response.Status.OK, serviceResponse); | |
| 62 | } | |
| 63 | ||
| 64 | protected Response errorResponse(CASValidationException e) { | |
| 65 | CASServiceResponse serviceResponse = ServiceResponseHelper.createFailure(e.getError(), e.getErrorDescription()); | |
| 66 | return prepare(e.getStatus(), serviceResponse); | |
| 67 | } | |
| 68 | ||
| 69 | private Response prepare(Response.Status status, CASServiceResponse serviceResponse) { | |
| 70 | MediaType responseMediaType = new ContentTypeHelper(session.getContext().getUri()).selectResponseType(); | |
| 71 | return ServiceResponseHelper.createResponse(status, responseMediaType, serviceResponse); | |
| 72 | } | |
| 73 | } | |
