mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2023-11-24 81877a6524d8721ec30debb771e050886c37c861
commit | author | age
7f7e0c 1 package org.keycloak.protocol.cas.endpoints;
MP 2
fdb9f6 3 import jakarta.ws.rs.GET;
JK 4 import jakarta.ws.rs.QueryParam;
5 import jakarta.ws.rs.core.Context;
6 import jakarta.ws.rs.core.HttpHeaders;
7 import jakarta.ws.rs.core.Response;
7f7e0c 8 import org.jboss.logging.Logger;
MP 9 import org.jboss.resteasy.annotations.cache.NoCache;
10 import org.jboss.resteasy.spi.HttpRequest;
11 import org.keycloak.common.ClientConnection;
4a6620 12 import org.keycloak.models.ClientModel;
7f7e0c 13 import org.keycloak.models.KeycloakSession;
MP 14 import org.keycloak.models.RealmModel;
15 import org.keycloak.models.UserSessionModel;
16 import org.keycloak.protocol.cas.CASLoginProtocol;
4a6620 17 import org.keycloak.protocol.oidc.utils.RedirectUtils;
MP 18 import org.keycloak.services.ErrorPage;
7f7e0c 19 import org.keycloak.services.managers.AuthenticationManager;
4a6620 20 import org.keycloak.services.messages.Messages;
7f7e0c 21
74f9bf 22 import java.net.URI;
7f7e0c 23
MP 24 public class LogoutEndpoint {
57a6c1 25     private static final Logger logger = Logger.getLogger(LogoutEndpoint.class);
7f7e0c 26
MP 27     @Context
28     private KeycloakSession session;
29
30     @Context
31     private ClientConnection clientConnection;
32
33     @Context
34     private HttpRequest request;
35
36     @Context
37     private HttpHeaders headers;
38
39     private RealmModel realm;
4a6620 40     private ClientModel client;
MP 41     private String redirectUri;
7f7e0c 42
b88dc3 43     public LogoutEndpoint(RealmModel realm) {
7f7e0c 44         this.realm = realm;
MP 45     }
46
47     @GET
48     @NoCache
4a6620 49     public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) {
MP 50         checkClient(service);
7f7e0c 51
MP 52         AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);
53         if (authResult != null) {
54             UserSessionModel userSession = authResult.getSession();
55             userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL);
b88dc3 56
AP 57             if (redirectUri != null) {
58                 userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri);
59             }
7f7e0c 60
MP 61             logger.debug("Initiating CAS browser logout");
d5f868 62             Response response =  AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), clientConnection, headers);
7f7e0c 63             logger.debug("finishing CAS browser logout");
MP 64             return response;
65         }
74f9bf 66
V 67         if (redirectUri != null) {
68             logger.debugv("no active session, redirecting to {0}", redirectUri);
69             return Response.status(302).location(URI.create(redirectUri)).build();
70         }
71
6638b8 72         return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
4a6620 73     }
MP 74
75     private void checkClient(String service) {
76         if (service == null) {
77             return;
78         }
79
ea9555 80         client = realm.getClientsStream()
4a6620 81                 .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
019db5 82                 .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)
4a6620 83                 .findFirst().orElse(null);
MP 84         if (client != null) {
019db5 85             redirectUri = RedirectUtils.verifyRedirectUri(session, service, client);
4a6620 86
MP 87             session.getContext().setClient(client);
88         }
7f7e0c 89     }
MP 90 }