mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2023-11-24 8560e4a392962f6b1bdd40f444f091f6a36cdbd4
commit | author | age
7f7e0c 1 package org.keycloak.protocol.cas.endpoints;
MP 2
fdb9f6 3 import jakarta.ws.rs.GET;
JK 4 import jakarta.ws.rs.QueryParam;
5 import jakarta.ws.rs.core.Response;
7f7e0c 6 import org.jboss.logging.Logger;
MP 7 import org.jboss.resteasy.annotations.cache.NoCache;
4a6620 8 import org.keycloak.models.ClientModel;
7f7e0c 9 import org.keycloak.models.KeycloakSession;
MP 10 import org.keycloak.models.RealmModel;
11 import org.keycloak.models.UserSessionModel;
12 import org.keycloak.protocol.cas.CASLoginProtocol;
4a6620 13 import org.keycloak.protocol.oidc.utils.RedirectUtils;
MP 14 import org.keycloak.services.ErrorPage;
7f7e0c 15 import org.keycloak.services.managers.AuthenticationManager;
4a6620 16 import org.keycloak.services.messages.Messages;
7f7e0c 17
74f9bf 18 import java.net.URI;
7f7e0c 19
MP 20 public class LogoutEndpoint {
57a6c1 21     private static final Logger logger = Logger.getLogger(LogoutEndpoint.class);
7f7e0c 22
MP 23     private KeycloakSession session;
24
25     private RealmModel realm;
4a6620 26     private ClientModel client;
MP 27     private String redirectUri;
7f7e0c 28
ceed8f 29     public LogoutEndpoint(KeycloakSession session, RealmModel realm) {
JK 30         this.session = session;
7f7e0c 31         this.realm = realm;
MP 32     }
33
34     @GET
35     @NoCache
4a6620 36     public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) {
MP 37         checkClient(service);
7f7e0c 38
MP 39         AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);
40         if (authResult != null) {
41             UserSessionModel userSession = authResult.getSession();
42             userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL);
b88dc3 43
AP 44             if (redirectUri != null) {
45                 userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri);
46             }
7f7e0c 47
MP 48             logger.debug("Initiating CAS browser logout");
ceed8f 49             Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), session.getContext().getConnection(), session.getContext().getRequestHeaders());
7f7e0c 50             logger.debug("finishing CAS browser logout");
MP 51             return response;
52         }
74f9bf 53
V 54         if (redirectUri != null) {
55             logger.debugv("no active session, redirecting to {0}", redirectUri);
56             return Response.status(302).location(URI.create(redirectUri)).build();
57         }
58
6638b8 59         return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
4a6620 60     }
MP 61
62     private void checkClient(String service) {
63         if (service == null) {
64             return;
65         }
66
ea9555 67         client = realm.getClientsStream()
4a6620 68                 .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
019db5 69                 .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)
4a6620 70                 .findFirst().orElse(null);
MP 71         if (client != null) {
019db5 72             redirectUri = RedirectUtils.verifyRedirectUri(session, service, client);
4a6620 73
MP 74             session.getContext().setClient(client);
75         }
7f7e0c 76     }
MP 77 }