mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2024-06-21 befd2a8cf0de1002dad1db7320fd1a2198b89b75
commit | author | age
5d7080 1 package org.keycloak.protocol.cas.endpoints;
ARW 2
3 import jakarta.ws.rs.GET;
4 import jakarta.ws.rs.core.MediaType;
5 import jakarta.ws.rs.core.MultivaluedMap;
6 import jakarta.ws.rs.core.Response;
7 import java.util.Map;
8 import org.jboss.resteasy.annotations.cache.NoCache;
9 import org.keycloak.events.Errors;
10 import org.keycloak.events.EventBuilder;
11 import org.keycloak.events.EventType;
12 import org.keycloak.models.*;
13 import org.keycloak.protocol.cas.CASLoginProtocol;
14 import org.keycloak.protocol.cas.representations.CASErrorCode;
15 import org.keycloak.protocol.cas.representations.CASServiceResponse;
16 import org.keycloak.protocol.cas.utils.CASValidationException;
17 import org.keycloak.protocol.cas.utils.ContentTypeHelper;
18 import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
19
20 public class ProxyValidateEndpoint extends AbstractValidateEndpoint {
21
22     public ProxyValidateEndpoint(KeycloakSession session,RealmModel realm, EventBuilder event) {
23         super(session, realm, event);
24     }
25
26     @GET
27     @NoCache
28     public Response build() {
29         MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();
30         String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM);
31         String pgtUrl = params.getFirst(CASLoginProtocol.PGTURL_PARAM);
32         boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
33
34         event.event(EventType.CODE_TO_TOKEN);
35
36         try {
37             String prefix = ticket.startsWith(CASLoginProtocol.PROXY_TICKET_PREFIX)? CASLoginProtocol.PROXY_TICKET_PREFIX:(
38                 ticket.startsWith(CASLoginProtocol.SERVICE_TICKET_PREFIX)? CASLoginProtocol.SERVICE_TICKET_PREFIX : null
39             );
40
41             if (prefix == null) {
42                 event.error(Errors.INVALID_CODE);
43                 throw new CASValidationException(CASErrorCode.INVALID_TICKET_SPEC, "Malformed service ticket", Response.Status.BAD_REQUEST);
44             }
45
46             checkSsl();
47             checkRealm();
48             checkTicket(ticket, prefix, renew);
49             if (pgtUrl != null) createProxyGrant(pgtUrl);
50             event.success();
51             return successResponse();
52         } catch (CASValidationException e) {
53             return errorResponse(e);
54         }
55     }
56
57     protected Response successResponse() {
58         UserSessionModel userSession = clientSession.getUserSession();
59         Map<String, Object> attributes = getUserAttributes();
60         CASServiceResponse serviceResponse = ServiceResponseHelper.createSuccess(userSession.getUser().getUsername(),attributes);
61         return prepare(Response.Status.OK, serviceResponse);
62     }
63
64     protected Response errorResponse(CASValidationException e) {
65         CASServiceResponse serviceResponse = ServiceResponseHelper.createFailure(e.getError(), e.getErrorDescription());
66         return prepare(e.getStatus(), serviceResponse);
67     }
68
69     private Response prepare(Response.Status status, CASServiceResponse serviceResponse) {
70         MediaType responseMediaType = new ContentTypeHelper(session.getContext().getUri()).selectResponseType();
71         return ServiceResponseHelper.createResponse(status, responseMediaType, serviceResponse);
72     }
73 }