commit | author | age
|
7f7e0c
|
1 |
package org.keycloak.protocol.cas.endpoints; |
MP |
2 |
|
fdb9f6
|
3 |
import jakarta.ws.rs.GET; |
JK |
4 |
import jakarta.ws.rs.QueryParam; |
|
5 |
import jakarta.ws.rs.core.Response; |
7f7e0c
|
6 |
import org.jboss.logging.Logger; |
MP |
7 |
import org.jboss.resteasy.annotations.cache.NoCache; |
4a6620
|
8 |
import org.keycloak.models.ClientModel; |
7f7e0c
|
9 |
import org.keycloak.models.KeycloakSession; |
MP |
10 |
import org.keycloak.models.RealmModel; |
|
11 |
import org.keycloak.models.UserSessionModel; |
|
12 |
import org.keycloak.protocol.cas.CASLoginProtocol; |
4a6620
|
13 |
import org.keycloak.protocol.oidc.utils.RedirectUtils; |
MP |
14 |
import org.keycloak.services.ErrorPage; |
7f7e0c
|
15 |
import org.keycloak.services.managers.AuthenticationManager; |
4a6620
|
16 |
import org.keycloak.services.messages.Messages; |
7f7e0c
|
17 |
|
74f9bf
|
18 |
import java.net.URI; |
7f7e0c
|
19 |
|
MP |
20 |
public class LogoutEndpoint { |
57a6c1
|
21 |
private static final Logger logger = Logger.getLogger(LogoutEndpoint.class); |
7f7e0c
|
22 |
|
MP |
23 |
private KeycloakSession session; |
|
24 |
|
|
25 |
private RealmModel realm; |
4a6620
|
26 |
private ClientModel client; |
MP |
27 |
private String redirectUri; |
7f7e0c
|
28 |
|
e1b962
|
29 |
public LogoutEndpoint(KeycloakSession session, RealmModel realm) { |
JK |
30 |
this.session = session; |
7f7e0c
|
31 |
this.realm = realm; |
MP |
32 |
} |
|
33 |
|
|
34 |
@GET |
|
35 |
@NoCache |
4a6620
|
36 |
public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) { |
MP |
37 |
checkClient(service); |
7f7e0c
|
38 |
|
MP |
39 |
AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false); |
|
40 |
if (authResult != null) { |
|
41 |
UserSessionModel userSession = authResult.getSession(); |
|
42 |
userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL); |
b88dc3
|
43 |
|
AP |
44 |
if (redirectUri != null) { |
|
45 |
userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri); |
|
46 |
} |
7f7e0c
|
47 |
|
MP |
48 |
logger.debug("Initiating CAS browser logout"); |
e1b962
|
49 |
Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), session.getContext().getConnection(), session.getContext().getRequestHeaders()); |
7f7e0c
|
50 |
logger.debug("finishing CAS browser logout"); |
MP |
51 |
return response; |
|
52 |
} |
74f9bf
|
53 |
|
V |
54 |
if (redirectUri != null) { |
|
55 |
logger.debugv("no active session, redirecting to {0}", redirectUri); |
|
56 |
return Response.status(302).location(URI.create(redirectUri)).build(); |
|
57 |
} |
|
58 |
|
6638b8
|
59 |
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT); |
4a6620
|
60 |
} |
MP |
61 |
|
|
62 |
private void checkClient(String service) { |
|
63 |
if (service == null) { |
|
64 |
return; |
|
65 |
} |
|
66 |
|
ea9555
|
67 |
client = realm.getClientsStream() |
4a6620
|
68 |
.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) |
019db5
|
69 |
.filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null) |
4a6620
|
70 |
.findFirst().orElse(null); |
MP |
71 |
if (client != null) { |
019db5
|
72 |
redirectUri = RedirectUtils.verifyRedirectUri(session, service, client); |
4a6620
|
73 |
|
MP |
74 |
session.getContext().setClient(client); |
|
75 |
} |
7f7e0c
|
76 |
} |
MP |
77 |
} |