commit | author | age
|
7f7e0c
|
1 |
package org.keycloak.protocol.cas.endpoints; |
MP |
2 |
|
|
3 |
import org.jboss.logging.Logger; |
|
4 |
import org.jboss.resteasy.annotations.cache.NoCache; |
|
5 |
import org.jboss.resteasy.spi.HttpRequest; |
|
6 |
import org.keycloak.common.ClientConnection; |
|
7 |
import org.keycloak.events.EventBuilder; |
4a6620
|
8 |
import org.keycloak.models.ClientModel; |
7f7e0c
|
9 |
import org.keycloak.models.KeycloakSession; |
MP |
10 |
import org.keycloak.models.RealmModel; |
|
11 |
import org.keycloak.models.UserSessionModel; |
|
12 |
import org.keycloak.protocol.cas.CASLoginProtocol; |
4a6620
|
13 |
import org.keycloak.protocol.oidc.utils.RedirectUtils; |
MP |
14 |
import org.keycloak.services.ErrorPage; |
7f7e0c
|
15 |
import org.keycloak.services.managers.AuthenticationManager; |
4a6620
|
16 |
import org.keycloak.services.messages.Messages; |
7f7e0c
|
17 |
|
MP |
18 |
import javax.ws.rs.GET; |
4a6620
|
19 |
import javax.ws.rs.QueryParam; |
7f7e0c
|
20 |
import javax.ws.rs.core.Context; |
MP |
21 |
import javax.ws.rs.core.HttpHeaders; |
|
22 |
import javax.ws.rs.core.Response; |
|
23 |
import javax.ws.rs.core.UriInfo; |
|
24 |
|
|
25 |
public class LogoutEndpoint { |
57a6c1
|
26 |
private static final Logger logger = Logger.getLogger(LogoutEndpoint.class); |
7f7e0c
|
27 |
|
MP |
28 |
@Context |
|
29 |
private KeycloakSession session; |
|
30 |
|
|
31 |
@Context |
|
32 |
private ClientConnection clientConnection; |
|
33 |
|
|
34 |
@Context |
|
35 |
private HttpRequest request; |
|
36 |
|
|
37 |
@Context |
|
38 |
private HttpHeaders headers; |
|
39 |
|
|
40 |
@Context |
|
41 |
private UriInfo uriInfo; |
|
42 |
|
|
43 |
private RealmModel realm; |
|
44 |
private EventBuilder event; |
4a6620
|
45 |
private ClientModel client; |
MP |
46 |
private String redirectUri; |
7f7e0c
|
47 |
|
MP |
48 |
public LogoutEndpoint(RealmModel realm, EventBuilder event) { |
|
49 |
this.realm = realm; |
|
50 |
this.event = event; |
|
51 |
} |
|
52 |
|
|
53 |
@GET |
|
54 |
@NoCache |
4a6620
|
55 |
public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) { |
MP |
56 |
checkClient(service); |
7f7e0c
|
57 |
|
MP |
58 |
AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false); |
|
59 |
if (authResult != null) { |
|
60 |
UserSessionModel userSession = authResult.getSession(); |
|
61 |
userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL); |
4a6620
|
62 |
if (redirectUri != null) userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri); |
7f7e0c
|
63 |
|
MP |
64 |
logger.debug("Initiating CAS browser logout"); |
|
65 |
Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers); |
|
66 |
logger.debug("finishing CAS browser logout"); |
|
67 |
return response; |
|
68 |
} |
4a6620
|
69 |
return ErrorPage.error(session, Messages.FAILED_LOGOUT); |
MP |
70 |
} |
|
71 |
|
|
72 |
private void checkClient(String service) { |
|
73 |
if (service == null) { |
|
74 |
return; |
|
75 |
} |
|
76 |
|
|
77 |
client = realm.getClients().stream() |
|
78 |
.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) |
|
79 |
.filter(c -> RedirectUtils.verifyRedirectUri(uriInfo, service, realm, c) != null) |
|
80 |
.findFirst().orElse(null); |
|
81 |
if (client != null) { |
|
82 |
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client); |
|
83 |
|
|
84 |
session.getContext().setClient(client); |
|
85 |
} |
7f7e0c
|
86 |
} |
MP |
87 |
} |