mirror of https://github.com/jacekkow/keycloak-protocol-cas
blame | history | raw
Alexandre Rocha Wendling
2024-06-26 755fd78fa0ee0f2a67417a119382c63e02c1091e 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

package org.keycloak.protocol.cas.endpoints;


 


import jakarta.ws.rs.GET;


import jakarta.ws.rs.core.MediaType;


import jakarta.ws.rs.core.MultivaluedMap;


import jakarta.ws.rs.core.Response;


import java.util.Map;


import org.jboss.resteasy.annotations.cache.NoCache;


import org.keycloak.events.Errors;


import org.keycloak.events.EventBuilder;


import org.keycloak.events.EventType;


import org.keycloak.models.*;


import org.keycloak.protocol.cas.CASLoginProtocol;


import org.keycloak.protocol.cas.representations.CASErrorCode;


import org.keycloak.protocol.cas.representations.CASServiceResponse;


import org.keycloak.protocol.cas.utils.CASValidationException;


import org.keycloak.protocol.cas.utils.ContentTypeHelper;


import org.keycloak.protocol.cas.utils.ServiceResponseHelper;


 


public class ProxyValidateEndpoint extends AbstractValidateEndpoint {


 


    public ProxyValidateEndpoint(KeycloakSession session,RealmModel realm, EventBuilder event) {


        super(session, realm, event);


    }


 


    @GET


    @NoCache


    public Response build() {


        MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();


        String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM);


        String pgtUrl = params.getFirst(CASLoginProtocol.PGTURL_PARAM);


        boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);


 


        event.event(EventType.CODE_TO_TOKEN);


 


        try {


            String prefix = ticket.startsWith(CASLoginProtocol.PROXY_TICKET_PREFIX)? CASLoginProtocol.PROXY_TICKET_PREFIX:(


                ticket.startsWith(CASLoginProtocol.SERVICE_TICKET_PREFIX)? CASLoginProtocol.SERVICE_TICKET_PREFIX : null


            );


 


            if (prefix == null) {


                event.error(Errors.INVALID_CODE);


                throw new CASValidationException(CASErrorCode.INVALID_TICKET_SPEC, "Malformed service ticket", Response.Status.BAD_REQUEST);


            }


 


            checkSsl();


            checkRealm();


            checkTicket(ticket, prefix, renew);


            if (pgtUrl != null) createProxyGrant(pgtUrl);


            event.success();


            return successResponse();


        } catch (CASValidationException e) {


            return errorResponse(e);


        }


    }


 


    protected Response successResponse() {


        UserSessionModel userSession = clientSession.getUserSession();


        Map<String, Object> attributes = getUserAttributes();


        CASServiceResponse serviceResponse = ServiceResponseHelper.createSuccess(userSession.getUser().getUsername(),attributes);


        return prepare(Response.Status.OK, serviceResponse);


    }


 


    protected Response errorResponse(CASValidationException e) {


        CASServiceResponse serviceResponse = ServiceResponseHelper.createFailure(e.getError(), e.getErrorDescription());


        return prepare(e.getStatus(), serviceResponse);


    }


 


    private Response prepare(Response.Status status, CASServiceResponse serviceResponse) {


        MediaType responseMediaType = new ContentTypeHelper(session.getContext().getUri()).selectResponseType();


        return ServiceResponseHelper.createResponse(status, responseMediaType, serviceResponse);


    }


}