mirror of https://github.com/jacekkow/keycloak-protocol-cas
blame | history | raw
Matthias Piepkorn
2017-01-27 7f7e0cce1b38b199d9a8c22a5e85e18e5c37c7c5 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

package org.keycloak.protocol.cas;


 


import org.keycloak.common.util.KeycloakUriBuilder;


import org.keycloak.events.EventBuilder;


import org.keycloak.events.EventType;


import org.keycloak.models.*;


import org.keycloak.protocol.LoginProtocol;


import org.keycloak.services.managers.ClientSessionCode;


import org.keycloak.services.managers.ResourceAdminManager;


 


import javax.ws.rs.core.HttpHeaders;


import javax.ws.rs.core.Response;


import javax.ws.rs.core.UriInfo;


import java.net.URI;


 


public class CASLoginProtocol implements LoginProtocol {


    public static final String LOGIN_PROTOCOL = "cas";


 


    public static final String SERVICE_PARAM = "service";


    public static final String RENEW_PARAM = "renew";


    public static final String GATEWAY_PARAM = "gateway";


    public static final String TICKET_PARAM = "ticket";


    public static final String FORMAT_PARAM = "format";


 


    public static final String TICKET_RESPONSE_PARAM = "ticket";


 


    public static final String SERVICE_TICKET_PREFIX = "ST-";


 


    protected KeycloakSession session;


    protected RealmModel realm;


    protected UriInfo uriInfo;


    protected HttpHeaders headers;


    protected EventBuilder event;


    private boolean requireReauth;


 


    public CASLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, EventBuilder event, boolean requireReauth) {


        this.session = session;


        this.realm = realm;


        this.uriInfo = uriInfo;


        this.headers = headers;


        this.event = event;


        this.requireReauth = requireReauth;


    }


 


    public CASLoginProtocol() {


    }


 


    @Override


    public CASLoginProtocol setSession(KeycloakSession session) {


        this.session = session;


        return this;


    }


 


    @Override


    public CASLoginProtocol setRealm(RealmModel realm) {


        this.realm = realm;


        return this;


    }


 


    @Override


    public CASLoginProtocol setUriInfo(UriInfo uriInfo) {


        this.uriInfo = uriInfo;


        return this;


    }


 


    @Override


    public CASLoginProtocol setHttpHeaders(HttpHeaders headers) {


        this.headers = headers;


        return this;


    }


 


    @Override


    public CASLoginProtocol setEventBuilder(EventBuilder event) {


        this.event = event;


        return this;


    }


 


    @Override


    public Response authenticated(UserSessionModel userSession, ClientSessionCode accessCode) {


        ClientSessionModel clientSession = accessCode.getClientSession();


 


        String service = clientSession.getRedirectUri();


        //TODO validate service


        accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN.name());


        KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);


        uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + accessCode.getCode());


 


        URI redirectUri = uriBuilder.build();


 


        Response.ResponseBuilder location = Response.status(302).location(redirectUri);


        return location.build();


    }


 


    @Override


    public Response sendError(ClientSessionModel clientSession, Error error) {


        return Response.serverError().entity(error).build();


    }


 


    @Override


    public void backchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession) {


        ClientModel client = clientSession.getClient();


        new ResourceAdminManager(session).logoutClientSession(uriInfo.getRequestUri(), realm, client, clientSession);


    }


 


    @Override


    public Response frontchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession) {


        // todo oidc redirect support


        throw new RuntimeException("NOT IMPLEMENTED");


    }


 


    @Override


    public Response finishLogout(UserSessionModel userSession) {


        event.event(EventType.LOGOUT);


        event.user(userSession.getUser()).session(userSession).success();


        return Response.ok().build();


    }


 


    @Override


    public boolean requireReauthentication(UserSessionModel userSession, ClientSessionModel clientSession) {


        return requireReauth;


    }


 


    @Override


    public void close() {


 


    }


}