mirror of https://github.com/jacekkow/keycloak-protocol-cas
blame | history | raw
Jacek Kowalski
2023-11-24 f3460d82f87591ebf1260e02ef7565f5e8eb00f3 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

package org.keycloak.protocol.cas.endpoints;


 


import jakarta.ws.rs.GET;


import jakarta.ws.rs.QueryParam;


import jakarta.ws.rs.core.Response;


import org.jboss.logging.Logger;


import org.jboss.resteasy.annotations.cache.NoCache;


import org.keycloak.models.ClientModel;


import org.keycloak.models.KeycloakSession;


import org.keycloak.models.RealmModel;


import org.keycloak.models.UserSessionModel;


import org.keycloak.protocol.cas.CASLoginProtocol;


import org.keycloak.protocol.oidc.utils.RedirectUtils;


import org.keycloak.services.ErrorPage;


import org.keycloak.services.managers.AuthenticationManager;


import org.keycloak.services.messages.Messages;


 


import java.net.URI;


 


public class LogoutEndpoint {


    private static final Logger logger = Logger.getLogger(LogoutEndpoint.class);


 


    private KeycloakSession session;


 


    private RealmModel realm;


    private ClientModel client;


    private String redirectUri;


 


    public LogoutEndpoint(KeycloakSession session, RealmModel realm) {


        this.session = session;


        this.realm = realm;


    }


 


    @GET


    @NoCache


    public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) {


        checkClient(service);


 


        AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);


        if (authResult != null) {


            UserSessionModel userSession = authResult.getSession();


            userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL);


 


            if (redirectUri != null) {


                userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri);


            }


 


            logger.debug("Initiating CAS browser logout");


            Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), session.getContext().getUri(), session.getContext().getConnection(), session.getContext().getRequestHeaders());


            logger.debug("finishing CAS browser logout");


            return response;


        }


 


        if (redirectUri != null) {


            logger.debugv("no active session, redirecting to {0}", redirectUri);


            return Response.status(302).location(URI.create(redirectUri)).build();


        }


 


        return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);


    }


 


    private void checkClient(String service) {


        if (service == null) {


            return;


        }


 


        client = realm.getClientsStream()


                .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))


                .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)


                .findFirst().orElse(null);


        if (client != null) {


            redirectUri = RedirectUtils.verifyRedirectUri(session, service, client);


 


            session.getContext().setClient(client);


        }


    }


}