mirror of https://github.com/jacekkow/keycloak-protocol-cas
blame | history | patch | commit | commitdiff | ignore whitespace
Jacek Kowalski
2023-11-24 e3e192bc4cb1fb4c7aa5eee57eab525500388ce7 
 src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java


@@ -1,8 +1,8 @@


package org.keycloak.protocol.cas.endpoints;




import jakarta.ws.rs.core.Response;


import org.jboss.logging.Logger;


import org.jboss.resteasy.spi.HttpRequest;


import org.keycloak.common.ClientConnection;


import org.keycloak.events.Details;


import org.keycloak.events.Errors;


import org.keycloak.events.EventBuilder;


import org.keycloak.models.*;


@@ -16,35 +16,27 @@


import org.keycloak.services.managers.AuthenticationManager;


import org.keycloak.services.util.DefaultClientSessionContext;




import javax.ws.rs.core.Context;


import javax.ws.rs.core.HttpHeaders;


import javax.ws.rs.core.Response;


import java.util.HashMap;


import java.util.Map;


import java.util.Set;


import java.util.stream.Collectors;




public abstract class AbstractValidateEndpoint {


    protected final Logger logger = Logger.getLogger(getClass());


    @Context


    protected KeycloakSession session;


    @Context


    protected ClientConnection clientConnection;


    @Context


    protected HttpRequest request;


    @Context


    protected HttpHeaders headers;


    protected RealmModel realm;


    protected EventBuilder event;


    protected ClientModel client;


    protected AuthenticatedClientSessionModel clientSession;




    public AbstractValidateEndpoint(RealmModel realm, EventBuilder event) {


    public AbstractValidateEndpoint(KeycloakSession session, RealmModel realm, EventBuilder event) {


        this.session = session;


        this.realm = realm;


        this.event = event;


    }




    protected void checkSsl() {


        if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {


        if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(session.getContext().getConnection())) {


            throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "HTTPS required", Response.Status.FORBIDDEN);


        }


    }


@@ -61,7 +53,9 @@


            throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "Missing parameter: " + CASLoginProtocol.SERVICE_PARAM, Response.Status.BAD_REQUEST);


        }




        client = realm.getClients().stream()


        event.detail(Details.REDIRECT_URI, service);




        client = realm.getClientsStream()


                .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))


                .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)


                .findFirst().orElse(null);


@@ -155,7 +149,7 @@


        // CAS protocol does not support scopes, so pass null scopeParam


        ClientSessionContext clientSessionCtx = DefaultClientSessionContext.fromClientSessionAndScopeParameter(clientSession, null, session);




        Set<ProtocolMapperModel> mappings = clientSessionCtx.getProtocolMappers();


        Set<ProtocolMapperModel> mappings = clientSessionCtx.getProtocolMappersStream().collect(Collectors.toSet());


        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();


        Map<String, Object> attributes = new HashMap<>();


        for (ProtocolMapperModel mapping : mappings) {