From 2dc9e536af754f94e8a96cc213faba8ff8bca451 Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Sun, 17 Jun 2018 08:53:06 +0000 Subject: [PATCH] update to Keycloak 4.0.0.Final --- src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java | 33 +++++---------------------------- 1 files changed, 5 insertions(+), 28 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java index c250578..6145334 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java @@ -18,7 +18,6 @@ import javax.ws.rs.GET; import javax.ws.rs.core.*; -import java.lang.reflect.Method; public class ValidateEndpoint { protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class); @@ -137,24 +136,14 @@ event.detail(Details.CODE_ID, parts[2]); } - ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult; - try { - // Keycloak >3.4 branch: Parameter event was added to ClientSessionCode.parseResult - Method parseResultMethod = ClientSessionCode.class.getMethod("parseResult", - String.class, KeycloakSession.class, RealmModel.class, EventBuilder.class, Class.class); - parseResult = (ClientSessionCode.ParseResult<AuthenticatedClientSessionModel>) parseResultMethod.invoke( - null, code, session, realm, event, AuthenticatedClientSessionModel.class); - } catch (ReflectiveOperationException e) { - // Keycloak <=3.3 branch - parseResult = ClientSessionCode.parseResult(code, session, realm, AuthenticatedClientSessionModel.class); - } + ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class); if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) { event.error(Errors.INVALID_CODE); // Attempt to use same code twice should invalidate existing clientSession AuthenticatedClientSessionModel clientSession = parseResult.getClientSession(); if (clientSession != null) { - clientSession.setUserSession(null); + clientSession.detachFromUserSession(); } throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); @@ -162,21 +151,9 @@ clientSession = parseResult.getClientSession(); - try { - // Keycloak >3.4 branch: Method isExpiredToken was added - Method isExpiredToken = ClientSessionCode.ParseResult.class.getMethod("isExpiredToken"); - if ((Boolean) isExpiredToken.invoke(parseResult)) { - event.error(Errors.EXPIRED_CODE); - throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); - } - } catch (ReflectiveOperationException e) { - // Keycloak <=3.3 branch - if (!parseResult.getCode().isValid(AuthenticatedClientSessionModel.Action.CODE_TO_TOKEN.name(), ClientSessionCode.ActionType.CLIENT)) { - event.error(Errors.INVALID_CODE); - throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); - } - - parseResult.getCode().setAction(null); + if (parseResult.isExpiredToken()) { + event.error(Errors.EXPIRED_CODE); + throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); } clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket); -- Gitblit v1.9.1