From 6638b8429ef70338054980441de98cfa959c4d1f Mon Sep 17 00:00:00 2001
From: Matthias Piepkorn <mpiepk@gmail.com>
Date: Mon, 22 Jan 2018 19:26:42 +0000
Subject: [PATCH] update for Keycloak 3.4.3, version now matches Keycloak version
---
.travis.yml | 6 ---
src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java | 33 ++--------------
src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java | 13 ------
pom.xml | 4 +-
src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java | 2
src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java | 18 ++-------
integrationTest/suite.sh | 2
7 files changed, 14 insertions(+), 64 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 27bd183..731551e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,12 +13,6 @@
- docker
env:
-# - KEYCLOAK_VERSION=2.5.5.Final
-# - KEYCLOAK_VERSION=3.0.0.Final
-# - KEYCLOAK_VERSION=3.1.0.Final
- - KEYCLOAK_VERSION=3.2.1.Final
- - KEYCLOAK_VERSION=3.3.0.Final
- - KEYCLOAK_VERSION=3.4.0.Final
- KEYCLOAK_VERSION=3.4.3.Final
before_install:
diff --git a/integrationTest/suite.sh b/integrationTest/suite.sh
index 35d9f00..6958b45 100755
--- a/integrationTest/suite.sh
+++ b/integrationTest/suite.sh
@@ -12,7 +12,7 @@
exit 1
fi
- login_url=${BASH_REMATCH[1]}
+ login_url=${BASH_REMATCH[1]//&/&}
redirect_response=$(curl --fail --silent -D - -b /tmp/cookies --data 'username=admin&password=admin' "$login_url")
if [[ !($redirect_response =~ $ticket_pattern) ]] ; then
echo "No service ticket found in response"
diff --git a/pom.xml b/pom.xml
index a502285..59de4c5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,12 +22,12 @@
<groupId>org.keycloak</groupId>
<artifactId>keycloak-protocol-cas</artifactId>
- <version>2.1.1-SNAPSHOT</version>
+ <version>3.4.3</version>
<name>Keycloak CAS Protocol</name>
<description />
<properties>
- <keycloak.version>3.2.0.Final</keycloak.version>
+ <keycloak.version>${project.version}.Final</keycloak.version>
<jboss.logging.version>3.3.0.Final</jboss.logging.version>
<jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version>
<junit.version>4.12</junit.version>
diff --git a/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java b/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java
index b796962..dd08b5b 100644
--- a/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java
+++ b/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java
@@ -12,13 +12,11 @@
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.sessions.AuthenticationSessionModel;
-import org.keycloak.sessions.CommonClientSessionModel;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
-import java.lang.reflect.Method;
import java.net.URI;
public class CASLoginProtocol implements LoginProtocol {
@@ -93,16 +91,7 @@
String service = clientSession.getRedirectUri();
//TODO validate service
- String code;
- try {
- // Keycloak >3.4 branch: Method getCode was renamed to getOrGenerateCode, CODE_TO_TOKEN was removed
- Method getOrGenerateCode = ClientSessionCode.class.getMethod("getOrGenerateCode");
- code = (String) getOrGenerateCode.invoke(accessCode);
- } catch (ReflectiveOperationException e) {
- // Keycloak <=3.3 branch
- accessCode.setAction(CommonClientSessionModel.Action.CODE_TO_TOKEN.name());
- code = accessCode.getCode();
- }
+ String code = accessCode.getOrGenerateCode();
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java
index 339051f..bcf1231 100644
--- a/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java
+++ b/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java
@@ -42,12 +42,7 @@
checkRealm();
checkClient(service);
- AuthorizationEndpointChecks checks = getOrCreateAuthenticationSession(client, null);
- if (checks.response != null) {
- return checks.response;
- }
-
- authenticationSession = checks.authSession;
+ authenticationSession = createAuthenticationSession(client, null);
updateAuthenticationSession();
// So back button doesn't work
@@ -64,7 +59,7 @@
private void checkClient(String service) {
if (service == null) {
event.error(Errors.INVALID_REQUEST);
- throw new ErrorPageException(session, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
+ throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
}
client = realm.getClients().stream()
@@ -73,12 +68,12 @@
.findFirst().orElse(null);
if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND);
- throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND);
+ throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
}
if (!client.isEnabled()) {
event.error(Errors.CLIENT_DISABLED);
- throw new ErrorPageException(session, Messages.CLIENT_DISABLED);
+ throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
}
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);
@@ -93,10 +88,5 @@
authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL);
authenticationSession.setRedirectUri(redirectUri);
authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
- }
-
- @Override
- protected boolean isNewRequest(AuthenticationSessionModel authSession, ClientModel clientFromRequest, String requestState) {
- return true;
}
}
diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java
index b29588f..1db8322 100644
--- a/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java
+++ b/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java
@@ -66,7 +66,7 @@
logger.debug("finishing CAS browser logout");
return response;
}
- return ErrorPage.error(session, Messages.FAILED_LOGOUT);
+ return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
}
private void checkClient(String service) {
diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
index c250578..6145334 100644
--- a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
+++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
@@ -18,7 +18,6 @@
import javax.ws.rs.GET;
import javax.ws.rs.core.*;
-import java.lang.reflect.Method;
public class ValidateEndpoint {
protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class);
@@ -137,24 +136,14 @@
event.detail(Details.CODE_ID, parts[2]);
}
- ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult;
- try {
- // Keycloak >3.4 branch: Parameter event was added to ClientSessionCode.parseResult
- Method parseResultMethod = ClientSessionCode.class.getMethod("parseResult",
- String.class, KeycloakSession.class, RealmModel.class, EventBuilder.class, Class.class);
- parseResult = (ClientSessionCode.ParseResult<AuthenticatedClientSessionModel>) parseResultMethod.invoke(
- null, code, session, realm, event, AuthenticatedClientSessionModel.class);
- } catch (ReflectiveOperationException e) {
- // Keycloak <=3.3 branch
- parseResult = ClientSessionCode.parseResult(code, session, realm, AuthenticatedClientSessionModel.class);
- }
+ ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class);
if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) {
event.error(Errors.INVALID_CODE);
// Attempt to use same code twice should invalidate existing clientSession
AuthenticatedClientSessionModel clientSession = parseResult.getClientSession();
if (clientSession != null) {
- clientSession.setUserSession(null);
+ clientSession.detachFromUserSession();
}
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST);
@@ -162,21 +151,9 @@
clientSession = parseResult.getClientSession();
- try {
- // Keycloak >3.4 branch: Method isExpiredToken was added
- Method isExpiredToken = ClientSessionCode.ParseResult.class.getMethod("isExpiredToken");
- if ((Boolean) isExpiredToken.invoke(parseResult)) {
- event.error(Errors.EXPIRED_CODE);
- throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
- }
- } catch (ReflectiveOperationException e) {
- // Keycloak <=3.3 branch
- if (!parseResult.getCode().isValid(AuthenticatedClientSessionModel.Action.CODE_TO_TOKEN.name(), ClientSessionCode.ActionType.CLIENT)) {
- event.error(Errors.INVALID_CODE);
- throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
- }
-
- parseResult.getCode().setAction(null);
+ if (parseResult.isExpiredToken()) {
+ event.error(Errors.EXPIRED_CODE);
+ throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
}
clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket);
--
Gitblit v1.9.1