From cbb2f2f81452a97fddbdcc1f6010fbc85682e3b3 Mon Sep 17 00:00:00 2001 From: Erlend Hamnaberg <erlend@hamnaberg.net> Date: Thu, 29 Nov 2018 07:42:20 +0000 Subject: [PATCH] Redirect to application after login is complete --- src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java | 42 ++++++++---------------------------------- 1 files changed, 8 insertions(+), 34 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java index c250578..9e84f0c 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java @@ -18,7 +18,6 @@ import javax.ws.rs.GET; import javax.ws.rs.core.*; -import java.lang.reflect.Method; public class ValidateEndpoint { protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class); @@ -38,9 +37,6 @@ @Context protected HttpHeaders headers; - @Context - protected UriInfo uriInfo; - protected RealmModel realm; protected EventBuilder event; protected ClientModel client; @@ -54,7 +50,7 @@ @GET @NoCache public Response build() { - MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); + MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM); boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); @@ -84,7 +80,7 @@ } private void checkSsl() { - if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { + if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "HTTPS required", Response.Status.FORBIDDEN); } } @@ -103,7 +99,7 @@ client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) - .filter(c -> RedirectUtils.verifyRedirectUri(uriInfo, service, realm, c) != null) + .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); @@ -137,24 +133,14 @@ event.detail(Details.CODE_ID, parts[2]); } - ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult; - try { - // Keycloak >3.4 branch: Parameter event was added to ClientSessionCode.parseResult - Method parseResultMethod = ClientSessionCode.class.getMethod("parseResult", - String.class, KeycloakSession.class, RealmModel.class, EventBuilder.class, Class.class); - parseResult = (ClientSessionCode.ParseResult<AuthenticatedClientSessionModel>) parseResultMethod.invoke( - null, code, session, realm, event, AuthenticatedClientSessionModel.class); - } catch (ReflectiveOperationException e) { - // Keycloak <=3.3 branch - parseResult = ClientSessionCode.parseResult(code, session, realm, AuthenticatedClientSessionModel.class); - } + ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class); if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) { event.error(Errors.INVALID_CODE); // Attempt to use same code twice should invalidate existing clientSession AuthenticatedClientSessionModel clientSession = parseResult.getClientSession(); if (clientSession != null) { - clientSession.setUserSession(null); + clientSession.detachFromUserSession(); } throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); @@ -162,21 +148,9 @@ clientSession = parseResult.getClientSession(); - try { - // Keycloak >3.4 branch: Method isExpiredToken was added - Method isExpiredToken = ClientSessionCode.ParseResult.class.getMethod("isExpiredToken"); - if ((Boolean) isExpiredToken.invoke(parseResult)) { - event.error(Errors.EXPIRED_CODE); - throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); - } - } catch (ReflectiveOperationException e) { - // Keycloak <=3.3 branch - if (!parseResult.getCode().isValid(AuthenticatedClientSessionModel.Action.CODE_TO_TOKEN.name(), ClientSessionCode.ActionType.CLIENT)) { - event.error(Errors.INVALID_CODE); - throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); - } - - parseResult.getCode().setAction(null); + if (parseResult.isExpiredToken()) { + event.error(Errors.EXPIRED_CODE); + throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); } clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket); -- Gitblit v1.9.1