• Home
• de.ahus1.keycloak.dropwizard
• keycloak-dropwizard
• 3.0.0
• source code
• KeycloakDropwizardAuthenticator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

de.ahus1.keycloak.dropwizard.KeycloakDropwizardAuthenticator Maven / Gradle / Ivy

package de.ahus1.keycloak.dropwizard;

import de.ahus1.keycloak.jetty.JettyAdapterSessionStore;
import de.ahus1.keycloak.jetty.KeycloakJettyAuthenticator;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.keycloak.KeycloakSecurityContext;

public class KeycloakDropwizardAuthenticator extends KeycloakJettyAuthenticator {
    @Override
    public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
            throws ServerAuthException {
        HttpServletRequest request = ((HttpServletRequest) req);
        request.setAttribute(HttpServletRequest.class.getName(), request);
        if (!getAdapterConfig().isBearerOnly()
                && request.getQueryString() != null
                && request.getQueryString().contains("code=")) {
            // we receive a code as part of the query string that is returned by OAuth
            // but only assume control is this is not bearer only!
            mandatory = true;
        } else if (request.getHeaders("Authorization").hasMoreElements()) {
            // we receive Authorization, might be Bearer or Basic Auth (both supported by Keycloak)
            mandatory = true;
        }
        HttpSession session = ((HttpServletRequest) req).getSession(false);
        if (session != null && session.getAttribute(JettyAdapterSessionStore.CACHED_FORM_PARAMETERS) != null) {
            // this is a redirect after the code has been received for a FORM
            mandatory = true;
        } else if (session != null && session.getAttribute(KeycloakSecurityContext.class.getName()) != null) {
            // there is an existing authentication in the session, use it
            mandatory = true;
        }
        Authentication authentication = super.validateRequest(req, res, mandatory);
        if (authentication instanceof DeferredAuthentication) {
            // resolving of a deferred authentication later will otherwise lead to a NullPointerException
            authentication = null;
        }
        return authentication;
    }

}