001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl-2.1.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * François Maturel 016 */ 017 018package org.nuxeo.ecm.platform.ui.web.keycloak; 019 020import javax.servlet.http.HttpServletRequest; 021import javax.servlet.http.HttpServletResponse; 022 023import org.apache.catalina.connector.Request; 024import org.keycloak.adapters.AdapterDeploymentContext; 025import org.keycloak.adapters.KeycloakDeployment; 026import org.keycloak.adapters.NodesRegistrationManagement; 027import org.keycloak.adapters.tomcat.CatalinaHttpFacade; 028import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter; 029 030/** 031 * @since 7.4 032 */ 033 034public class KeycloakAuthenticatorProvider { 035 036 private final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement(); 037 038 private final AdapterDeploymentContext deploymentContext; 039 040 private KeycloakDeployment resolvedDeployment; 041 042 public KeycloakAuthenticatorProvider(AdapterDeploymentContext deploymentContext) { 043 this.deploymentContext = deploymentContext; 044 } 045 046 public KeycloakRequestAuthenticator provide(HttpServletRequest httpServletRequest, 047 HttpServletResponse httpServletResponse) { 048 DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext); 049 050 if (!deploymentResult.isOk()) { 051 return null; 052 } 053 054 resolvedDeployment = DeploymentResult.getKeycloakDeployment(); 055 Request request = deploymentResult.getRequest(); 056 CatalinaHttpFacade facade = deploymentResult.getFacade(); 057 058 // Register the deployment to refresh it 059 nodesRegistrationManagement.tryRegister(resolvedDeployment); 060 061 // And return authenticator 062 return new KeycloakRequestAuthenticator(request, httpServletResponse, facade, resolvedDeployment); 063 } 064 065 public String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) { 066 DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext); 067 068 if (!deploymentResult.isOk()) { 069 return null; 070 } 071 072 resolvedDeployment = DeploymentResult.getKeycloakDeployment(); 073 Request request = deploymentResult.getRequest(); 074 String redirecResource = getRedirectResource(request); 075 076 return resolvedDeployment.getLogoutUrl().build().toString() + "?redirect_uri=" + redirecResource; 077 } 078 079 public KeycloakDeployment getResolvedDeployment() { 080 return resolvedDeployment; 081 } 082 083 private String getRedirectResource(Request request) { 084 String scheme = request.getScheme(); 085 String serverName = request.getServerName(); 086 int serverPort = request.getServerPort(); 087 String contextPath = request.getContextPath(); 088 return scheme + "://" + serverName + ":" + serverPort + contextPath + "/" 089 + NuxeoAuthenticationFilter.DEFAULT_START_PAGE; 090 } 091}