Source code

001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl-2.1.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     François Maturel
016 */
017
018package org.nuxeo.ecm.platform.ui.web.keycloak;
019
020import javax.servlet.http.HttpServletRequest;
021import javax.servlet.http.HttpServletResponse;
022
023import org.apache.catalina.connector.Request;
024import org.keycloak.adapters.AdapterDeploymentContext;
025import org.keycloak.adapters.KeycloakDeployment;
026import org.keycloak.adapters.NodesRegistrationManagement;
027import org.keycloak.adapters.tomcat.CatalinaHttpFacade;
028import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter;
029
030/**
031 * @since 7.4
032 */
033
034public class KeycloakAuthenticatorProvider {
035
036    private final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement();
037
038    private final AdapterDeploymentContext deploymentContext;
039
040    private KeycloakDeployment resolvedDeployment;
041
042    public KeycloakAuthenticatorProvider(AdapterDeploymentContext deploymentContext) {
043        this.deploymentContext = deploymentContext;
044    }
045
046    public KeycloakRequestAuthenticator provide(HttpServletRequest httpServletRequest,
047            HttpServletResponse httpServletResponse) {
048        DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext);
049
050        if (!deploymentResult.isOk()) {
051            return null;
052        }
053
054        resolvedDeployment = DeploymentResult.getKeycloakDeployment();
055        Request request = deploymentResult.getRequest();
056        CatalinaHttpFacade facade = deploymentResult.getFacade();
057
058        // Register the deployment to refresh it
059        nodesRegistrationManagement.tryRegister(resolvedDeployment);
060
061        // And return authenticator
062        return new KeycloakRequestAuthenticator(request, httpServletResponse, facade, resolvedDeployment);
063    }
064
065    public String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
066        DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext);
067
068        if (!deploymentResult.isOk()) {
069            return null;
070        }
071
072        resolvedDeployment = DeploymentResult.getKeycloakDeployment();
073        Request request = deploymentResult.getRequest();
074        String redirecResource = getRedirectResource(request);
075
076        return resolvedDeployment.getLogoutUrl().build().toString() + "?redirect_uri=" + redirecResource;
077    }
078
079    public KeycloakDeployment getResolvedDeployment() {
080        return resolvedDeployment;
081    }
082
083    private String getRedirectResource(Request request) {
084        String scheme = request.getScheme();
085        String serverName = request.getServerName();
086        int serverPort = request.getServerPort();
087        String contextPath = request.getContextPath();
088        return scheme + "://" + serverName + ":" + serverPort + contextPath + "/"
089                + NuxeoAuthenticationFilter.DEFAULT_START_PAGE;
090    }
091}