001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * François Maturel 018 */ 019 020package org.nuxeo.ecm.platform.ui.web.keycloak; 021 022import javax.servlet.http.HttpServletRequest; 023import javax.servlet.http.HttpServletResponse; 024 025import org.apache.catalina.connector.Request; 026import org.keycloak.adapters.AdapterDeploymentContext; 027import org.keycloak.adapters.KeycloakDeployment; 028import org.keycloak.adapters.NodesRegistrationManagement; 029import org.keycloak.adapters.tomcat.CatalinaHttpFacade; 030import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter; 031 032/** 033 * @since 7.4 034 */ 035 036public class KeycloakAuthenticatorProvider { 037 038 private final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement(); 039 040 private final AdapterDeploymentContext deploymentContext; 041 042 private KeycloakDeployment resolvedDeployment; 043 044 public KeycloakAuthenticatorProvider(AdapterDeploymentContext deploymentContext) { 045 this.deploymentContext = deploymentContext; 046 } 047 048 public KeycloakRequestAuthenticator provide(HttpServletRequest httpServletRequest, 049 HttpServletResponse httpServletResponse) { 050 DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext); 051 052 if (!deploymentResult.isOk()) { 053 return null; 054 } 055 056 resolvedDeployment = DeploymentResult.getKeycloakDeployment(); 057 Request request = deploymentResult.getRequest(); 058 CatalinaHttpFacade facade = deploymentResult.getFacade(); 059 060 // Register the deployment to refresh it 061 nodesRegistrationManagement.tryRegister(resolvedDeployment); 062 063 // And return authenticator 064 return new KeycloakRequestAuthenticator(request, httpServletResponse, facade, resolvedDeployment); 065 } 066 067 public String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) { 068 DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext); 069 070 if (!deploymentResult.isOk()) { 071 return null; 072 } 073 074 resolvedDeployment = DeploymentResult.getKeycloakDeployment(); 075 Request request = deploymentResult.getRequest(); 076 String redirecResource = getRedirectResource(request); 077 078 return resolvedDeployment.getLogoutUrl().build().toString() + "?redirect_uri=" + redirecResource; 079 } 080 081 public KeycloakDeployment getResolvedDeployment() { 082 return resolvedDeployment; 083 } 084 085 private String getRedirectResource(Request request) { 086 String scheme = request.getScheme(); 087 String serverName = request.getServerName(); 088 int serverPort = request.getServerPort(); 089 String contextPath = request.getContextPath(); 090 return scheme + "://" + serverName + ":" + serverPort + contextPath + "/" 091 + NuxeoAuthenticationFilter.DEFAULT_START_PAGE; 092 } 093}