Source code

001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     François Maturel
018 */
019
020package org.nuxeo.ecm.platform.ui.web.keycloak;
021
022import javax.servlet.http.HttpServletRequest;
023import javax.servlet.http.HttpServletResponse;
024
025import org.apache.catalina.connector.Request;
026import org.keycloak.adapters.AdapterDeploymentContext;
027import org.keycloak.adapters.KeycloakDeployment;
028import org.keycloak.adapters.NodesRegistrationManagement;
029import org.keycloak.adapters.tomcat.CatalinaHttpFacade;
030import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter;
031
032/**
033 * @since 7.4
034 */
035
036public class KeycloakAuthenticatorProvider {
037
038    private final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement();
039
040    private final AdapterDeploymentContext deploymentContext;
041
042    private KeycloakDeployment resolvedDeployment;
043
044    public KeycloakAuthenticatorProvider(AdapterDeploymentContext deploymentContext) {
045        this.deploymentContext = deploymentContext;
046    }
047
048    public KeycloakRequestAuthenticator provide(HttpServletRequest httpServletRequest,
049            HttpServletResponse httpServletResponse) {
050        DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext);
051
052        if (!deploymentResult.isOk()) {
053            return null;
054        }
055
056        resolvedDeployment = DeploymentResult.getKeycloakDeployment();
057        Request request = deploymentResult.getRequest();
058        CatalinaHttpFacade facade = deploymentResult.getFacade();
059
060        // Register the deployment to refresh it
061        nodesRegistrationManagement.tryRegister(resolvedDeployment);
062
063        // And return authenticator
064        return new KeycloakRequestAuthenticator(request, httpServletResponse, facade, resolvedDeployment);
065    }
066
067    public String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
068        DeploymentResult deploymentResult = new DeploymentResult(httpServletRequest, httpServletResponse).invokeOn(deploymentContext);
069
070        if (!deploymentResult.isOk()) {
071            return null;
072        }
073
074        resolvedDeployment = DeploymentResult.getKeycloakDeployment();
075        Request request = deploymentResult.getRequest();
076        String redirecResource = getRedirectResource(request);
077
078        return resolvedDeployment.getLogoutUrl().build().toString() + "?redirect_uri=" + redirecResource;
079    }
080
081    public KeycloakDeployment getResolvedDeployment() {
082        return resolvedDeployment;
083    }
084
085    private String getRedirectResource(Request request) {
086        String scheme = request.getScheme();
087        String serverName = request.getServerName();
088        int serverPort = request.getServerPort();
089        String contextPath = request.getContextPath();
090        return scheme + "://" + serverName + ":" + serverPort + contextPath + "/"
091                + NuxeoAuthenticationFilter.DEFAULT_START_PAGE;
092    }
093}