org.keycloak.adapters.tomcat7

Class KeycloakAuthenticatorValve

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

org.keycloak.adapters.tomcat7.KeycloakAuthenticatorValve

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.LifecycleListener, org.apache.catalina.Valve

public class KeycloakAuthenticatorValve
extends org.apache.catalina.authenticator.FormAuthenticator
implements org.apache.catalina.LifecycleListener

Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server

Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.

Version:

$Revision: 1 $

Author:

Davide Ungari

Field Summary

Fields

Modifier and Type	Field and Description
protected AdapterDeploymentContext	deploymentContext
protected NodesRegistrationManagement	nodesRegistrationManagement
static String	TOKEN_STORE_NOTE
protected CatalinaUserSessionManagement	userSessionManagement

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

characterEncoding, info, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
KeycloakAuthenticatorValve()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)
protected void	beforeStop()
protected void	checkKeycloakSession(org.apache.catalina.connector.Request request, HttpFacade facade) Checks that access token is still valid.
protected AdapterTokenStore	getTokenStore(org.apache.catalina.connector.Request request, HttpFacade facade, KeycloakDeployment resolvedDeployment)
void	initInternal()
void	invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
boolean	keycloakRestoreRequest(org.apache.catalina.connector.Request request)
void	keycloakSaveRequest(org.apache.catalina.connector.Request request)
void	lifecycleEvent(org.apache.catalina.LifecycleEvent event)
void	logout(org.apache.catalina.connector.Request request)
void	startDeployment()

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

forwardToErrorPage, forwardToLoginPage, getAuthMethod, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

associate, authenticate, doLogin, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, login, reauthenticateFromSSO, register, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, event, getDomainInternal, getNext, getObjectNameKeyProperties, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

TOKEN_STORE_NOTE

public static final String TOKEN_STORE_NOTE

See Also:

Constant Field Values

userSessionManagement

protected CatalinaUserSessionManagement userSessionManagement

deploymentContext

protected AdapterDeploymentContext deploymentContext

nodesRegistrationManagement

protected NodesRegistrationManagement nodesRegistrationManagement

Constructor Detail

KeycloakAuthenticatorValve

public KeycloakAuthenticatorValve()

Method Detail

lifecycleEvent

public void lifecycleEvent(org.apache.catalina.LifecycleEvent event)

Specified by:

lifecycleEvent in interface org.apache.catalina.LifecycleListener

logout

public void logout(org.apache.catalina.connector.Request request)
            throws javax.servlet.ServletException

Specified by:

logout in interface org.apache.catalina.Authenticator

Overrides:

logout in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

javax.servlet.ServletException

startDeployment

public void startDeployment()
                     throws org.apache.catalina.LifecycleException

Throws:

org.apache.catalina.LifecycleException

initInternal

public void initInternal()

Overrides:

initInternal in class org.apache.catalina.valves.ValveBase

beforeStop

protected void beforeStop()

invoke

public void invoke(org.apache.catalina.connector.Request request,
          org.apache.catalina.connector.Response response)
            throws IOException,
                   javax.servlet.ServletException

Specified by:

invoke in interface org.apache.catalina.Valve

Overrides:

invoke in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

IOException

javax.servlet.ServletException

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                   javax.servlet.http.HttpServletResponse response,
                   org.apache.catalina.deploy.LoginConfig config)
                     throws IOException

Specified by:

authenticate in interface org.apache.catalina.Authenticator

Overrides:

authenticate in class org.apache.catalina.authenticator.FormAuthenticator

Throws:

IOException

checkKeycloakSession

protected void checkKeycloakSession(org.apache.catalina.connector.Request request,
                        HttpFacade facade)

Checks that access token is still valid. Will attempt refresh of token if it is not.

Parameters:

request -

keycloakSaveRequest

public void keycloakSaveRequest(org.apache.catalina.connector.Request request)
                         throws IOException

Throws:

IOException

keycloakRestoreRequest

public boolean keycloakRestoreRequest(org.apache.catalina.connector.Request request)

getTokenStore

protected AdapterTokenStore getTokenStore(org.apache.catalina.connector.Request request,
                              HttpFacade facade,
                              KeycloakDeployment resolvedDeployment)