org.keycloak.adapters.as7

Class KeycloakAuthenticatorValve

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

org.keycloak.adapters.as7.KeycloakAuthenticatorValve

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.LifecycleListener, org.apache.catalina.Valve

public class KeycloakAuthenticatorValve
extends org.apache.catalina.authenticator.FormAuthenticator
implements org.apache.catalina.LifecycleListener

Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server

Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests that contain a Skeleton Key bearer tokens.

Version:

$Revision: 1 $

Author:

Bill Burke

Field Summary

Fields

Modifier and Type	Field and Description
protected AdapterDeploymentContext	deploymentContext
protected CatalinaUserSessionManagement	userSessionManagement

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

characterEncoding, info, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, domain, mserver, next, oname

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
KeycloakAuthenticatorValve()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)
protected void	checkKeycloakSession(org.apache.catalina.connector.Request request, HttpFacade facade) Checks that access token is still valid.
protected void	init()
void	invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
boolean	keycloakRestoreRequest(org.apache.catalina.connector.Request request)
void	keycloakSaveRequest(org.apache.catalina.connector.Request request)
void	lifecycleEvent(org.apache.catalina.LifecycleEvent event)
void	start()

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

userSessionManagement

protected CatalinaUserSessionManagement userSessionManagement

deploymentContext

protected AdapterDeploymentContext deploymentContext

Constructor Detail

KeycloakAuthenticatorValve

public KeycloakAuthenticatorValve()

Method Detail

start

public void start()
           throws org.apache.catalina.LifecycleException

Specified by:

start in interface org.apache.catalina.Lifecycle

Overrides:

start in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

org.apache.catalina.LifecycleException

lifecycleEvent

public void lifecycleEvent(org.apache.catalina.LifecycleEvent event)

Specified by:

lifecycleEvent in interface org.apache.catalina.LifecycleListener

init

protected void init()

invoke

public void invoke(org.apache.catalina.connector.Request request,
          org.apache.catalina.connector.Response response)
            throws IOException,
                   javax.servlet.ServletException

Specified by:

invoke in interface org.apache.catalina.Valve

Overrides:

invoke in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

IOException

javax.servlet.ServletException

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                   javax.servlet.http.HttpServletResponse response,
                   org.apache.catalina.deploy.LoginConfig config)
                     throws IOException

Overrides:

authenticate in class org.apache.catalina.authenticator.FormAuthenticator

Throws:

IOException

checkKeycloakSession

protected void checkKeycloakSession(org.apache.catalina.connector.Request request,
                        HttpFacade facade)

Checks that access token is still valid. Will attempt refresh of token if it is not.

Parameters:

request -

keycloakSaveRequest

public void keycloakSaveRequest(org.apache.catalina.connector.Request request)
                         throws IOException

Throws:

IOException

keycloakRestoreRequest

public boolean keycloakRestoreRequest(org.apache.catalina.connector.Request request)