Class KeycloakAuthenticationPlugin
java.lang.Object
org.nuxeo.ecm.platform.ui.web.keycloak.KeycloakAuthenticationPlugin
- All Implemented Interfaces:
NuxeoAuthenticationPlugin,NuxeoAuthenticationPluginLogoutExtension
public class KeycloakAuthenticationPlugin
extends Object
implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension
Authentication plugin for handling auth flow with Keyloack
- Since:
- 7.4
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringprotected KeycloakAuthenticatorProviderprotected ThreadLocal<KeycloakRequestAuthenticator> protected String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected KeycloakAuthenticatorProvidercreateAuthenticationProvider(org.keycloak.adapters.AdapterDeploymentContext kdc) protected KeycloakUserInfogetKeycloakUserInfo(org.keycloak.representations.AccessToken token) Get keycloak user's information from authentication tokenGet keycloak user's roles from authentication tokenReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String baseURL) Handles the Login Prompt.handleLogout(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Handles logout operation.handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Retrieves user identification information from the request.voidinitPlugin(Map<String, String> parameters) Initializes the Plugin from parameters set in the XML descriptor.needLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest) Defines if the authentication plugin needs to do a login prompt.voidsetKeycloakAuthenticatorProvider(KeycloakAuthenticatorProvider keycloakAuthenticatorProvider)
-
Field Details
-
KEYCLOAK_CONFIG_FILE_KEY
- See Also:
-
KEYCLOAK_MAPPING_NAME_KEY
- See Also:
-
DEFAULT_MAPPING_NAME
- See Also:
-
keycloakAuthenticatorProvider
-
localKeycloakAuthenticator
-
mappingName
-
-
Constructor Details
-
KeycloakAuthenticationPlugin
public KeycloakAuthenticationPlugin()
-
-
Method Details
-
initPlugin
Description copied from interface:NuxeoAuthenticationPluginInitializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPluginin interfaceNuxeoAuthenticationPlugin
-
createAuthenticationProvider
protected KeycloakAuthenticatorProvider createAuthenticationProvider(org.keycloak.adapters.AdapterDeploymentContext kdc) -
needLoginPrompt
Description copied from interface:NuxeoAuthenticationPluginDefines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPromptin interfaceNuxeoAuthenticationPlugin- Returns:
- true if LoginPrompt is used
-
handleLoginPrompt
public Boolean handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String baseURL) Description copied from interface:NuxeoAuthenticationPluginHandles the Login Prompt.- Specified by:
handleLoginPromptin interfaceNuxeoAuthenticationPlugin- Parameters:
httpRequest- the requesthttpResponse- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
getUnAuthenticatedURLPrefix
Description copied from interface:NuxeoAuthenticationPluginReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefixin interfaceNuxeoAuthenticationPlugin
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Description copied from interface:NuxeoAuthenticationPluginRetrieves user identification information from the request.- Specified by:
handleRetrieveIdentityin interfaceNuxeoAuthenticationPlugin- Parameters:
httpRequest- the requesthttpResponse- the response
-
handleLogout
public Boolean handleLogout(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Description copied from interface:NuxeoAuthenticationPluginLogoutExtensionHandles logout operation.Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.
- Specified by:
handleLogoutin interfaceNuxeoAuthenticationPluginLogoutExtension- Returns:
- true if caller must stop execution (ie: logout generated a redirect), false otherwise
-
getKeycloakUserInfo
Get keycloak user's information from authentication token- Parameters:
token- the keycoak authentication token- Returns:
- keycloak user's information
-
getRoles
protected Set<String> getRoles(org.keycloak.representations.AccessToken token, String keycloakNuxeoApp) Get keycloak user's roles from authentication token- Parameters:
token- the keycoak authentication tokenkeycloakNuxeoApp- the keycoak resource name- Returns:
- keycloak user's roles
-
setKeycloakAuthenticatorProvider
public void setKeycloakAuthenticatorProvider(KeycloakAuthenticatorProvider keycloakAuthenticatorProvider)
-