Package org.nuxeo.shaded.keycloak.adapters.tomcat

Class AbstractKeycloakAuthenticatorValve

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

org.nuxeo.shaded.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve

All Implemented Interfaces:

jakarta.security.auth.message.config.RegistrationListener, MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.JmxEnabled, org.apache.catalina.Lifecycle, org.apache.catalina.LifecycleListener, org.apache.catalina.Valve

Direct Known Subclasses:

KeycloakAuthenticatorValve

public abstract class AbstractKeycloakAuthenticatorValve
extends org.apache.catalina.authenticator.FormAuthenticator
implements org.apache.catalina.LifecycleListener

Keycloak authentication valve

Version:

$Revision: 1 $

Author:

Davide Ungari, Bill Burke

Implementation Note:

Copied from Keycloak Tomcat Adapter since it won't be upgraded to Jakarta as their support is dropped

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.AuthenticatorBase.AllowCorsPreflight

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

org.apache.catalina.Lifecycle.SingleUse

Field Summary

Fields

Modifier and Type	Field	Description
protected org.keycloak.adapters.AdapterDeploymentContext	deploymentContext
protected org.keycloak.adapters.NodesRegistrationManagement	nodesRegistrationManagement
static final String	TOKEN_STORE_NOTE
protected org.keycloak.adapters.tomcat.CatalinaUserSessionManagement	userSessionManagement

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

authenticationSessionTimeout, characterEncoding, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor	Description
AbstractKeycloakAuthenticatorValve()

Method Summary

Modifier and Type	Method	Description
protected boolean	authenticateInternal(org.apache.catalina.connector.Request request, jakarta.servlet.http.HttpServletResponse response, Object loginConfig)
protected void	beforeStop()
protected void	checkKeycloakSession(org.apache.catalina.connector.Request request, org.keycloak.adapters.spi.HttpFacade facade)	Checks that access token is still valid.
protected abstract AbstractAuthenticatedActionsValve	createAuthenticatedActionsValve(org.keycloak.adapters.AdapterDeploymentContext deploymentContext, org.apache.catalina.Valve next, org.apache.catalina.Container container)
protected abstract org.keycloak.adapters.tomcat.PrincipalFactory	createPrincipalFactory()
protected CatalinaRequestAuthenticator	createRequestAuthenticator(org.apache.catalina.connector.Request request, CatalinaHttpFacade facade, org.keycloak.adapters.KeycloakDeployment deployment, org.keycloak.adapters.AdapterTokenStore tokenStore)
protected abstract boolean	forwardToErrorPageInternal(org.apache.catalina.connector.Request request, jakarta.servlet.http.HttpServletResponse response, Object loginConfig)
protected org.keycloak.adapters.AdapterTokenStore	getTokenStore(org.apache.catalina.connector.Request request, org.keycloak.adapters.spi.HttpFacade facade, org.keycloak.adapters.KeycloakDeployment resolvedDeployment)
void	invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
void	keycloakInit()
boolean	keycloakRestoreRequest(org.apache.catalina.connector.Request request)
void	keycloakSaveRequest(org.apache.catalina.connector.Request request)
void	lifecycleEvent(org.apache.catalina.LifecycleEvent event)
protected void	logoutInternal(org.apache.catalina.connector.Request request)

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

doAuthenticate, forwardToErrorPage, forwardToLoginPage, getAuthenticationSessionTimeout, getAuthMethod, getCharacterEncoding, getLandingPage, isContinuationRequired, matchRequest, register, restoreRequest, savedRequestURL, saveRequest, setAuthenticationSessionTimeout, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, isPreemptiveAuthPossible, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

TOKEN_STORE_NOTE

public static final String TOKEN_STORE_NOTE

See Also:

• Constant Field Values

userSessionManagement

protected org.keycloak.adapters.tomcat.CatalinaUserSessionManagement userSessionManagement

deploymentContext

protected org.keycloak.adapters.AdapterDeploymentContext deploymentContext

nodesRegistrationManagement

protected org.keycloak.adapters.NodesRegistrationManagement nodesRegistrationManagement

Constructor Details

AbstractKeycloakAuthenticatorValve

public AbstractKeycloakAuthenticatorValve()

Method Details

lifecycleEvent

public void lifecycleEvent(org.apache.catalina.LifecycleEvent event)

Specified by:

lifecycleEvent in interface org.apache.catalina.LifecycleListener

logoutInternal

protected void logoutInternal(org.apache.catalina.connector.Request request)

beforeStop

protected void beforeStop()

keycloakInit

public void keycloakInit()

invoke

public void invoke(org.apache.catalina.connector.Request request,
 org.apache.catalina.connector.Response response)
            throws IOException,
jakarta.servlet.ServletException

Specified by:

invoke in interface org.apache.catalina.Valve

Overrides:

invoke in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

IOException

jakarta.servlet.ServletException

createPrincipalFactory

protected abstract org.keycloak.adapters.tomcat.PrincipalFactory createPrincipalFactory()

forwardToErrorPageInternal

protected abstract boolean forwardToErrorPageInternal(org.apache.catalina.connector.Request request,
 jakarta.servlet.http.HttpServletResponse response,
 Object loginConfig)
                                               throws IOException

Throws:

IOException

createAuthenticatedActionsValve

protected abstract AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(org.keycloak.adapters.AdapterDeploymentContext deploymentContext,
 org.apache.catalina.Valve next,
 org.apache.catalina.Container container)

authenticateInternal

protected boolean authenticateInternal(org.apache.catalina.connector.Request request,
 jakarta.servlet.http.HttpServletResponse response,
 Object loginConfig)
                                throws IOException

Throws:

IOException

createRequestAuthenticator

protected CatalinaRequestAuthenticator createRequestAuthenticator(org.apache.catalina.connector.Request request,
 CatalinaHttpFacade facade,
 org.keycloak.adapters.KeycloakDeployment deployment,
 org.keycloak.adapters.AdapterTokenStore tokenStore)

checkKeycloakSession

protected void checkKeycloakSession(org.apache.catalina.connector.Request request,
 org.keycloak.adapters.spi.HttpFacade facade)

Checks that access token is still valid. Will attempt refresh of token if it is not.

Parameters:

request -

keycloakSaveRequest

public void keycloakSaveRequest(org.apache.catalina.connector.Request request)
                         throws IOException

Throws:

IOException

keycloakRestoreRequest

public boolean keycloakRestoreRequest(org.apache.catalina.connector.Request request)

getTokenStore

protected org.keycloak.adapters.AdapterTokenStore getTokenStore(org.apache.catalina.connector.Request request,
 org.keycloak.adapters.spi.HttpFacade facade,
 org.keycloak.adapters.KeycloakDeployment resolvedDeployment)