RestPreActions.groovy
3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import javax.servlet.http.HttpServletRequestWrapper
import org.keycloak.KeycloakSecurityContext
import org.keycloak.AuthorizationContext
import org.keycloak.representations.AccessToken
import org.keycloak.representations.IDToken
import org.keycloak.adapters.KeycloakDeployment
import org.keycloak.adapters.KeycloakDeploymentBuilder
import org.keycloak.adapters.AdapterDeploymentContext
import org.keycloak.adapters.AuthenticatedActionsHandler
import org.keycloak.adapters.KeycloakConfigResolver
import org.keycloak.adapters.NodesRegistrationManagement
import org.keycloak.adapters.PreAuthActionsHandler
import org.keycloak.adapters.spi.AuthChallenge
import org.keycloak.adapters.spi.AuthOutcome
import org.keycloak.adapters.spi.InMemorySessionIdMapper
import org.keycloak.adapters.spi.SessionIdMapper
import org.keycloak.adapters.spi.UserSessionManagement
import org.keycloak.adapters.servlet.OIDCServletHttpFacade
import org.keycloak.adapters.servlet.OIDCFilterSessionStore
import org.keycloak.adapters.servlet.FilterRequestAuthenticator
def cache = ec.getCache().getCache('moqui-keycloak:deployment')
ec.logger.info('rest:pre-actions')
def keycloakJsonUrl = 'component://moqui-keycloak/config/moqui-keycloak.json'
def keycloakDeployment = cache.get(keycloakJsonUrl)
def idMapper = cache.get('SessionIdMapper')
if (idMapper == null) {
idMapper = new InMemorySessionIdMapper()
cache.put('SessionIdMapper', idMapper)
idMapper = cache.get('SessionIdMapper')
}
if (true || !keycloakDeployment) {
def configStream = ec.getResource().getLocationStream(keycloakJsonUrl)
keycloakDeployment = KeycloakDeploymentBuilder.build(configStream)
cache.put(keycloakJsonUrl, keycloakDeployment)
}
def facade = new OIDCServletHttpFacade(ec.web.request, ec.web.response)
def tokenStore = new OIDCFilterSessionStore(ec.web.request, facade, 100000, keycloakDeployment, idMapper)
def authenticator = new FilterRequestAuthenticator(keycloakDeployment, tokenStore, facade, ec.web.request, 8443)
ec.logger.info("authenticator: ${authenticator}")
def outcome = authenticator.authenticate()
ec.logger.info("rest:outcome: ${outcome}")
//ec.logger.info("request: ${ec.web.requestDetails}")
if (outcome == AuthOutcome.AUTHENTICATED) {
if (facade.isEnded()) {
ec.logger.info('facade has ended')
} else {
def actions = new AuthenticatedActionsHandler(keycloakDeployment, facade)
ec.logger.info("actions: ${actions}")
if (actions.handledRequest()) {
ec.logger.info("actions.handledRequest")
sri.stopRender()
return
}
}
} else {
AuthChallenge challenge = authenticator.getChallenge()
ec.logger.info("challenge: ${challenge}")
if (challenge != null) {
if (false && challenge.challenge(facade)) {
//sri.stopRender()
//return
}
}
}
def ksc = ec.web.request.getAttribute(KeycloakSecurityContext.class.getName())
if (ksc) {
def idToken = ksc.getIdToken()
ec.logger.info("idToken: ${idToken}")
if (idToken) {
def subject = idToken.getSubject()
ec.logger.info("subject: ${subject}")
}
def accessToken = ksc.getToken()
ec.logger.info("accessToken: ${accessToken}")
if (accessToken) {
def subject = accessToken.getSubject()
EntityValue userAccount = ec.entity.find('UserAccount').condition('externalUserId', subject).disableAuthz().one()
ec.logger.info("userAccount: ${userAccount}")
if (userAccount) {
//ec.user.pushUser(userAccount.username)
ec.user.internalLoginUser(userAccount.username)
}
}
}