Skip to content

Commit

Permalink
KEYCLOAK-13633 Generalize GenericPrincipalFactory to PrincipleFactory
Browse files Browse the repository at this point in the history 
This allows to replace java.security.acl.Group usage only where necessary while keeping legacy adapter unchanged.

Signed-off-by: Phillip Schichtel <[email protected]>
  • Loading branch information
@pschichtel @mposolda
pschichtel authored and mposolda committed Mar 22, 2021
1 parent 52db229 commit f754b34
Show file tree
Hide file tree
Showing 13 changed files with 36 additions and 30 deletions.
9 changes: 2 additions & 7 deletions ...s7-adapter-spi/src/main/java/org/keycloak/adapters/jbossweb/JBossWebPrincipalFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 27,7 @@
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.keycloak.adapters.spi.KeycloakAccount;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
import org.keycloak.adapters.tomcat.PrincipalFactory;

import javax.security.auth.Subject;
import java.lang.reflect.Constructor;
Expand All @@ -44,15 44,10 @@
* @author <a href="mailto:[email protected]">Bill Burke</a>
* @version $Revision: 1 $
*/
public class JBossWebPrincipalFactory extends GenericPrincipalFactory {
public class JBossWebPrincipalFactory implements PrincipalFactory {

private static Constructor jbossWebPrincipalConstructor = findJBossGenericPrincipalConstructor();

@Override
protected GenericPrincipal createPrincipal(Principal userPrincipal, List<String> roles) {
return null;
}

@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
KeycloakAccount account = new KeycloakAccount() {
Expand Down
4 changes: 2 additions & 2 deletions .../as7-adapter/src/main/java/org/keycloak/adapters/jbossweb/KeycloakAuthenticatorValve.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 27,7 @@
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve;
import org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
import org.keycloak.adapters.tomcat.PrincipalFactory;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
Expand Down Expand Up @@ -65,7 65,7 @@ public void logout(Request request) {
}

@Override
protected GenericPrincipalFactory createPrincipalFactory() {
protected PrincipalFactory createPrincipalFactory() {
return new JBossWebPrincipalFactory();
}

Expand Down
2 changes: 1 addition & 1 deletion ...t-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 183,7 @@ public void invoke(Request request, Response response) throws IOException, Servl
}
}

protected abstract GenericPrincipalFactory createPrincipalFactory();
protected abstract PrincipalFactory createPrincipalFactory();
protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException;
protected abstract AbstractAuthenticatedActionsValve createAuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container);

Expand Down
4 changes: 2 additions & 2 deletions ...mcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaCookieTokenStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 43,11 @@ public class CatalinaCookieTokenStore implements AdapterTokenStore {
private Request request;
private HttpFacade facade;
private KeycloakDeployment deployment;
private GenericPrincipalFactory principalFactory;
private PrincipalFactory principalFactory;

private KeycloakPrincipal<RefreshableKeycloakSecurityContext> authenticatedPrincipal;

public CatalinaCookieTokenStore(Request request, HttpFacade facade, KeycloakDeployment deployment, GenericPrincipalFactory principalFactory) {
public CatalinaCookieTokenStore(Request request, HttpFacade facade, KeycloakDeployment deployment, PrincipalFactory principalFactory) {
this.request = request;
this.facade = facade;
this.deployment = deployment;
Expand Down
4 changes: 2 additions & 2 deletions .../tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaRequestAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 41,13 @@
public class CatalinaRequestAuthenticator extends RequestAuthenticator {
private static final Logger log = Logger.getLogger("" CatalinaRequestAuthenticator.class);
protected Request request;
protected GenericPrincipalFactory principalFactory;
protected PrincipalFactory principalFactory;

public CatalinaRequestAuthenticator(KeycloakDeployment deployment,
AdapterTokenStore tokenStore,
CatalinaHttpFacade facade,
Request request,
GenericPrincipalFactory principalFactory) {
PrincipalFactory principalFactory) {
super(facade, deployment, tokenStore, request.getConnector().getRedirectPort());
this.request = request;
this.principalFactory = principalFactory;
Expand Down
4 changes: 2 additions & 2 deletions ...cat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaSessionTokenStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 45,12 @@ public class CatalinaSessionTokenStore extends CatalinaAdapterSessionStore imple

private KeycloakDeployment deployment;
private CatalinaUserSessionManagement sessionManagement;
protected GenericPrincipalFactory principalFactory;
protected PrincipalFactory principalFactory;


public CatalinaSessionTokenStore(Request request, KeycloakDeployment deployment,
CatalinaUserSessionManagement sessionManagement,
GenericPrincipalFactory principalFactory,
PrincipalFactory principalFactory,
AbstractKeycloakAuthenticatorValve valve) {
super(request, valve);
this.deployment = deployment;
Expand Down
4 changes: 2 additions & 2 deletions ...ap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 26,7 @@
import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory;
import org.keycloak.adapters.saml.*;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
import org.keycloak.adapters.tomcat.PrincipalFactory;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
Expand Down Expand Up @@ -69,7 69,7 @@ public void logout(Request request) {
}

@Override
protected GenericPrincipalFactory createPrincipalFactory() {
protected PrincipalFactory createPrincipalFactory() {
return new JBossWebPrincipalFactory();
}

Expand Down
4 changes: 2 additions & 2 deletions .../tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 31,7 @@
import org.keycloak.adapters.spi.*;
import org.keycloak.adapters.tomcat.CatalinaHttpFacade;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
import org.keycloak.adapters.tomcat.PrincipalFactory;
import org.keycloak.saml.common.exceptions.ParsingException;

import javax.servlet.RequestDispatcher;
Expand Down Expand Up @@ -186,7 186,7 @@ public void invoke(Request request, Response response) throws IOException, Servl

}

protected abstract GenericPrincipalFactory createPrincipalFactory();
protected abstract PrincipalFactory createPrincipalFactory();
protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException;
private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9 .-]*:");

Expand Down
6 changes: 3 additions & 3 deletions ...tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 26,7 @@
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
import org.keycloak.adapters.tomcat.PrincipalFactory;
import org.keycloak.common.util.KeycloakUriBuilder;

import javax.servlet.http.HttpSession;
Expand All @@ -44,15 44,15 @@ public class CatalinaSamlSessionStore implements SamlSessionStore {
public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI";

private final CatalinaUserSessionManagement sessionManagement;
protected final GenericPrincipalFactory principalFactory;
protected final PrincipalFactory principalFactory;
private final SessionIdMapper idMapper;
private final SessionIdMapperUpdater idMapperUpdater;
protected final Request request;
protected final AbstractSamlAuthenticatorValve valve;
protected final HttpFacade facade;
protected final SamlDeployment deployment;

public CatalinaSamlSessionStore(CatalinaUserSessionManagement sessionManagement, GenericPrincipalFactory principalFactory,
public CatalinaSamlSessionStore(CatalinaUserSessionManagement sessionManagement, PrincipalFactory principalFactory,
SessionIdMapper idMapper, SessionIdMapperUpdater idMapperUpdater,
Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade,
SamlDeployment deployment) {
Expand Down
4 changes: 2 additions & 2 deletions ...tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/TomcatSamlSessionStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 26,14 @@
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
import org.keycloak.adapters.tomcat.PrincipalFactory;

/**
* @author <a href="mailto:[email protected]">Bill Burke</a>
* @version $Revision: 1 $
*/
public class TomcatSamlSessionStore extends CatalinaSamlSessionStore {
public TomcatSamlSessionStore(CatalinaUserSessionManagement sessionManagement, GenericPrincipalFactory principalFactory, SessionIdMapper idMapper, Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade, SamlDeployment deployment) {
public TomcatSamlSessionStore(CatalinaUserSessionManagement sessionManagement, PrincipalFactory principalFactory, SessionIdMapper idMapper, Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade, SamlDeployment deployment) {
super(sessionManagement, principalFactory, idMapper, SessionIdMapperUpdater.DIRECT, request, valve, facade, deployment);
}

Expand Down
5 changes: 2 additions & 3 deletions ...spi/jboss-adapter-core/src/main/java/org/keycloak/adapters/jboss/KeycloakLoginModule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 30,6 @@
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Set;

/**
Expand Down Expand Up @@ -83,10 82,10 @@ protected Group[] getRoleSets() throws LoginException {
*/

@Override
protected Group[] getRoleSets() throws LoginException {
protected SimpleGroup[] getRoleSets() throws LoginException {
//log.info("getRoleSets");
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
SimpleGroup[] roleSets = {roles};
for (String role : roleSet) {
//log.info(" adding role: " role);
roles.addMember(new SimplePrincipal(role));
Expand Down
5 changes: 3 additions & 2 deletions ...omcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 24,17 @@
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Collection;
import java.util.List;
import java.util.Set;

/**
* @author <a href="mailto:[email protected]">Davide Ungari</a>
* @version $Revision: 1 $
*/
public abstract class GenericPrincipalFactory {
public abstract class GenericPrincipalFactory implements PrincipalFactory {

@Override
public GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet) {
Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals();
Expand Down
11 changes: 11 additions & 0 deletions ...s/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/PrincipalFactory.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 1,11 @@
package org.keycloak.adapters.tomcat;

import org.apache.catalina.Realm;
import org.apache.catalina.realm.GenericPrincipal;

import java.security.Principal;
import java.util.Set;

public interface PrincipalFactory {
GenericPrincipal createPrincipal(Realm realm, final Principal identity, final Set<String> roleSet);
}

0 comments on commit f754b34

Please sign in to comment.