org.keycloak.adapters.tomcat.CatalinaSessionTokenStore クラス

org.keycloak.adapters.tomcat.CatalinaSessionTokenStore の継承関係図

org.keycloak.adapters.tomcat.CatalinaSessionTokenStore 連携図

クラス
class	SerializableKeycloakAccount

公開メンバ関数
	CatalinaSessionTokenStore (Request request, KeycloakDeployment deployment, CatalinaUserSessionManagement sessionManagement, GenericPrincipalFactory principalFactory, AbstractKeycloakAuthenticatorValve valve)
void	checkCurrentToken ()
boolean	isCached (RequestAuthenticator authenticator)
void	saveAccountInfo (OidcKeycloakAccount account)
void	logout ()
void	refreshCallback (RefreshableKeycloakSecurityContext securityContext)
void	saveRequest ()
boolean	restoreRequest ()

限定公開メンバ関数
void	cleanSession (Session catalinaSession)

限定公開変数類
GenericPrincipalFactory	principalFactory
Request	request
AbstractKeycloakAuthenticatorValve	valve

非公開変数類
KeycloakDeployment	deployment
CatalinaUserSessionManagement	sessionManagement

静的非公開変数類
static final Logger	log = Logger.getLogger("" + CatalinaSessionTokenStore.class)

詳解

著者

Marek Posolda

構築子と解体子

CatalinaSessionTokenStore()

org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.CatalinaSessionTokenStore ( Request  request, KeycloakDeployment  deployment, CatalinaUserSessionManagement  sessionManagement, GenericPrincipalFactory  principalFactory, AbstractKeycloakAuthenticatorValve  valve  )

inline

                                                                               {
        super(request, valve);
        this.deployment = deployment;
        this.sessionManagement = sessionManagement;
        this.principalFactory = principalFactory;
    }

関数詳解

checkCurrentToken()

void org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.checkCurrentToken ( )

inline

org.keycloak.adapters.AdapterTokenStoreを実装しています。

                                    {
        Session catalinaSession = request.getSessionInternal(false);
        if (catalinaSession == null) return;
        SerializableKeycloakAccount account = (SerializableKeycloakAccount) catalinaSession.getSession().getAttribute(SerializableKeycloakAccount.class.getName());
        if (account == null) {
            return;
        }

        RefreshableKeycloakSecurityContext session = account.getKeycloakSecurityContext();
        if (session == null) return;

        // just in case session got serialized
        if (session.getDeployment() == null) session.setCurrentRequestInfo(deployment, this);

        if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) {
            request.setAttribute(KeycloakSecurityContext.class.getName(), session);
            request.setUserPrincipal(account.getPrincipal());
            request.setAuthType("KEYCLOAK");
            return;
        }

        // FYI: A refresh requires same scope, so same roles will be set.  Otherwise, refresh will fail and token will
        // not be updated
        boolean success = session.refreshExpiredToken(false);
        if (success && session.isActive()) {
            request.setAttribute(KeycloakSecurityContext.class.getName(), session);
            request.setUserPrincipal(account.getPrincipal());
            request.setAuthType("KEYCLOAK");
            return;
        }

        // Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
        log.fine("Cleanup and expire session " + catalinaSession.getId() + " after failed refresh");
        request.setUserPrincipal(null);
        request.setAuthType(null);
        cleanSession(catalinaSession);
        catalinaSession.expire();
    }

cleanSession()

void org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.cleanSession ( Session  catalinaSession )

inlineprotected

                                                         {
        catalinaSession.getSession().removeAttribute(KeycloakSecurityContext.class.getName());
        catalinaSession.getSession().removeAttribute(SerializableKeycloakAccount.class.getName());
        catalinaSession.getSession().removeAttribute(OidcKeycloakAccount.class.getName());
        catalinaSession.setPrincipal(null);
        catalinaSession.setAuthType(null);
    }

isCached()

boolean org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.isCached ( RequestAuthenticator  authenticator )

inline

org.keycloak.adapters.AdapterTokenStoreを実装しています。

                                                                {
        Session session = request.getSessionInternal(false);
        if (session == null) return false;
        SerializableKeycloakAccount account = (SerializableKeycloakAccount) session.getSession().getAttribute(SerializableKeycloakAccount.class.getName());
        if (account == null) {
            return false;
        }

        log.fine("remote logged in already. Establish state from session");

        RefreshableKeycloakSecurityContext securityContext = account.getKeycloakSecurityContext();

        if (!deployment.getRealm().equals(securityContext.getRealm())) {
            log.fine("Account from cookie is from a different realm than for the request.");
            cleanSession(session);
            return false;
        }

        securityContext.setCurrentRequestInfo(deployment, this);
        request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
        GenericPrincipal principal = (GenericPrincipal) session.getPrincipal();
        // in clustered environment in JBossWeb, principal is not serialized or saved
        if (principal == null) {
            principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles());
            session.setPrincipal(principal);
            session.setAuthType("KEYCLOAK");

        }
        request.setUserPrincipal(principal);
        request.setAuthType("KEYCLOAK");

        restoreRequest();
        return true;
    }

logout()

void org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.logout ( )

inline

org.keycloak.adapters.AdapterTokenStoreを実装しています。

                         {
        Session session = request.getSessionInternal(false);
        if (session != null) {
            cleanSession(session);
        }
    }

refreshCallback()

void org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.refreshCallback ( RefreshableKeycloakSecurityContext  securityContext )

inline

org.keycloak.adapters.AdapterTokenStoreを実装しています。

                                                                                    {
        // no-op
    }

restoreRequest()

boolean org.keycloak.adapters.tomcat.CatalinaAdapterSessionStore.restoreRequest ( )

inlineinherited

                                    {
        return valve.keycloakRestoreRequest(request);
    }

saveAccountInfo()

void org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.saveAccountInfo ( OidcKeycloakAccount  account )

inline

org.keycloak.adapters.AdapterTokenStoreを実装しています。

                                                             {
        RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext();
        Set<String> roles = account.getRoles();
        GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles);

        SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext);
        Session session = request.getSessionInternal(true);
        session.setPrincipal(principal);
        session.setAuthType("KEYCLOAK");
        session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount);
        session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext());
        String username = securityContext.getToken().getSubject();
        log.fine("userSessionManagement.login: " + username);
        this.sessionManagement.login(session);
    }

saveRequest()

void org.keycloak.adapters.tomcat.CatalinaAdapterSessionStore.saveRequest ( )

inlineinherited

                              {
        try {
            valve.keycloakSaveRequest(request);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

メンバ詳解

deployment

KeycloakDeployment org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.deployment

private

log

final Logger org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.log = Logger.getLogger("" + CatalinaSessionTokenStore.class)

staticprivate

principalFactory

GenericPrincipalFactory org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.principalFactory

protected

request

Request org.keycloak.adapters.tomcat.CatalinaAdapterSessionStore.request

protectedinherited

sessionManagement

CatalinaUserSessionManagement org.keycloak.adapters.tomcat.CatalinaSessionTokenStore.sessionManagement

private

valve

AbstractKeycloakAuthenticatorValve org.keycloak.adapters.tomcat.CatalinaAdapterSessionStore.valve

protectedinherited

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/CatalinaSessionTokenStore.java